protected function getOpenidProvider($identity)
{
$pos = strpos($identity, '@');
$provider = substr($identity, $pos + 1);
// we check whether the email provider is an known openid porivder
// make webfinger request
// @todo we should probably add here an request cache for
// the lrdd template
$webfinger = new \PSX\Webfinger($this->http);
$url = new Url('http://' . $provider);
$template = $webfinger->getLrddTemplate($url);
// get acct xrd
$acct = 'acct:' . $identity;
$xrd = $webfinger->getLrdd($acct, $template);
// check subject
if (strcmp($xrd->getSubject(), $acct) !== 0) {
throw new Exception('Invalid subject');
}
// find openid profile url
$profileUrl = $xrd->getLinkHref('http://specs.openid.net/auth/2.0/provider');
if (!empty($profileUrl)) {
// initalize openid
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
$openid->initialize($profileUrl, $callback);
return $openid;
}
return false;
}
/**
* If $identity is an url we assume that this is an openid url and try to
* discover the provider. If $identity is an email address we look first at
* the provider and check whether it is also an OpenID provider in any other
* case we return false
*
* @param string $identity
* @return false|PSX_OpenId_ProviderInterface
*/
protected function getOpenidProvider($identity)
{
// add http prefix if its not an email
if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') {
$identity = 'http://' . $identity;
}
// build callback
$callback = $this->pageUrl . '/callback/openid';
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
$openid->initialize($identity, $callback);
return $openid;
}
public function callback()
{
// initialize openid
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
if ($openid->verify() === true) {
$identity = $openid->getIdentifier();
if (!empty($identity)) {
// check whether user is already registered
$data = $openid->getData();
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $openid->getIdentifier())));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
if (empty($userId)) {
// user doesnt exist so register a new user check whether
// registration is enabled
if (!$this->registry['login.registration_enabled']) {
throw new Exception('Registration is disabled');
}
$hostId = $this->session->get('openid_register_user_host_id');
$globalId = $this->session->get('openid_register_user_global_id');
if (empty($hostId)) {
throw new Exception('No host id provided');
}
if (empty($globalId)) {
throw new Exception('No global id provided');
}
// get data for account
$acc = $this->getAccountData($data);
if (empty($acc)) {
throw new Exception('No user informations provided');
}
if (empty($acc['name'])) {
throw new Exception('No username provided');
}
$name = $this->normalizeName($acc['name']);
// create user account
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->setGlobalId($globalId);
$account->setGroupId($this->registry['core.default_user_group']);
$account->setHostId($hostId);
$account->setStatus(Account\Record::REMOTE);
$account->setIdentity($identity);
$account->setName($name);
$account->setPw($security->generatePw());
$account->setGender($acc['gender']);
$account->setTimezone($acc['timezone']);
$account = $handler->create($account);
$userId = $account->id;
// if the id is not set the account was probably added to
// the approval table
if (!empty($userId)) {
$this->setUserId($userId);
} else {
throw new Exception('Could not create account');
}
} else {
$this->setUserId($userId);
}
// redirect
header('Location: ' . $this->config['psx_url']);
exit;
} else {
throw new Exception('Invalid identity');
}
} else {
throw new Exception('Authentication failed');
}
}
