function test_get()
{
$this->assertTrue(Auth_OpenID_AX::isError($this->msg->get($this->type_a)));
}
/**
* Construct a FetchResponse object from an OpenID library
* SuccessResponse object.
*
* @param success_response: A successful id_res response object
*
* @param signed: Whether non-signed args should be processsed. If
* True (the default), only signed arguments will be processsed.
*
* @return $response A FetchResponse containing the data from the
* OpenID message
*/
function fromSuccessResponse($success_response, $signed = true)
{
$obj = new Auth_OpenID_AX_FetchResponse();
if ($signed) {
$ax_args = $success_response->getSignedNS($obj->ns_uri);
} else {
$ax_args = $success_response->message->getArgs($obj->ns_uri);
}
if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || sizeof($ax_args) == 0) {
return null;
}
$result = $obj->parseExtensionArgs($ax_args);
if (Auth_OpenID_AX::isError($result)) {
#XXX log me
return null;
}
return $obj;
}
/**
* Process a request.
*
* This function never returns.
*
* @param Auth_OpenID_Request $request The request we are processing.
*/
public function processRequest(array $state)
{
assert('isset($state["request"])');
$request = $state['request'];
$sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
$ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request);
/* In resume.php there should be a way to display data requested through sreg or ax. */
if (!$this->authSource->isAuthenticated()) {
if ($request->immediate) {
/* Not logged in, and we cannot show a login form. */
$this->sendResponse($request->answer(FALSE));
}
$resumeURL = $this->getStateURL('resume.php', $state);
$this->authSource->requireAuth(array('ReturnTo' => $resumeURL));
}
$identity = $this->getIdentity();
assert('$identity !== FALSE');
/* Should always be logged in here. */
if (!$request->idSelect() && $identity !== $request->identity) {
/* The identity in the request doesn't match the one of the logged in user. */
throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.');
}
if ($this->isTrusted($identity, $request->trust_root)) {
$trusted = TRUE;
} elseif (isset($state['TrustResponse'])) {
$trusted = (bool) $state['TrustResponse'];
} else {
if ($request->immediate) {
/* Not trusted, and we cannot show a trust-form. */
$this->sendResponse($request->answer(FALSE));
}
$trustURL = $this->getStateURL('trust.php', $state);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($trustURL);
}
if (!$trusted) {
/* The user doesn't trust this site. */
$this->sendResponse($request->answer(FALSE));
}
$response = $request->answer(TRUE, NULL, $identity);
//Process attributes
$attributes = $this->authSource->getAttributes();
foreach ($attributes as $key => $attr) {
if (is_array($attr) && count($attr) === 1) {
$attributes[$key] = $attr[0];
}
}
$pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp');
$state = array('Attributes' => $attributes, 'isPassive' => TRUE);
$pc->processStatePassive($state);
$attributes = $state['Attributes'];
//Process SREG requests
$sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes);
$sreg_resp->toMessage($response->fields);
//Process AX requests
if (!Auth_OpenID_AX::isError($ax_req)) {
$ax_resp = new Auth_OpenID_AX_FetchResponse();
foreach ($ax_req->iterTypes() as $type_uri) {
if (isset($attributes[$type_uri])) {
$ax_resp->addValue($type_uri, $attributes[$type_uri]);
}
}
$ax_resp->toMessage($response->fields);
}
/* The user is authenticated, and trusts this site. */
$this->sendResponse($response);
}
/**
* @return $result Auth_OpenID_AX_Error on failure or true on
* success.
*/
function parseExtensionArgs($ax_args)
{
$result = parent::parseExtensionArgs($ax_args);
if (Auth_OpenID_AX::isError($result)) {
return $result;
}
$this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
return true;
}
function send_geni_user($server, $info)
{
$geni_user = geni_loadUser();
$req_url = idURL($geni_user->username);
$response =& $info->answer(true, null, $req_url);
// Answer with some sample Simple Registration data.
global $portal_cert_file;
global $portal_private_key_file;
$sreg_data = array();
if ($geni_user) {
$sreg_data['nickname'] = $geni_user->username;
$sreg_data['email'] = $geni_user->email();
}
if (empty($sreg_data)) {
error_log("OpenID: Unable to access user information.");
}
// Add the simple registration response values to the OpenID
// response message.
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
$sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
$sreg_response->toMessage($response->fields);
/*
* Attribute Exchange (AX) is an OpenID extension to pass additional
* attributes. This code was derived by looking at some client
* examples and the AX code. No server-side examples of PHP OpenID
* AX were found.
*
* AX seems to be fragile. Small changes to the code below can
* result in authentication failures.
*
* The user URN has '+' characters but these consistently caused
* authentication failures in testing. Replacing the '+' with '|'
* worked, so that is a necessary transformation below.
*/
$ax_request = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
if ($ax_request and !Auth_OpenID_AX::isError($ax_request)) {
/* error_log("received AX request: " . print_r($ax_request, true)); */
$ax_response = new Auth_OpenID_AX_FetchResponse();
add_project_slice_info($geni_user, $projects, $slices);
foreach ($ax_request->iterTypes() as $ax_req_type) {
switch ($ax_req_type) {
case 'http://geni.net/projects':
$ax_response->setValues($ax_req_type, $projects);
break;
case 'http://geni.net/slices':
$ax_response->setValues($ax_req_type, $slices);
break;
case 'http://geni.net/user/urn':
$urn = $geni_user->urn();
$urn = str_replace('+', '|', $urn);
$ax_response->addValue('http://geni.net/user/urn', $urn);
break;
case 'http://geni.net/user/prettyname':
$ax_response->addValue($ax_req_type, $geni_user->prettyName());
break;
case 'http://geni.net/wimax/username':
case 'http://geni.net/wimax/wimax_username':
$wimax_name = null;
if (isset($geni_user->ma_member->wimax_username)) {
$wimax_name = $geni_user->ma_member->wimax_username;
}
/* Only send wimax name if it exists. */
if ($wimax_name) {
$ax_response->addValue($ax_req_type, $wimax_name);
}
break;
case 'http://geni.net/irods/username':
/* Get the iRODS username. Do we need to respect the
* 'irods_enabled' flag?
*/
$irods_username = null;
if (isset($geni_user->ma_member->irods_username)) {
$irods_username = $geni_user->ma_member->irods_username;
}
/* Only send it if it exists. */
if ($irods_username) {
error_log("Returning iRODS username {$irods_username} for user " . $geni_user->urn());
$ax_response->addValue($ax_req_type, $irods_username);
} else {
error_log("No iRODS username in OpenID for user " . $geni_user->urn());
}
break;
case 'http://geni.net/irods/zone':
/* Get the IRods zone for this user. */
$irods_zone = irods_default_zone();
/* Only send it if it exists. */
if ($irods_zone) {
error_log("Returning iRODS zone {$irods_zone} for user " . $geni_user->urn());
$ax_response->addValue($ax_req_type, $irods_zone);
} else {
error_log("No iRODS zone in OpenID for user " . $geni_user->urn());
}
break;
}
}
$ax_response->toMessage($response->fields);
}
// Generate a response to send to the user agent.
$webresponse =& $server->encodeResponse($response);
$new_headers = array();
foreach ($webresponse->headers as $k => $v) {
$new_headers[] = $k . ": " . $v;
}
return array($new_headers, $webresponse->body);
}
