/** * @access private */ function _doIdRes($message, $endpoint, $return_to) { // Checks for presence of appropriate fields (and checks // signed list fields) $result = $this->_idResCheckForFields($message); if (Auth_OpenID::isFailure($result)) { return $result; } if (!$this->_checkReturnTo($message, $return_to)) { return new Auth_OpenID_FailureResponse(null, sprintf("return_to does not match return URL. Expected %s, got %s", $return_to, $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'))); } // Verify discovery information: $result = $this->_verifyDiscoveryResults($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $endpoint = $result; $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; } $result = $this->_idResCheckNonce($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($signed_list_str)) { return $signed_list_str; } $signed_list = explode(',', $signed_list_str); $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid."); return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields); }
/** * @access private */ function _doIdRes($message, $endpoint) { $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if ($signed_list_str === null) { return new Auth_OpenID_FailureResponse($endpoint, "Response missing signed list"); } $signed_list = explode(',', $signed_list_str); // Checks for presence of appropriate fields (and checks // signed list fields) $result = $this->_idResCheckForFields($message, $signed_list); if (Auth_OpenID::isFailure($result)) { return $result; } // Verify discovery information: $result = $this->_verifyDiscoveryResults($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $endpoint = $result; $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; } $response_identity = $message->getArg(Auth_OpenID_OPENID_NS, 'identity'); $result = $this->_idResCheckNonce($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid."); return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields); }
/** * @access private */ function _doIdRes($message, $endpoint, $return_to) { // Checks for presence of appropriate fields (and checks // signed list fields) $result = $this->_idResCheckForFields($message); if (Auth_OpenID::isFailure($result)) { return $result; } if (!$this->_checkReturnTo($message, $return_to)) { return new Auth_OpenID_FailureResponse(null, sprintf("return_to does not match return URL. Expected %s, got %s", $return_to, $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'))); } // ------------------------------------------------------------- // Block change to original code starts here // // @author Stuart Metcalfe <*****@*****.**> on behalf of Canonical // // We are using a simplified version of the 'identifier select' feature // from OpenID 2.0 in OpenID 1.1 requests to authenticate with a fixed // endpoint (defined in the implementing site's code as // OPENID_FIXED_ENDPOINT). This allows us to transparently provide SSO // for multiple sites using OpenID and implement (potentially) multiple // authentication methods only once on the central server. if (defined('OPENID_FIXED_ENDPOINT') && $endpoint->claimed_id == Auth_OpenID_IDENTIFIER_SELECT) { // This is a hack to allow OpenID 2.0 style identifier selection in // an OpenID 1.x transaction. When this happens, we set the claimed // and local identity URLs from the response parameters. Normally // this should be followed up with a check to see if the OP really // is responsible for the selected ID, but we're skipping it due to // us trusting the OP. $identity_url = $message->getArg(Auth_OpenID_OPENID_NS, 'identity'); $endpoint->claimed_id = $identity_url; $endpoint->local_id = $identity_url; $message->setArg(Auth_OpenID_BARE_NS, 'openid1_claimed_id', $identity_url); } // Block change to original code ends here // ------------------------------------------------------------- // Verify discovery information: $result = $this->_verifyDiscoveryResults($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $endpoint = $result; $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; } $result = $this->_idResCheckNonce($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT); $signed_list = explode(',', $signed_list_str); $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid."); return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields); }
/** * @access private */ function _doIdRes($message, $endpoint, $return_to) { // Checks for presence of appropriate fields (and checks // signed list fields) $result = $this->_idResCheckForFields($message); if (Auth_OpenID::isFailure($result)) { return $result; } if (!$this->_checkReturnTo($message, $return_to)) { $debug = debug_backtrace(); $errline = "\nStack Trace: \n"; foreach ($debug as $etrace) { if (isset($etrace['file'])) { $errline .= " file: {$etrace['file']}"; } if (isset($etrace['line'])) { $errline .= " line: {$etrace['line']}"; } if (isset($etrace['function'])) { $errline .= " fcn: {$etrace['function']}"; } $errline .= "\n"; } error_log("lib/openid/Auth/OpenID/Consumer.php::_doIdRes() - auth return_to failure ... {$errline}"); if (empty($return_to)) { error_log("lib/openid/Auth/OpenID/Consumer.php: Ignoring empty return_to URL."); } else { return new Auth_OpenID_FailureResponse(null, sprintf("return_to does not match return URL. Expected %s, got %s", $return_to, $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'))); } } // Verify discovery information: $result = $this->_verifyDiscoveryResults($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $endpoint = $result; $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; } $result = $this->_idResCheckNonce($message, $endpoint); if (Auth_OpenID::isFailure($result)) { return $result; } $signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT); if (Auth_OpenID::isFailure($signed_list_str)) { return $signed_list_str; } $signed_list = explode(',', $signed_list_str); $signed_fields = Auth_OpenID::addPrefix($signed_list, "openid."); return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields); }