public function validateIdentifier($validator, $values, $arguments = array())
 {
     $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']);
     if (!$authRequest) {
         throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.');
     }
     $sregExchange = new opOpenIDProfileExchange('sreg');
     $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles()));
     // for OpenID1
     if ($authRequest->shouldSendRedirect()) {
         $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']);
         if (Auth_OpenID::isFailure($values['redirect_url'])) {
             throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message);
         }
     } else {
         $axExchange = new opOpenIDProfileExchange('ax');
         $axRequest = new Auth_OpenID_AX_FetchRequest();
         foreach ($axExchange->getImportSupportedProfiles() as $key => $value) {
             $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key));
         }
         $authRequest->addExtension($axRequest);
         $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']);
         if (Auth_OpenID::isFailure($values['redirect_html'])) {
             throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message);
         }
     }
     return $values;
 }
Esempio n. 2
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("Authentication error; not a valid OpenID.");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    // Create attribute request object
    // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
    // Usage: make($type_uri, $count=1, $required=false, $alias=null)
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
    // Create AX fetch request
    $ax = new Auth_OpenID_AX_FetchRequest();
    // Add attributes to AX fetch request
    foreach ($attribute as $attr) {
        $ax->add($attr);
    }
    $auth_request->addExtension($ax);
    $policy_uris = $_GET['policies'];
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Esempio n. 3
0
 public function getAXRequest($axAttributes)
 {
     $axRequest = new Auth_OpenID_AX_FetchRequest();
     foreach ($axAttributes as $attr) {
         //$axInfo = new Auth_OpenID_AX_AttrInfo($attr);
         $attrInfo = Auth_OpenID_AX_AttrInfo::make($attr['type_uri'], $attr['count'], $attr['required'], $attr['alias']);
         $axRequest->add($attrInfo);
     }
     return $axRequest;
 }
Esempio n. 4
0
function attach_ax()
{
    //build attribute request list
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'picture');
    //create attribute exchange request
    $ax = new Auth_OpenID_AX_FetchRequest();
    //add attributes to ax request
    foreach ($attribute as $attr) {
        $ax->add($attr);
    }
    //return ax request
    return $ax;
}
Esempio n. 5
0
function openid_try($url)
{
    $store = new Auth_OpenID_MySQLStore(theDb());
    $store->createTables();
    $consumer = new Auth_OpenID_Consumer($store);
    $auth_request = $consumer->begin($url);
    if (!$auth_request) {
        $_SESSION["auth_error"] = "Error: not a valid OpenID.";
        header("Location: ./");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    // Attribute Exchange (Google ignores Simple Registration)
    // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
    $ax = new Auth_OpenID_AX_FetchRequest();
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
    $auth_request->addExtension($ax);
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            die("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Esempio n. 6
0
 /**
  * Begin the OpenID login by redirecting user to the OP to authenticate.
  * 
  * @param string $openid 
  */
 public function openid_begin_login($openid)
 {
     $this->lang->load('openid');
     $this->load->library('openid');
     $request_to = site_url('user/check_openid_login');
     $req = array('nickname');
     $opt = array('fullname', 'email', 'dob', 'country');
     $policy = site_url('user/openid_policy');
     $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE);
     $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE);
     $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE);
     $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country', 1, TRUE);
     $this->openid->set_request_to($request_to);
     $this->openid->set_trust_root(base_url());
     $this->openid->set_sreg(TRUE, $req, $opt, $policy);
     $this->openid->set_ax(TRUE, $ax_attributes);
     // Redirection to OP site will follow.
     $this->openid->authenticate($openid);
 }
Esempio n. 7
0
 /**
  * Returns null and sets a flash message on all errors.
  **/
 static function beginAuth($openid, $policyUris)
 {
     $consumer = self::getConsumer();
     $auth_request = $consumer->begin($openid);
     if (!$auth_request) {
         FlashMessage::add('Ați introdus un OpenID incorect.');
         return null;
     }
     $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     $ax = new Auth_OpenID_AX_FetchRequest();
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
     $auth_request->addExtension($ax);
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript form to send a POST request to the server.
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo());
         if (Auth_OpenID::isFailure($redirect_url)) {
             FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message);
             return null;
         } else {
             header("Location: {$redirect_url}");
             exit;
         }
     } else {
         $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message'));
         if (Auth_OpenID::isFailure($form_html)) {
             FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message);
             return null;
         } else {
             print $form_html;
         }
     }
 }
 public function googleAction()
 {
     $consumer = $this->getGoogleConsumer();
     $url = 'https://www.google.com/accounts/o8/id';
     $auth_request = $consumer->begin($url);
     if (!$auth_request) {
         return $this->alert('Authentication error, not a valid OpenID', '/');
     }
     $ax = new Auth_OpenID_AX_FetchRequest();
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
     $auth_request->addExtension($ax);
     $pape_request = new Auth_OpenID_PAPE_Request(null);
     $auth_request->addExtension($pape_request);
     $form_id = 'openid_message';
     $form_html = $auth_request->htmlMarkup('http://' . $_SERVER['HTTP_HOST'], 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone', false, array('id' => $form_id));
     // Display an error if the form markup couldn't be generated;
     // otherwise, render the HTML.
     if (Auth_OpenID::isFailure($form_html)) {
         $this->alert("Could not redirect to server: " . $form_html->message, '/');
     } else {
         print $form_html;
         return $this->noview();
     }
 }
Esempio n. 9
0
 /**
  * Try to authenticate a user using AX.
  *
  * @access  public
  * @param   string   the openid url
  * @param   string   the path to return to after authenticating
  * @param   array    a list of PAPE policies to request from the server
  * @param   array    a list of required return values
  * @param   array    a list of optional return values
  * @return  void
  */
 public function try_auth_ax($openid, $return_to, $policy_uris = array(), $required = array('nickname', 'email'), $optional = array('fname', 'lname'))
 {
     if ($return_to[0] == '/') {
         $return_to = substr($return_to, 1);
     }
     $return_to = $this->_get_trust_root() . $return_to;
     if (empty($openid)) {
         return $this->_throw_error(OPENID_RETURN_NO_URL);
     }
     // Create OpenID consumer
     $consumer = $this->_get_consumer();
     // Create an authentication request to the OpenID provider
     $auth = $consumer->begin($openid);
     // Create UI if needed
     if ($this->use_popup) {
         $ui = $this->_get_ui($return_to);
         $auth->addExtension($ui);
     }
     // Create AX fetch request
     $ax = new Auth_OpenID_AX_FetchRequest();
     // Create attribute request object
     // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
     foreach (array(1 => $required, 0 => $optional) as $key => $data) {
         foreach ($data as $item) {
             if (array_key_exists($item, $this->ax_properties)) {
                 $ax->add(Auth_OpenID_AX_AttrInfo::make($this->ax_properties[$item], 1, $key, $item));
             } else {
                 return $this->_throw_error('AX property "' . $item . '" is not registered in the library');
             }
         }
     }
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.
     if (!$this->ci->session->userdata('EasyOpenID_provider')) {
         $this->ci->session->set_userdata('EasyOpenID_provider', $openid);
     }
     // Add AX fetch request to authentication request
     $auth->addExtension($ax);
     // Redirect to OpenID provider for authentication
     $url = $auth->redirectURL($this->_get_trust_root(), $return_to);
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
     // form to send a POST request to the server.
     if ($auth->shouldSendRedirect()) {
         $redirect_url = $auth->redirectURL($this->_get_trust_root(), $return_to);
         // If the redirect URL can't be built, die.
         if (Auth_OpenID::isFailure($redirect_url)) {
             return $this->_throw_error(OPENID_RETURN_NO_CONNECT);
         } else {
             // Send redirect.
             header("Location: " . $redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_id = 'openid_message';
         $form_html = $auth->htmlMarkup($this->_get_trust_root(), $return_to, FALSE, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             return $this->_throw_error(OPENID_RETURN_NO_CONNECT);
         } else {
             die($form_html);
         }
     }
 }
    } else {
        $error = "Please enter a valid email address or OpenID.";
        if (isset($_GET['json'])) {
            json_out('{"error":"' . addslashes($error) . '"}');
        }
        include 'index.php';
        exit;
    }
}
$sreg = Auth_OpenID_SRegRequest::build('', array('nickname', 'fullname', 'email'), '');
$auth_request->addExtension($sreg);
if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
    $ax_request = new Auth_OpenID_AX_FetchRequest();
    $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
    $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
    $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
    $auth_request->addExtension($ax_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
    $redirect_url = $auth_request->redirectURL($trust_root, $process_url);
    // If the redirect URL can't be built, display an error
    // message.
    if (Auth_OpenID::isFailure($redirect_url)) {
        $error = "Could not redirect to server: " . $redirect_url->message;
        if (isset($_GET['json'])) {
            json_out('{"error":"' . addslashes($error) . '"}');
Esempio n. 11
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("Authentication error; not a valid OpenID.");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/projects', 'unlimited', 1, 'projects');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/slices', 'unlimited', 1, 'slices');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/urn', 1, 1, 'urn');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/prettyname', 1, 1, 'prettyname');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/wimax/username', 1, 1, 'wimax');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/username', 1, 1, 'irodsuser');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/zone', 1, 1, 'irodszone');
    // Create AX fetch request
    $ax = new Auth_OpenID_AX_FetchRequest();
    // Add attributes to AX fetch request
    foreach ($attribute as $attr) {
        $ax->add($attr);
    }
    // Add AX fetch request to authentication request
    $auth_request->addExtension($ax);
    $policy_uris = null;
    if (isset($_GET['policies'])) {
        $policy_uris = $_GET['policies'];
    }
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Esempio n. 12
0
 /**
  * Initiate an OpenID request
  *
  * @param boolean $allow_sreg Default true
  * @param string $process_url Default empty (will use $CFG->wwwroot)
  * @param array $params Array of extra parameters to append to the request
  */
 function do_request($allow_sreg = true, $process_url = '', $params = array())
 {
     global $CFG, $USER;
     // Create the consumer instance
     $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
     $consumer = new Auth_OpenID_Consumer($store);
     $openid_url = optional_param('openid_url', null);
     if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
         // BJB101206: map Google email addresses to OpenID url
         $tmpemail = $openid_url;
         $openid_url = GOOGLE_OPENID_URL;
         logout_guestuser();
         if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
             $allow_sreg = true;
             // would like to verify email later
             $process_url = $CFG->wwwroot . '/auth/openid/actions.php';
             $USER = $tmpuser;
             $params['openid_tmp_login'] = true;
             // require flag in action.php
             $params['openid_action'] = 'change';
             $params['openid_url'] = $openid_url;
             $params['openid_mode'] = 'switch2openid';
             // arbitrary != null
             //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
         }
     }
     if (!empty($this->config->auth_openid_google_apps_domain)) {
         $openid_url = $this->config->auth_openid_google_apps_domain;
         new GApps_OpenID_Discovery($consumer);
     }
     $authreq = $consumer->begin($openid_url);
     if (!$authreq && $this->is_sso()) {
         $endpoint = new Auth_OpenID_ServiceEndpoint();
         $endpoint->server_url = $openid_url;
         $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
         $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
         $authreq = $consumer->beginWithoutDiscovery($endpoint);
     }
     if (!$authreq) {
         print_error('auth_openid_login_error', 'auth_openid');
     } else {
         // Add any simple registration fields to the request
         if ($allow_sreg === true) {
             $sreg_added = false;
             $req = array();
             $opt = array();
             $privacy_url = null;
             // Required fields
             if (!empty($this->config->openid_sreg_required)) {
                 $req = array_map('trim', explode(',', $this->config->openid_sreg_required));
                 $sreg_added = true;
             }
             // Optional fields
             if (!empty($this->config->openid_sreg_optional)) {
                 $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
                 $sreg_added = true;
             }
             // Privacy statement
             if ($sreg_added && !empty($this->config->openid_privacy_url)) {
                 $privacy_url = $this->config->openid_privacy_url;
             }
             // We call the on_openid_do_request event handler function if it
             // exists. This is called before the simple registration (sreg)
             // extension is added to allow changes to be made to the sreg
             // data fields if required
             if (function_exists('on_openid_do_request')) {
                 on_openid_do_request($authreq);
             }
             // Finally, the simple registration data is added
             if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
                 $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
                 if ($sreg_request) {
                     $authreq->addExtension($sreg_request);
                 }
             }
             if (defined('ADD_AX_SUPPORT')) {
                 $AXattr = array();
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
                 // Create AX fetch request
                 $ax = new Auth_OpenID_AX_FetchRequest();
                 // Add attributes to AX fetch request
                 foreach ($AXattr as $attr) {
                     $ax->add($attr);
                 }
                 // Add AX fetch request to authentication request
                 $authreq->addExtension($ax);
             }
         }
         // Prepare the remaining components for the request
         if (empty($process_url)) {
             $process_url = $CFG->wwwroot . '/login/index.php';
         }
         if (is_array($params) && !empty($params)) {
             $query = '';
             foreach ($params as $key => $val) {
                 $query .= '&' . $key . '=' . $val;
             }
             $process_url .= '?' . substr($query, 1);
         }
         $trust_root = $CFG->wwwroot . '/';
         $_SESSION['openid_process_url'] = $process_url;
         // Finally, redirect to the OpenID provider
         // Check if the server is allowed ...
         if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
             print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
         } elseif ($authreq->shouldSendRedirect()) {
             $redirect_url = $authreq->redirectURL($trust_root, $process_url);
             // If the redirect URL can't be built, display an error message.
             if (Auth_OpenID::isFailure($redirect_url)) {
                 error($redirect_url->message);
             } else {
                 redirect($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $message = $authreq->getMessage($trust_root, $process_url, false);
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($message)) {
                 error($message);
             } else {
                 $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
                 echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
                 exit;
             }
         }
     }
 }
 /**
  * Show the "login" page
  *
  * @return string Returns the "login" page as HTML code.
  */
 public function login()
 {
     try {
         if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) {
             return parent::login();
         }
         $member = Member::currentUser();
         if ($member) {
             // user is already logged in
             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
         }
         if (!Director::is_https()) {
             OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']);
         }
         // Begin the OpenID authentication process.
         $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL);
         //remove jainrain nonce
         unset($auth_request->return_to_args['janrain_nonce']);
         // No auth request means we can't begin OpenID.
         if (!$auth_request) {
             throw new Exception("The OpenID authentication failed.");
         }
         if (Auth_OpenID_supportsSReg($auth_request->endpoint)) {
             //SREG
             $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language'));
             if ($sreg_request) {
                 $auth_request->addExtension($sreg_request);
             }
         } else {
             //AX
             // Create attribute request object
             // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
             // Usage: make($type_uri, $count=1, $required=false, $alias=null)
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
             // Create AX fetch request
             $ax = new Auth_OpenID_AX_FetchRequest();
             // Add attributes to AX fetch request
             foreach ($attribute as $attr) {
                 $ax->add($attr);
             }
             // Add AX fetch request to authentication request
             $auth_request->addExtension($ax);
         }
         //Redirect the user to the OpenID server for authentication .
         // Store the token for this authentication so we can verify the
         // response.
         // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
         // form to send a POST request to the server.
         if ($auth_request->shouldSendRedirect()) {
             $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo());
             // If the redirect URL can't be built, display an error
             // message.
             if (Auth_OpenID::isFailure($redirect_url)) {
                 echo "Could not redirect to server: " . $redirect_url->message;
             } else {
                 // Send redirect.
                 header("Location: " . $redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id));
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($form_html)) {
                 echo "Could not redirect to server: " . $form_html->message;
             } else {
                 print $form_html;
             }
         }
         exit;
     } catch (Exception $ex) {
         SS_Log::log($ex, SS_Log::WARN);
         Session::set("Security.Message.message", $ex->getMessage());
         Session::set("Security.Message.type", "bad");
         return $this->redirect("Security/badlogin");
     }
 }
Esempio n. 14
0
<?php

require_once "config.php";
require_once "authCommon.php";
$openID_request = $openID->begin($providerURL);
if (!$openID_request) {
    die("Failed to create OpenID request.");
}
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
$openID_request->addExtension($ax);
$redirectTo = $openID_request->redirectURL($baseURL, $baseURL . $basePath);
header("Location: " . $redirectTo);
Esempio n. 15
0
    /**
     * Send an authentication request to the OpenID provider.
     *
     * @param array &$state  The state array.
     * @param string $openid  The OpenID we should try to authenticate with.
     */
    public function doAuth(array &$state, $openid)
    {
        assert('is_string($openid)');
        $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:auth');
        $consumer = $this->getConsumer($state);
        // Begin the OpenID authentication process.
        $auth_request = $consumer->begin($openid);
        // No auth request means we can't begin OpenID.
        if (!$auth_request) {
            throw new SimpleSAML_Error_BadRequest('Not a valid OpenID: ' . var_export($openid, TRUE));
        }
        $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes);
        if ($sreg_request) {
            $auth_request->addExtension($sreg_request);
        }
        // Create attribute request object
        $ax_attribute = array();
        foreach ($this->requiredAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true);
        }
        foreach ($this->optionalAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false);
        }
        if (count($ax_attribute) > 0) {
            // Create AX fetch request
            $ax_request = new Auth_OpenID_AX_FetchRequest();
            // Add attributes to AX fetch request
            foreach ($ax_attribute as $attr) {
                $ax_request->add($attr);
            }
            // Add AX fetch request to authentication request
            $auth_request->addExtension($ax_request);
        }
        foreach ($this->extensionArgs as $ext_ns => $ext_arg) {
            if (is_array($ext_arg)) {
                foreach ($ext_arg as $ext_key => $ext_value) {
                    $auth_request->addExtensionArg($ext_ns, $ext_key, $ext_value);
                }
            }
        }
        // Redirect the user to the OpenID server for authentication.
        // Store the token for this authentication so we can verify the
        // response.
        // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript form
        // to send a POST request to the server or use redirect if
        // prefer_http_redirect is enabled and redirect URL size
        // is less than 2049
        $should_send_redirect = $auth_request->shouldSendRedirect();
        if ($this->preferHttpRedirect || $should_send_redirect) {
            $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
            // If the redirect URL can't be built, display an error message.
            if (Auth_OpenID::isFailure($redirect_url)) {
                throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($redirect_url->message, TRUE));
            }
            // For OpenID 2 failover to POST if redirect URL is longer than 2048
            if ($should_send_redirect || strlen($redirect_url) <= 2048) {
                SimpleSAML_Utilities::redirectTrustedURL($redirect_url);
                assert('FALSE');
            }
        }
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($form_html->message, TRUE));
        } else {
            echo '<html><head><title>OpenID transaction in progress</title></head>
				<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
            exit;
        }
    }
//define oauth & openid params
require_once '../config.inc.php';
//ammend include path so we can include files consistently
$includePath = get_include_path() . PATH_SEPARATOR . OPENID_INCLUDE_PATH . PATH_SEPARATOR . OAUTH_INCLUDE_PATH . PATH_SEPARATOR;
set_include_path($includePath);
//include openid files
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/AX.php";
//init basic openid auth url generation
$openidFileStore = new Auth_OpenID_FileStore('/tmp/');
$openidConsumer =& new Auth_OpenID_Consumer($openidFileStore);
//this could just as easily be set dynamically
$openidIdentifier = 'yahoo.com';
$openidAuthRequest = $openidConsumer->begin($openidIdentifier);
//add openid ax req params for all the fields mentioned in the blog post below
//ref: http://developer.yahoo.net/blog/archives/2009/12/yahoo_openid_now_with_attribute_exchange.html
//ref: http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid
$openid_ax_attributes = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'profile_pic'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender'));
$openid_ax_request = new Auth_OpenID_AX_FetchRequest();
foreach ($openid_ax_attributes as $attribute) {
    $openid_ax_request->add($attribute);
}
$openidAuthRequest->addExtension($openid_ax_request);
//this is the url for openid provider log in page
$openidLoginRedirectUrl = $openidAuthRequest->redirectURL(OPENID_REALM_URI, OPENID_RETURN_TO_URI);
//append hybrid auth fields
$additionalFields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => YAHOO_OAUTH_APP_KEY);
$openidLoginRedirectUrl .= '&' . http_build_query($additionalFields);
//redirect for auth
header('Location: ' . $openidLoginRedirectUrl);
Esempio n. 17
0
    /**
     * Send an authentication request to the OpenID provider.
     *
     * @param array &$state  The state array.
     * @param string $openid  The OpenID we should try to authenticate with.
     */
    public function doAuth(array &$state, $openid)
    {
        assert('is_string($openid)');
        $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:state');
        $consumer = $this->getConsumer($state);
        // Begin the OpenID authentication process.
        $auth_request = $consumer->begin($openid);
        // No auth request means we can't begin OpenID.
        if (!$auth_request) {
            throw new Exception("Authentication error; not a valid OpenID.");
        }
        $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes);
        if ($sreg_request) {
            $auth_request->addExtension($sreg_request);
        }
        // Create attribute request object
        $ax_attribute = array();
        foreach ($this->requiredAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true);
        }
        foreach ($this->optionalAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false);
        }
        if (count($ax_attribute) > 0) {
            // Create AX fetch request
            $ax_request = new Auth_OpenID_AX_FetchRequest();
            // Add attributes to AX fetch request
            foreach ($ax_attribute as $attr) {
                $ax_request->add($attr);
            }
            // Add AX fetch request to authentication request
            $auth_request->addExtension($ax_request);
        }
        // Redirect the user to the OpenID server for authentication.
        // Store the token for this authentication so we can verify the
        // response.
        // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
        // form to send a POST request to the server.
        if ($auth_request->shouldSendRedirect()) {
            $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
            // If the redirect URL can't be built, display an error message.
            if (Auth_OpenID::isFailure($redirect_url)) {
                throw new Exception("Could not redirect to server: " . $redirect_url->message);
            }
            SimpleSAML_Utilities::redirect($redirect_url);
        } else {
            // Generate form markup and render it.
            $form_id = 'openid_message';
            $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
            // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
            if (Auth_OpenID::isFailure($form_html)) {
                throw new Exception("Could not redirect to server: " . $form_html->message);
            } else {
                echo '<html><head><title>OpenID transaction in progress</title></head>
					<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
                exit;
            }
        }
    }
 /**
  * This initiates openid connection. This method can also used for google/yahoo
  * signin, since those support openid.
  * @param type $auth_site 
  */
 function openIdConnect($auth_site)
 {
     //required includes
     //session_start();
     require_once "Auth/OpenID/Consumer.php";
     require_once "Auth/OpenID/FileStore.php";
     require_once "Auth/OpenID/SReg.php";
     require_once "Auth/OpenID/AX.php";
     $objAltConfig = $this->getObject('altconfig', 'config');
     $this->objDbSysconfig = $this->getObject('dbsysconfig', 'sysconfig');
     $modPath = $objAltConfig->getModulePath();
     $moduleUri = $objAltConfig->getModuleURI();
     $siteRoot = $objAltConfig->getSiteRoot();
     $DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult';
     $OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin';
     $OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin';
     $_SESSION['AUTH'] = false;
     switch ($auth_site) {
         case "google":
             $oid_identifier = 'https://www.google.com/accounts/o8/id';
             $_SESSION['auth_site'] = "Google";
             break;
         case "yahoo":
             $oid_identifier = 'https://yahoo.com';
             $_SESSION['auth_site'] = "Yahoo!";
             break;
         case "openid":
             if (!$_POST['openIDField']) {
                 header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidopenid", 'security'));
             } else {
                 $oid_identifier = $_POST['openIDField'];
                 $_SESSION['openid_user'] = $oid_identifier;
                 $_SESSION['auth_site'] = "OpenID";
             }
             break;
         default:
             header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidorunsupportedopenidprovider", 'security'));
     }
     //Here starts the authentication process
     // Create file storage area for OpenID data
     $openidPath = $this->objConfig->getcontentBasePath() . '/openid';
     $objMkDir = $this->getObject('mkdir', 'files');
     $objMkDir->mkdirs($openidPath);
     $store = new Auth_OpenID_FileStore($openidPath);
     // Create OpenID consumer
     $consumer = new Auth_OpenID_Consumer($store);
     // Create an authentication request to the OpenID provider
     $auth = $consumer->begin($oid_identifier);
     //checks for errors
     if (!$auth) {
         header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
     }
     //configuring atributtes to be retrieved
     $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
     // Create AX fetch request
     $ax = new Auth_OpenID_AX_FetchRequest();
     if (!$ax) {
         header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
     }
     foreach ($attribute as $attr) {
         $ax->add($attr);
     }
     if (!$auth) {
         header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
     }
     try {
         // Add AX fetch request to authentication request
         $auth->addExtension($ax);
     } catch (Exception $ex) {
         header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
     }
     // redirect to the OpenID provider's website for authentication
     $url = $auth->redirectURL($siteRoot, $OPENID_CALLBACK_PAGE);
     header('Location: ' . $url);
 }
Esempio n. 19
0
/**
 * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
 */
function openid_add_ax_extension($extensions, $auth_request)
{
    if (!get_user_by_openid($auth_request->endpoint->claimed_id)) {
        require_once 'Auth/OpenID/AX.php';
        if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
            $default_fields = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
            $fields = apply_filters('openid_consumer_ax_fields', $default_fields);
            $ax_request = new Auth_OpenID_AX_FetchRequest();
            foreach ($fields as $field) {
                $ax_request->add($field);
            }
            $extensions[] = $ax_request;
        }
    }
    return $extensions;
}
Esempio n. 20
0
 function login($openid_url, $finish_page)
 {
     global $wgTrustRoot, $wgOut;
     # If it's an interwiki link, expand it
     $openid_url = $this->interwikiExpand($openid_url);
     # Check if the URL is allowed
     if (!$this->canLogin($openid_url)) {
         $wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
         return;
     }
     if (!is_null($wgTrustRoot)) {
         $trust_root = $wgTrustRoot;
     } else {
         global $wgScriptPath, $wgServer;
         $trust_root = $wgServer . $wgScriptPath;
     }
     wfSuppressWarnings();
     $consumer = $this->getConsumer();
     if (!$consumer) {
         wfDebug("OpenID: no consumer\n");
         $wgOut->showErrorPage('openiderror', 'openiderrortext');
         return;
     }
     # Make sure the user has a session!
     $this->setupSession();
     $auth_request = $consumer->begin($openid_url);
     // Handle failure status return values.
     if (!$auth_request) {
         wfDebug("OpenID: no auth_request\n");
         $wgOut->showErrorPage('openiderror', 'openiderrortext');
         return;
     }
     # Check the processed URLs, too
     $endpoint = $auth_request->endpoint;
     if (!is_null($endpoint)) {
         # Check if the URL is allowed
         if (isset($endpoint->identity_url) && !$this->canLogin($endpoint->identity_url)) {
             $wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
             return;
         }
         if (isset($endpoint->delegate) && !$this->canLogin($endpoint->delegate)) {
             $wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
             return;
         }
     }
     $sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone'));
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     // Create attribute request object. Depending on your endpoint, you can request many things:
     // see http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters.
     // Usage: make($type_uri, $count=1, $required=false, $alias=null)
     $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
     $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
     $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
     // Create AX fetch request and add attributes
     $ax_request = new Auth_OpenID_AX_FetchRequest();
     foreach ($attribute as $attr) {
         $ax_request->add($attr);
     }
     if ($ax_request) {
         $auth_request->addExtension($ax_request);
     }
     $process_url = $this->scriptUrl($finish_page);
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL($trust_root, $process_url);
         if (Auth_OpenID::isFailure($redirect_url)) {
             displayError("Could not redirect to server: " . $redirect_url->message);
         } else {
             # OK, now go
             $wgOut->redirect($redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_id = 'openid_message';
         $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             displayError('Could not redirect to server: ' . $form_html->message);
         } else {
             $wgOut->addWikiMsg('openidautosubmit');
             $wgOut->addHTML($form_html);
             $wgOut->addInlineScript("function submitOpenIDForm() {\n document.getElementById(\"" . $form_id . "\").submit()\n }\nhookEvent(\"load\", submitOpenIDForm);\n");
         }
     }
     wfRestoreWarnings();
 }
Esempio n. 21
0
 function authenticate($openId)
 {
     $consumer = $this->_getConsumer();
     $authRequest = $consumer->begin($openId);
     // No auth request means we can't begin OpenID.
     if (!$authRequest) {
         $this->_set_message(true, 'openid_auth_error');
     }
     if ($this->sreg_enable) {
         $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
         if ($sreg_request) {
             $authRequest->addExtension($sreg_request);
         } else {
             $this->_set_message(true, 'openid_sreg_failed');
         }
     }
     if ($this->ax_enable) {
         $ax_request = new Auth_OpenID_AX_FetchRequest();
         if ($this->ax_required) {
             foreach ($this->ax_required as $attrib => $alias) {
                 $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attrib, 1, true, $alias));
             }
         }
         if ($this->ax_optional) {
             foreach ($this->ax_optional as $attrib => $alias) {
                 $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attrib, 1, false, $alias));
             }
         }
         $authRequest->addExtension($ax_request);
     }
     if ($this->pape_enable) {
         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
         if ($pape_request) {
             $authRequest->addExtension($pape_request);
         } else {
             $this->_set_message(true, 'openid_pape_failed');
         }
     }
     if ($this->ext_args != null) {
         foreach ($this->ext_args as $extensionArgument) {
             if (count($extensionArgument) == 3) {
                 $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
             }
         }
     }
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
     // form to send a POST request to the server.
     if ($authRequest->shouldSendRedirect()) {
         $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to);
         // If the redirect URL can't be built, display an error
         // message.
         if (Auth_OpenID::isFailure($redirect_url)) {
             $this->_set_message(true, 'openid_redirect_failed', $redirect_url->message);
         } else {
             // Send redirect.
             header("Location: " . $redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_id = 'openid_message';
         $form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, false, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             $this->_set_message(true, 'openid_redirect_failed', $form_html->message);
         } else {
             $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
             print implode("\n", $page_contents);
         }
     }
 }
Esempio n. 22
0
function openid($credentials, $options)
{
    $mainframe =& JFactory::getApplication();
    $provider = $credentials[PROVIDER];
    $db = JFactory::getDBO();
    $selectProvider = 'select p.id, p.discovery_url, p.prefix, p.suffix, p.use_email from #__providers p where p.name = "' . $provider . '"';
    $db->setQuery($selectProvider);
    $dbprovider = $db->loadObject();
    $prefix = trim($dbprovider->prefix);
    $suffix = trim($dbprovider->suffix);
    //$discovery = trim($dbprovider->discovery_url);
    //    $discovery = ($dbprovider->discovery_url == null) ? null : trim($dbprovider->discovery_url);
    $discovery = $dbprovider->discovery_url;
    $username = trim($credentials['username']);
    $beginning = substr($username, 0, strlen($prefix));
    $ending = substr($username, strlen($username) - strlen($suffix));
    if ($beginning != $prefix) {
        $username = $prefix . $username;
    }
    if ($ending != $suffix) {
        $username = $username . $suffix;
    }
    //$discovery_url = ($discovery) ? $discovery : $credentials['username'];
    $discovery_url = $discovery ? $discovery : $username;
    $username = $discovery ? '' : $username;
    ################################################
    if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
        define('Auth_OpenID_RAND_SOURCE', null);
    } else {
        $f = @fopen('/dev/urandom', 'r');
        if ($f !== false) {
            define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
            fclose($f);
        } else {
            $f = @fopen('/dev/random', 'r');
            if ($f !== false) {
                define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
                fclose($f);
            } else {
                define('Auth_OpenID_RAND_SOURCE', null);
            }
        }
    }
    jimport('openid.consumer');
    jimport('joomla.filesystem.folder');
    // Access the session data
    $session =& JFactory::getSession();
    $info = array();
    // Create and/or start using the data store
    $store_path = JPATH_ROOT . '/tmp/_joomla_openid_store';
    if (!JFolder::exists($store_path) && !JFolder::create($store_path)) {
        $info[STATUS] = Auth_FAILURE;
        //$response->type = JAUTHENTICATE_STATUS_FAILURE;
        //$response->error_message = "Could not create the FileStore directory '$store_path'. " . " Please check the effective permissions.";
        return false;
    }
    // Create store object
    $store = new Auth_OpenID_FileStore($store_path);
    // Create a consumer object
    $consumer = new Auth_OpenID_Consumer($store);
    if (!isset($_SESSION['_openid_consumer_last_token'])) {
        // Begin the OpenID authentication process.
        if (!($auth_request = $consumer->begin($discovery_url))) {
            $info[STATUS] = Auth_FAILURE;
            //$response->type = JAUTHENTICATE_STATUS_FAILURE;
            //$response->error_message = 'Authentication error : could not connect to the openid server';
            return $info;
        }
        // if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
        $ax_request = new Auth_OpenID_AX_FetchRequest();
        $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
        //         }
        $sreg_request = Auth_OpenID_SRegRequest::build(array('email'));
        if ($ax_request) {
            $auth_request->addExtension($ax_request);
            $auth_request->addExtension($sreg_request);
        }
        //        $policy_uris = array();
        //        if ($this->params->get( 'phishing-resistant', 0)) {
        //            $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant';
        //        }
        //
        //        if ($this->params->get( 'multi-factor', 0)) {
        //            $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/multi-factor';
        //        }
        //
        //        if ($this->params->get( 'multi-factor-physical', 0)) {
        //            $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical';
        //        }
        //
        //        $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
        //        if ($pape_request) {
        //            $auth_request->addExtension($pape_request);
        //        }
        //Create the entry url
        $entry_url = isset($options['entry_url']) ? $options['entry_url'] : JURI::base();
        $entry_url = JURI::getInstance($entry_url);
        unset($options['entry_url']);
        //We don't need this anymore
        //Create the url query information
        $options['return'] = isset($options['return']) ? base64_encode($options['return']) : base64_encode(JURI::base());
        $options[JUtility::getToken()] = 1;
        $process_url = sprintf($entry_url->toString() . "?option=com_user&task=login&provider=%s", $provider);
        $process_url = isset($username) && $username ? sprintf("%s&username=%s", $process_url, urlencode($username)) : $process_url;
        $process_url .= '&' . JURI::buildQuery($options);
        $session->set('return_url', $process_url);
        $trust_url = $entry_url->toString(array('path', 'host', 'port', 'scheme'));
        $session->set('trust_url', $trust_url);
        // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
        // form to send a POST request to the server.
        if ($auth_request->shouldSendRedirect()) {
            $redirect_url = $auth_request->redirectURL($trust_url, $process_url);
            // If the redirect URL can't be built, display an error
            // message.
            if (Auth_OpenID::isFailure($redirect_url)) {
                displayError("Could not redirect to server: " . $redirect_url->message);
            } else {
                // Send redirect.
                $mainframe->redirect($redirect_url);
                return false;
            }
        } else {
            // Generate form markup and render it.
            $form_id = 'openid_message';
            $form_html = $auth_request->htmlMarkup($trust_url, $process_url, false, array('id' => $form_id));
            // Display an error if the form markup couldn't be generated;
            // otherwise, render the HTML.
            if (Auth_OpenID::isFailure($form_html)) {
                //displayError("Could not redirect to server: " . $form_html->message);
            } else {
                JResponse::setBody($form_html);
                echo JResponse::toString($mainframe->getCfg('gzip'));
                $mainframe->close();
                return false;
            }
        }
    }
    $result = $consumer->complete($session->get('return_url'));
    // estandarizo el formato de salida de los datos necesarios
    $info[EXTERNAL_ID] = $result->getDisplayIdentifier();
    switch ($result->status) {
        case Auth_OpenID_SUCCESS:
            $info[STATUS] = Auth_SUCCESS;
            $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($result);
            if ($ax_resp) {
                $email = $ax_resp->getSingle('http://axschema.org/contact/email');
                if ($email && !is_a($email, 'Auth_OpenID_AX_Error')) {
                    $info[EMAIL] = $email;
                }
            }
            $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($result);
            if (!isset($info[EMAIL]) && $sreg_resp) {
                $sreg = $sreg_resp->contents();
                if (isset($sreg['email'])) {
                    $info[EMAIL] = $sreg['email'];
                }
            }
            $info[EMAIL] = isset($info[EMAIL]) ? $info[EMAIL] : $info[EXTERNAL_ID];
            $info[LABEL] = $dbprovider->use_email ? $info[EMAIL] : $info[EXTERNAL_ID];
            break;
        case Auth_OpenID_CANCEL:
            $info[STATUS] = Auth_CANCEL;
            break;
        case Auth_OpenID_FAILURE:
            $info[STATUS] = Auth_FAILURE;
            break;
    }
    return $info;
}
Esempio n. 23
0
 /**
  * Given attribute exchange arguments, populate this FetchRequest.
  *
  * @return $result Auth_OpenID_AX_Error if the data to be parsed
  * does not follow the attribute exchange specification. At least
  * when 'if_available' or 'required' is not specified for a
  * particular attribute type.  Returns true otherwise.
  */
 function parseExtensionArgs($ax_args)
 {
     $result = $this->_checkMode($ax_args);
     if (Auth_OpenID_AX::isError($result)) {
         return $result;
     }
     $aliases = new Auth_OpenID_NamespaceMap();
     foreach ($ax_args as $key => $value) {
         if (strpos($key, 'type.') === 0) {
             $alias = substr($key, 5);
             $type_uri = $value;
             $alias = $aliases->addAlias($type_uri, $alias);
             if ($alias === null) {
                 return new Auth_OpenID_AX_Error(sprintf("Could not add alias %s for URI %s", $alias, $type_uri));
             }
             $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias);
             if ($count_s) {
                 $count = Auth_OpenID::intval($count_s);
                 if ($count === false && $count_s === Auth_OpenID_AX_UNLIMITED_VALUES) {
                     $count = $count_s;
                 }
             } else {
                 $count = 1;
             }
             if ($count === false) {
                 return new Auth_OpenID_AX_Error(sprintf("Integer value expected for %s, got %s", 'count.' . $alias, $count_s));
             }
             $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count, false, $alias);
             if (Auth_OpenID_AX::isError($attrinfo)) {
                 return $attrinfo;
             }
             $this->add($attrinfo);
         }
     }
     $required = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'required'));
     foreach ($required as $type_uri) {
         $attrib =& $this->requested_attributes[$type_uri];
         $attrib->required = true;
     }
     $if_available = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'if_available'));
     $all_type_uris = array_merge($required, $if_available);
     foreach ($aliases->iterNamespaceURIs() as $type_uri) {
         if (!in_array($type_uri, $all_type_uris)) {
             return new Auth_OpenID_AX_Error(sprintf('Type URI %s was in the request but not ' . 'present in "required" or "if_available"', $type_uri));
         }
     }
     $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
     return true;
 }
Esempio n. 24
0
/**
 * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
 */
function openid_add_ax_extension($extensions, $auth_request) {
	if(!get_user_by_openid($auth_request->endpoint->claimed_id)) {
		set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
		require_once('Auth/OpenID/AX.php');
		restore_include_path();

		if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
			$ax_request = new Auth_OpenID_AX_FetchRequest();
			$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
			$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
			$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));

			$extensions[] = $ax_request;
		}
	}

	return $extensions;
}
Esempio n. 25
0
 function index()
 {
     // Enable SSL?
     maintain_ssl($this->config->item("ssl_enabled"));
     // Get OpenID store object
     $store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path"));
     // Get OpenID consumer object
     $consumer = new Auth_OpenID_Consumer($store);
     if ($this->input->get('janrain_nonce')) {
         // Complete authentication process using server response
         $response = $consumer->complete(site_url('account/connect_google'));
         // Check the response status
         if ($response->status == Auth_OpenID_SUCCESS) {
             // Check if user has connect google to a3m
             if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) {
                 // Check if user is not signed in on a3m
                 if (!$this->authentication->is_signed_in()) {
                     // Run sign in routine
                     $this->authentication->sign_in($user->account_id);
                 }
                 $user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google')));
                 redirect('account/account_linked');
             } else {
                 // Check if user is signed in on a3m
                 if (!$this->authentication->is_signed_in()) {
                     $openid_google = array();
                     if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) {
                         $ax_args = $ax_args->data;
                         if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) {
                             $openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0];
                         }
                         if (isset($ax_args['http://axschema.org/contact/email'][0])) {
                             $email = $ax_args['http://axschema.org/contact/email'][0];
                         }
                         if (isset($ax_args['http://axschema.org/namePerson'][0])) {
                             $openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0];
                         }
                         if (isset($ax_args['http://axschema.org/birthDate'][0])) {
                             $openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0];
                         }
                         if (isset($ax_args['http://axschema.org/person/gender'][0])) {
                             $openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0];
                         }
                         if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) {
                             $openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0];
                         }
                         if (isset($ax_args['http://axschema.org/contact/country/home'][0])) {
                             $openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0];
                         }
                         if (isset($ax_args['http://axschema.org/pref/language'][0])) {
                             $openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0];
                         }
                         if (isset($ax_args['http://axschema.org/pref/timezone'][0])) {
                             $openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0];
                         }
                         if (isset($ax_args['http://axschema.org/namePerson/first'][0])) {
                             $openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0];
                         }
                         // google only
                         if (isset($ax_args['http://axschema.org/namePerson/last'][0])) {
                             $openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0];
                         }
                         // google only
                     }
                     // Store user's google data in session
                     $this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google));
                     // Create a3m account
                     redirect('account/connect_create');
                 } else {
                     // Connect google to a3m
                     $this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id'));
                     $this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google')));
                     redirect('account/account_linked');
                 }
             }
         } else {
             $this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up');
         }
     }
     // Begin OpenID authentication process
     $auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint"));
     // Create ax request (Attribute Exchange)
     $ax_request = new Auth_OpenID_AX_FetchRequest();
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone'));
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname'));
     // google only
     $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname'));
     // google only
     $auth_request->addExtension($ax_request);
     // Redirect to authorizate URL
     header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google')));
 }
 function tryAuth($tid, $openid, $remember_openid = null)
 {
     $context = Model_Context::getInstance();
     $trust_root = $context->getProperty('uri.host') . "/";
     ob_start();
     $auth_request = $this->consumer->begin($openid);
     ob_end_clean();
     // Handle failure status return values.
     if (!$auth_request) {
         return $this->_redirectWithError(_text("인증하지 못하였습니다. 아이디를 확인하세요"), $tid);
     }
     if (!$this->IsExisted($auth_request->endpoint->claimed_id)) {
         if ($auth_request->message->isOpenID2()) {
             $ax_nickname = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true, 'nickname');
             $ax_request = new Auth_OpenID_AX_FetchRequest();
             $ax_request->add($ax_nickname);
             $auth_request->addExtension($ax_request);
         } else {
             $sreg_request = Auth_OpenID_SRegRequest::build(null, array('nickname'));
             $auth_request->addExtension($sreg_request);
         }
     }
     if ($remember_openid) {
         $this->setCookie('openid', empty($auth_request->endpoint->display_identifier) ? $auth_request->endpoint->claimed_id : $auth_request->endpoint->display_identifier);
     } else {
         $this->clearCookie('openid');
     }
     $tr = Transaction::taste($tid);
     $finishURL = $tr['finishURL'];
     $redirect_url = $auth_request->redirectURL($trust_root, $finishURL);
     return $this->redirect($redirect_url);
 }
Esempio n. 27
0
 /**
  * Returns URL to which user can be directed for 
  * authentication via CS50 ID.
  *
  * @param trust_root  URL that CS50 ID should prompt user to trust
  * @param return_to   URL to which CS50 ID should return user
  * @param fields      Simple Registration fields to request from CS50 ID
  * @param attributes  Attribute Exchange attributes to request from CS50 ID
  *
  * @return URL for CS50 ID
  */
 public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = [])
 {
     // ignore Janrain's use of deprecated functions
     $error_reporting = error_reporting();
     error_reporting($error_reporting & ~E_DEPRECATED);
     // load Janrain's libary
     set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0");
     require_once "Auth/OpenID/AX.php";
     require_once "Auth/OpenID/Consumer.php";
     require_once "Auth/OpenID/FileStore.php";
     require_once "Auth/OpenID/SReg.php";
     // ensure $_SESSION exists for Yadis
     @session_start();
     // prepare filesystem-based store
     $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to);
     @mkdir($path, 0700);
     if (!is_dir($path)) {
         trigger_error("Could not create {$path}", E_USER_ERROR);
     }
     if (!is_readable($path)) {
         trigger_error("Could not read from {$path}", E_USER_ERROR);
     }
     if (!is_writable($path)) {
         trigger_error("Could not write to {$path}", E_USER_ERROR);
     }
     $store = new Auth_OpenID_FileStore($path);
     // prepare request
     $consumer = new Auth_OpenID_Consumer($store);
     $auth_request = $consumer->begin("https://id.cs50.net/");
     // request Simple Registration fields
     if (is_array($fields) && count($fields) > 0) {
         $sreg_request = Auth_OpenID_SRegRequest::build(null, $fields);
         $auth_request->addExtension($sreg_request);
     }
     // request Attribute Exchange attributes
     if (is_array($attributes) && count($attributes) > 0) {
         $ax_request = new Auth_OpenID_AX_FetchRequest();
         foreach ($attributes as $attribute) {
             $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false));
         }
         $auth_request->addExtension($ax_request);
     }
     // generate URL for redirection
     $redirect_url = $auth_request->redirectURL($trust_root, $return_to);
     // restore error_reporting
     error_reporting($error_reporting);
     // return URL unless error
     if (Auth_OpenID::isFailure($redirect_url)) {
         trigger_error($redirect_url->message);
         return false;
     } else {
         return $redirect_url;
     }
 }
Esempio n. 28
0
/**
 * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
 */
function openid_add_ax_extension($extensions, $auth_request)
{
    if (!get_user_by_openid($auth_request->endpoint->claimed_id)) {
        require_once 'Auth/OpenID/AX.php';
        if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
            $ax_request = new Auth_OpenID_AX_FetchRequest();
            $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
            $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
            $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
            $extensions[] = $ax_request;
        }
    }
    return $extensions;
}
Esempio n. 29
0
 function test_getExtensionArgs_some_request()
 {
     $expected_args = array('mode' => 'fetch_response', 'type.' . $this->alias_a => $this->type_a, 'value.' . $this->alias_a . '.1' => $this->value_a, 'count.' . $this->alias_a => '1');
     $req = new Auth_OpenID_AX_FetchRequest();
     $req->add(Auth_OpenID_AX_AttrInfo::make($this->type_a, 1, false, $this->alias_a));
     $this->msg->addValue($this->type_a, $this->value_a);
     $result = $this->msg->getExtensionArgs($req);
     $this->assertEquals($expected_args, $result);
 }
Esempio n. 30
0
 function authenticate($openId, $immediate = false)
 {
     $consumer = $this->_getConsumer();
     $authRequest = $consumer->begin($openId);
     // No auth request means we can't begin OpenID.
     if (!$authRequest) {
         $this->_set_message(true, 'openid_auth_error');
     }
     if ($this->sreg_enable) {
         $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
         if ($sreg_request) {
             $authRequest->addExtension($sreg_request);
         } else {
             $this->_set_message(true, 'openid_sreg_failed');
         }
     }
     if ($this->ax_enable) {
         $ax_request = new Auth_OpenID_AX_FetchRequest();
         if ($ax_request) {
             foreach ($this->ax_types as $alias => &$type_url) {
                 $ax_request->add(Auth_OpenID_AX_AttrInfo::make($type_url, 1, 1, $alias));
             }
             $authRequest->addExtension($ax_request);
         } else {
             $this->_set_message(true, 'openid_ax_failed');
         }
     }
     if ($this->pape_enable) {
         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
         if ($pape_request) {
             $authRequest->addExtension($pape_request);
         } else {
             $this->_set_message(true, 'openid_pape_failed');
         }
     }
     if ($this->ext_args != null) {
         foreach ($this->ext_args as $extensionArgument) {
             if (count($extensionArgument) == 3) {
                 $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
             }
         }
     }
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
     // form to send a POST request to the server.
     if ($authRequest->shouldSendRedirect()) {
         $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to, $immediate);
         // If the redirect URL can't be built, display an error
         // message.
         if (Auth_OpenID::isFailure($redirect_url)) {
             $this->_set_message(true, 'openid_redirect_failed', $redirect_url->message);
         } else {
             // Send redirect.
             header("Location: " . $redirect_url);
         }
     } else {
         // Generate form markup and return it.
         $form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, $immediate, array('id' => 'openid_message'));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             $this->_set_message(true, 'openid_redirect_failed', $form_html->message);
         } else {
             return $form_html;
         }
     }
 }