protected function setMode($mode)
{
if (!OpenIdProtocol::isValidMode($mode)) {
throw new InvalidOpenIdMessageMode(sprintf(OpenIdErrorMessages::InvalidOpenIdMessageModeMessage, $mode));
}
$this->container[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode)] = $mode;
}
public function __construct($error, $contact = null, $reference = null, OpenIdRequest $request = null)
{
parent::__construct();
$this->setHttpCode(self::HttpErrorResponse);
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Error)] = $error;
//opt values
if (!is_null($contact)) {
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Contact)] = $contact;
}
if (!is_null($reference)) {
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Reference)] = $reference;
}
if (!is_null($request)) {
$return_to = $request->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo);
if (!is_null($return_to) && !empty($return_to) && OpenIdUriHelper::checkReturnTo($return_to)) {
$this->setReturnTo($return_to);
}
}
}
/**
* @return bool
* @throws \openid\exceptions\InvalidSessionTypeException
* @throws \openid\exceptions\InvalidAssociationTypeException
*/
public function isValid()
{
$mode = $this->getMode();
if ($mode != OpenIdProtocol::AssociateMode) {
return false;
}
$assoc_type = $this->getAssocType();
if (is_null($assoc_type) || empty($assoc_type)) {
return false;
}
$session_type = $this->getSessionType();
if (is_null($session_type) || empty($session_type)) {
return false;
}
if (!OpenIdProtocol::isSessionTypeSupported($session_type)) {
throw new InvalidSessionTypeException(sprintf(OpenIdErrorMessages::UnsupportedSessionTypeMessage, $session_type));
}
if (!OpenIdProtocol::isAssocTypeSupported($assoc_type)) {
throw new InvalidAssociationTypeException(sprintf(OpenIdErrorMessages::UnsupportedAssociationTypeMessage, $assoc_type));
}
return true;
}
public function testCheckSetupOAuth2ExtensionSubView()
{
//set login info
$user = User::where('identifier', '=', 'sebastian.marcet')->first();
Auth::login($user);
$scope = array(sprintf('%s/resource-server/read', $this->current_realm), sprintf('%s/resource-server/read.page', $this->current_realm), sprintf('%s/resource-server/write', $this->current_realm), sprintf('%s/resource-server/delete', $this->current_realm), sprintf('%s/resource-server/update', $this->current_realm), sprintf('%s/resource-server/update.status', $this->current_realm), sprintf('%s/resource-server/regenerate.secret', $this->current_realm));
$params = array(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType, OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode) => OpenIdProtocol::SetupMode, OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm) => "https://www.test.com/", OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo) => "https://www.test.com/oauth2", OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity) => "http://specs.openid.net/auth/2.0/identifier_select", OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId) => "http://specs.openid.net/auth/2.0/identifier_select", OpenIdOAuth2Extension::paramNamespace() => OpenIdOAuth2Extension::NamespaceUrl, OpenIdOAuth2Extension::param(OpenIdOAuth2Extension::ClientId) => $this->oauth2_client_id, OpenIdOAuth2Extension::param(OpenIdOAuth2Extension::Scope) => implode(' ', $scope), OpenIdOAuth2Extension::param(OpenIdOAuth2Extension::State) => uniqid());
$response = $this->action("POST", "OpenIdProviderController@endpoint", $params);
$this->assertResponseStatus(302);
$content = $response->getContent();
}
/**
* Create Positive Identity Assertion
* implements http://openid.net/specs/openid-authentication-2_0.html#positive_assertions
* @return OpenIdPositiveAssertionResponse
* @throws InvalidAssociationTypeException
*/
private function doAssertion()
{
$currentUser = $this->auth_service->getCurrentUser();
$context = new ResponseContext();
//initial signature params
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Nonce));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_AssocHandle));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId));
$context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity));
$op_endpoint = $this->server_configuration_service->getOPEndpointURL();
$identity = $this->server_configuration_service->getUserIdentityEndpointURL($currentUser->getIdentifier());
$nonce = $this->nonce_service->generateNonce();
$realm = $this->current_request->getRealm();
$response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $this->current_request->getReturnTo(), $nonce->getRawFormat(), $realm);
foreach ($this->extensions as $ext) {
$ext->prepareResponse($this->current_request, $response, $context);
}
//check former assoc handle...
if (is_null($assoc_handle = $this->current_request->getAssocHandle()) || is_null($association = $this->association_service->getAssociation($assoc_handle))) {
//create private association ...
$association = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildPrivateAssociation($realm, $this->server_configuration_service->getConfigValue("Private.Association.Lifetime")));
$response->setAssocHandle($association->getHandle());
if (!empty($assoc_handle)) {
$response->setInvalidateHandle($assoc_handle);
}
} else {
if ($association->getType() != IAssociation::TypeSession) {
throw new InvalidAssociationTypeException(OpenIdErrorMessages::InvalidAssociationTypeMessage);
}
$response->setAssocHandle($assoc_handle);
}
//create signature ...
OpenIdSignatureBuilder::build($context, $association->getMacFunction(), $association->getSecret(), $response);
/*
* To prevent replay attacks, the OP MUST NOT issue more than one verification response for each
* authentication response it had previously issued. An authentication response and its matching
* verification request may be identified by their "openid.response_nonce" values.
* so associate $nonce with signature and realm
*/
$this->nonce_service->associateNonce($nonce, $response->getSig(), $realm);
//do cleaning ...
$this->memento_service->clearCurrentRequest();
$this->auth_service->clearUserAuthorizationResponse();
return $response;
}
public function setInvalidateHandle($invalidate_handle)
{
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_InvalidateHandle)] = $invalidate_handle;
}
public function getReturnTo()
{
return $this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo)];
}
