function test_urldefrag() { $cases = array(array('http://foo.com', 'http://foo.com'), array('http://foo.com/', 'http://foo.com/'), array('http://foo.com/path', 'http://foo.com/path'), array('http://foo.com/path?query', 'http://foo.com/path?query'), array('http://foo.com/path?query=v', 'http://foo.com/path?query=v'), array('http://foo.com/?query=v', 'http://foo.com/?query=v')); foreach ($cases as $pair) { list($orig, $after) = $pair; list($base, $frag) = Auth_OpenID::urldefrag($orig); $this->assertEquals($after, $base); $this->assertEquals($frag, ''); list($base, $frag) = Auth_OpenID::urldefrag($orig . "#fragment"); $this->assertEquals($after, $base); $this->assertEquals('fragment', $frag); } }
/** * @access private */ function _verifyDiscoverySingle($endpoint, $to_match) { // Every type URI that's in the to_match endpoint has to be // present in the discovered endpoint. foreach ($to_match->type_uris as $type_uri) { if (!$endpoint->usesExtension($type_uri)) { return new Auth_OpenID_TypeURIMismatch($endpoint, "Required type " . $type_uri . " not present"); } } // Fragments do not influence discovery, so we can't compare a // claimed identifier with a fragment to discovered // information. list($defragged_claimed_id, $_) = Auth_OpenID::urldefrag($to_match->claimed_id); if ($defragged_claimed_id != $endpoint->claimed_id) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('Claimed ID does not match (different subjects!), ' . 'Expected %s, got %s', $defragged_claimed_id, $endpoint->claimed_id)); } if ($to_match->getLocalID() != $endpoint->getLocalID()) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('local_id mismatch. Expected %s, got %s', $to_match->getLocalID(), $endpoint->getLocalID())); } // If the server URL is None, this must be an OpenID 1 // response, because op_endpoint is a required parameter in // OpenID 2. In that case, we don't actually care what the // discovered server_url is, because signature checking or // check_auth should take care of that check for us. if ($to_match->server_url === null) { if ($to_match->preferredNamespace() != Auth_OpenID_OPENID1_NS) { return new Auth_OpenID_FailureResponse($endpoint, "Preferred namespace mismatch (bug)"); } } else { if ($to_match->server_url != $endpoint->server_url) { return new Auth_OpenID_FailureResponse($endpoint, sprintf('OP Endpoint mismatch. Expected %s, got %s', $to_match->server_url, $endpoint->server_url)); } } return null; }
/** * Given a URL, this "normalizes" it by adding a trailing slash * and / or a leading http:// scheme where necessary. Returns * null if the original URL is malformed and cannot be normalized. * * @access private * @param string $url The URL to be normalized. * @return mixed $new_url The URL after normalization, or null if * $url was malformed. */ static function normalizeUrl($url) { @($parsed = parse_url($url)); if (!$parsed) { return null; } if (isset($parsed['scheme']) && isset($parsed['host'])) { $scheme = strtolower($parsed['scheme']); if (!in_array($scheme, array('http', 'https'))) { return null; } } else { $url = 'http://' . $url; } $normalized = Auth_OpenID_urinorm($url); if ($normalized === null) { return null; } list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); return $defragged; }