public function BackUrl()
{
return OpenStackIdCommon::getRedirectBackUrl();
}
function index()
{
try {
$member = Member::currentUser();
if ($member) {
// user is already logged in
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
$consumer = Injector::inst()->get('MyOpenIDConsumer');
$query = Auth_OpenID::getQuery();
$message = Auth_OpenID_Message::fromPostArgs($query);
$nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
$claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp));
// Complete the authentication process using the server's response.
$response = $consumer->complete(OpenStackIdCommon::getReturnTo());
if ($response->status == Auth_OpenID_CANCEL) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL');
SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN);
throw new Exception('The verification was cancelled. Please try again.');
} else {
if ($response->status == Auth_OpenID_FAILURE) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE');
SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN);
throw new Exception("The OpenID authentication failed.");
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS');
$openid = $response->getDisplayIdentifier();
$openid = OpenStackIdCommon::escape($openid);
if ($response->endpoint->canonicalID) {
$openid = escape($response->endpoint->canonicalID);
}
//get user info from openid response
$member = null;
list($email, $full_name) = $this->getUserProfileInfo($response);
if (!is_null($email)) {
//try to get user by email
$member = $this->member_repository->findByEmail($email);
}
if (!$member) {
// or by openid
$member = Member::get()->filter('IdentityURL', $openid)->first();
}
if ($member) {
$result = $member->canLogIn();
if ($result->valid()) {
$member->setIdentityUrl($openid);
$member->write();
$member->LogIn(true);
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
throw new Exception("Inactive User!");
}
throw new Exception("The OpenID authentication failed: can not find user " . $openid);
}
}
}
} catch (Exception $ex) {
Session::set("Security.Message.message", $ex->getMessage());
Session::set("Security.Message.type", "bad");
SS_Log::log($ex, SS_Log::WARN);
return $this->redirect("Security/badlogin");
}
}
