function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } $auth_request->addExtension($ax); $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
function make_request() { //get openid identifier URL if (empty($_GET['openid_url'])) { $error = "Expected an OpenID URL."; print $error; exit(0); } $openid = $_GET['openid_url']; $consumer = get_consumer(); //begin openid authentication $auth_request = $consumer->begin($openid); //no authentication available if (!$auth_request) { print "Authentication error; not a valid OpenID."; } //add openid extensions to the request $auth_request->addExtension(attach_ax()); //attribute exchange //generate redirect url $return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE); $trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF'])); $redirect_url = $auth_request->redirectURL($trust_root, $return_url); //attach oauth extension parameters to redirect url $hybrid_fields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => CONSUMER_KEY); $redirect_url .= '&' . http_build_query($hybrid_fields); //if no redirect available display error message, else redirect if (Auth_OpenID::isFailure($redirect_url)) { print "Could not redirect to server: " . $redirect_url->message; } else { header("Location: " . $redirect_url); } }
public function validateIdentifier($validator, $values, $arguments = array()) { $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']); if (!$authRequest) { throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.'); } $sregExchange = new opOpenIDProfileExchange('sreg'); $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles())); // for OpenID1 if ($authRequest->shouldSendRedirect()) { $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_url'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message); } } else { $axExchange = new opOpenIDProfileExchange('ax'); $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axExchange->getImportSupportedProfiles() as $key => $value) { $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key)); } $authRequest->addExtension($axRequest); $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_html'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message); } } return $values; }
/** * @throws InvalidArgumentException if an invalid OpenID was provided */ public function authenticate($url, $return, $realm, $required = array(), $optional = array()) { if (empty($realm)) { $realm = 'http' . (env('HTTPS') ? 's' : '') . '://' . env('SERVER_NAME'); } if (trim($url) != '') { $consumer = $this->_consumer(); $authRequest = $consumer->begin($url); } if (!isset($authRequest) || !$authRequest) { throw new InvalidArgumentException('Invalid OpenID'); } $sregRequest = Auth_OpenID_SRegRequest::build($required, $optional); if ($sregRequest) { $authRequest->addExtension($sregRequest); } if (!$authRequest->shouldSendRedirect()) { $formId = 'openid_message'; $formHtml = $authRequest->formMarkup($realm, $return, false, array('id' => $formId)); if (Auth_OpenID::isFailure($formHtml)) { throw new Exception('Could not redirect to server: ' . $formHtml->message); } echo '<html><head><title>OpenID transaction in progress</title></head>' . "<body onload='document.getElementById(\"{$formId}\").submit()'>" . $formHtml . '</body></html>'; exit; } $redirectUrl = $authRequest->redirectUrl($realm, $return); if (Auth_OpenID::isFailure($redirectUrl)) { throw new Exception('Could not redirect to server: ' . $redirectUrl->message); } $this->_controller->redirect($redirectUrl, null, true); }
public function try_auth($openid) { $url = HttpRequest::getPathUrl(); $nb = strlen($url); $base_url = ''; if ($nb == 0 || $url[$nb - 1] != "/") { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url . "/"; } else { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url; } $trust_root = $base_url; $return_url = $base_url . 'index.php/openid/finish_auth'; $store = new WMySqlStore(DbUtil::accessFactory()); $store->createTables(); $consumer =& new Auth_OpenID_Consumer($store); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Authentication error; not a valid OpenID."); DefaultFC::redirection('users/index'); exit; } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_url); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Could not redirect to server: ") . $redirect_url->message; DefaultFC::redirection('users/index'); exit; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Could not redirect to server: ") . $form_html->message; DefaultFC::redirection('users/index'); exit; } else { print $form_html; } } }
private function issueOpenid2Connexion(Auth_OpenID_AuthRequest $auth_request, $redirect_url) { $form_id = "openid_message"; $form_html = $auth_request->htmlMarkup($this->getTrustRoot(), $this->getReturnTo($redirect_url), false, array('id' => $form_id)); if (Auth_OpenID::isFailure($form_html)) { throw new OpenId_OpenIdException($GLOBALS['Language']->getText('plugin_openid', 'error_openid_connect')); } echo $form_html; }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); $return_to = getReturnTo(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } // add AX request if ($_GET['ax'] == 'true') { $ax_request = new Auth_OpenID_AX_FetchRequest(); global $ax_data; foreach ($ax_data as $ax_key => $ax_data_ns) { // set AX params if ($_GET['ax_' . $ax_key] == 'true') { $ax_request->add(new Auth_OpenID_AX_AttrInfo($ax_data_ns, 1, true, $ax_key)); } } // add extension if ($ax_request) { $auth_request->addExtension($ax_request); } } // add UI extension request if ($_GET['ui'] == 'true') { $UI_request = new OpenID_UI_Request(); // set icon if ($_GET['icon'] == 'true') { $UI_request->setIcon(); } // set lang if ($_GET['lang'] == 'true' && $_GET['pref_lang']) { $UI_request->setLang($_GET['pref_lang']); } // set popup if ($_GET['popup'] == 'true') { $UI_request->setPopup(); $return_to .= "popup=true"; } $auth_request->addExtension($UI_request); } else { if ($_GET['callback'] == "ax") { $return_to .= "callback=ax"; } } $redirect_url = $auth_request->redirectURL(getTrustRoot(), $return_to); if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } }
function _requestAssociation($endpoint, $assoc_type, $session_type) { $m = array_pop($this->return_messages); if (is_a($m, 'Auth_OpenID_Message')) { return Auth_OpenID_ServerErrorContainer::fromMessage($m); } else { if (Auth_OpenID::isFailure($m)) { return $m; } else { return $m; } } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("认证错误,不是有效的OpenID。"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('gender')); //'nickname','fullname', 'email', 'dob','gender','postcode','country','language','timezone' if ($sreg_request) { $auth_request->addExtension($sreg_request); } /*NOTE:目前还很少有网站要用到PAPE这个功能 $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } */ // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("不能跳转到: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("不能跳转到: " . $form_html->message); } else { print $form_html; } } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError(_CORE_OID_URL_INVALID); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = isset($_GET['policies']) ? filter_var($_GET['policies'], FILTER_SANITIZE_URL) : NULL; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { //displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header('Location: ' . $redirect_url); exit; } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError(sprintf(_CORE_OID_REDIRECT_FAILED, $form_html->message)); } else { $page_contents = array("<html><head><title>", _CORE_OID_INPROGRESS, "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); } } }
function fromSuccessResponse(&$success_response, $signed_only = true) { $obj = new Auth_OpenID_OAuthResponse(); $obj->ns_uri = Auth_OpenID_OAUTH_NS_URI; if ($signed_only) { $args = $success_response->getSignedNS($obj->ns_uri); } else { $args = $success_response->message->getArgs($obj->ns_uri); } if ($args === null || Auth_OpenID::isFailure($args)) { return null; } $obj->authorized_request_token = new OAuthToken($args['request_token'], ''); return $obj; }
/** * @Route("/login", name="progrupa_3dwarehouse_auth_init") * @Template */ public function authInitAction(Request $request) { if ($request->getMethod() == Request::METHOD_POST) { $openid = $request->get('sketchup_openid'); $consumer = new \Auth_OpenID_Consumer(new \Auth_OpenID_FileStore(sys_get_temp_dir())); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { return ['error' => "Authentication error; not a valid OpenID."]; } $sreg_request = \Auth_OpenID_SRegRequest::build(['email'], []); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = null; $pape_request = new \Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an erro message. if (\Auth_OpenID::isFailure($redirect_url)) { return ['error' => "Could not redirect to server: " . $redirect_url->message]; } else { // Send redirect. return new RedirectResponse($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated otherwise, render the HTML. if (\Auth_OpenID::isFailure($form_html)) { return ['error' => "Could not redirect to server: " . $form_html->message]; } else { return new Response($form_html); } } } return []; }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); } } }
/** * Send the user to their OpenID provider to authenticate. * * @param Auth_OpenID_AuthRequest $auth_request OpenID authentication request object * @param string $trust_root OpenID trust root * @param string $return_to URL where the OpenID provider should return the user */ function openid_redirect($auth_request, $trust_root, $return_to) { do_action('openid_redirect', $auth_request, $trust_root, $return_to); $message = $auth_request->getMessage($trust_root, $return_to, false); if (Auth_OpenID::isFailure($message)) { return openid_error('Could not redirect to server: ' . $message->message); } $_SESSION['openid_return_to'] = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); // send 302 redirect or POST if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_to); wp_redirect($redirect_url); } else { openid_repost($auth_request->endpoint->server_url, $message->toPostArgs()); } }
function make_request() { //get openid identifier URL if (empty($_GET['openid_url'])) { $error = "Expected an OpenID URL."; print $error; exit(0); } $openid = $_GET['openid_url']; $consumer = get_consumer(); //begin openid authentication $auth_request = $consumer->begin($openid); //no authentication available if (!$auth_request) { echo "Authentication error; not a valid OpenID."; } //add openid extensions to the request $auth_request->addExtension(attach_ax()); //attribute exchange $auth_request->addExtension(attach_sreg()); //simple registration $auth_request->addExtension(attach_pape()); //pape policies $return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE); $trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF'])); //openid v1 - send through redirect if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_url); //if no redirect available display error message, else redirect if (Auth_OpenID::isFailure($redirect_url)) { print "Could not redirect to server: " . $redirect_url->message; } else { header("Location: " . $redirect_url); } //openid v2 - use javascript form to send POST to server } else { //build form markup $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id)); //if markup cannot be built display error, else render form if (Auth_OpenID::isFailure($form_html)) { print "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } }
public static function login(Request &$request) { Pea::begin_loose_syntax(); require_once 'Auth/OpenID/Consumer.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/PAPE.php'; if ($request->in_vars('openid_url') != "" || $request->in_vars('openid_verify')) { Log::debug("begin openid auth: " . $request->in_vars('openid_url')); // OpenID Auth $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore(work_path('openid'))); if ($request->is_vars('openid_verify')) { $response = $consumer->complete($request->request_url()); if ($response->status == Auth_OpenID_SUCCESS) { return $response->getDisplayIdentifier(); } } else { $auth_request = $consumer->begin($request->in_vars('openid_url')); if (!$auth_request) { throw new RuntimeException('invalid openid url'); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(url(), $request->request_url(false) . '?openid_verify=true'); if (Auth_OpenID::isFailure($redirect_url)) { throw new RuntimeException("Could not redirect to server: {$redirect_url->message}"); } else { $request->redirect($redirect_url); } } else { $form_html = $auth_request->htmlMarkup(url(), $request->request_url(false) . '?openid_verify=true', false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { throw new RuntimeException("Could not redirect to server: {$form_html->message}"); } else { echo $form_html; exit; } } } } Pea::end_loose_syntax(); return null; }
function openid_try($url) { $store = new Auth_OpenID_MySQLStore(theDb()); $store->createTables(); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($url); if (!$auth_request) { $_SESSION["auth_error"] = "Error: not a valid OpenID."; header("Location: ./"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Attribute Exchange (Google ignores Simple Registration) // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { die("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { // check for new install, if no, go to index, else goto new-install page require_once 'CRM/Core/BAO/UFMatch.php'; $contactIds = CRM_Core_BAO_UFMatch::getContactIDs(); if (count($contactIds) > 0) { displayError("Authentication error; not a valid OpenID."); } else { $session =& CRM_Core_Session::singleton(); $session->set('new_install', true); include 'new_install.html'; exit(1); } } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = null; if (isset($_REQUEST['policies'])) { $policy_uris = $_REQUEST['policies']; } $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); exit(2); } }
function run_try_auth() { global $authSource; $openid = $_GET['openid_url']; $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build($authSource->getRequiredAttributes(), $authSource->getOptionalAttributes()); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { header("Location: " . $redirect_url); // Send redirect. } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; } } }
private function begin($openid = NULL) { $store = new Auth_OpenID_FileStore($this->store_path); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($openid); if (!$auth_request) { throw new Exception(__('Authentication error: not a valid OpenID.')); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $pape_request = new Auth_OpenID_PAPE_Request(); if ($pape_request) { $auth_request->addExtension($pape_request); } // Build the redirect URL with the return page included $redirect_url = URL::site('openid/finish?return_to=' . Arr::get($_REQUEST, 'return_to', ''), TRUE); // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the response. // For OpenID 1, send a redirect: if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(URL::base(TRUE, TRUE), $redirect_url); if (Auth_OpenID::isFailure($redirect_url)) { throw new Exception(__('Could not redirect to server:') . ' ' . $redirect_url->message); } $this->request->redirect($redirect_url); } else { // the OpenID library will return a full html document // Auth_OpenID::autoSubmitHTML will wrap the form in body and html tags // see: mobules/openid/vendor/Auth/OpenID/Consumer.php $form_html = $auth_request->htmlMarkup(URL::base(TRUE, TRUE), $redirect_url, false, array('id' => 'openid_message')); // We just want the form HTML, so strip out the form $form_html = preg_replace('/^.*<html.*<form/im', '<form', $form_html); $form_html = preg_replace('/<\\/body>.*/im', '', $form_html); if (Auth_OpenID::isFailure($form_html)) { throw new Exception(__('Could not redirect to server:') . ' ' . $form_html->message); } $this->template->content->form = $form_html; } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID." . "\n OpenID::" . $openid); } $oauth_req = new Auth_OpenID_OAuthRequest(CONSUMER_KEY); $auth_request->addExtension($oauth_req); // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
/** * Returns null and sets a flash message on all errors. **/ static function beginAuth($openid, $policyUris) { $consumer = self::getConsumer(); $auth_request = $consumer->begin($openid); if (!$auth_request) { FlashMessage::add('Ați introdus un OpenID incorect.'); return null; } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo()); if (Auth_OpenID::isFailure($redirect_url)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message); return null; } else { header("Location: {$redirect_url}"); exit; } } else { $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message); return null; } else { print $form_html; } } }
public function googleAction() { $consumer = $this->getGoogleConsumer(); $url = 'https://www.google.com/accounts/o8/id'; $auth_request = $consumer->begin($url); if (!$auth_request) { return $this->alert('Authentication error, not a valid OpenID', '/'); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $auth_request->addExtension($ax); $pape_request = new Auth_OpenID_PAPE_Request(null); $auth_request->addExtension($pape_request); $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup('http://' . $_SERVER['HTTP_HOST'], 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone', false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->alert("Could not redirect to server: " . $form_html->message, '/'); } else { print $form_html; return $this->noview(); } }
/** * Perform first pass through login handler routine * * @access private * @return mixed Boolean on failure else output/redirect */ private function _doFirstPass() { //----------------------------------------- // Do the same cleaning we do when storing url //----------------------------------------- $url = trim($this->request['openid_url']); $url = rtrim($url, "/"); if (!strpos($url, 'http://') === 0 and !strpos($url, 'https://') === 0) { $url = 'http://' . $url; } if (!IPSText::xssCheckUrl($url)) { $this->auth_errors[] = 'bad_url'; $this->return_code = 'WRONG_AUTH'; return false; } $consumer = $this->_getConsumer(); if (!is_object($consumer)) { return false; } //----------------------------------------- // Store some of the input data.. //----------------------------------------- $id = md5(uniqid(mt_rand(), true)); $this->DB->delete('openid_temp', "fullurl='" . $url . "'"); $this->DB->insert('openid_temp', array('id' => $id, 'referrer' => $this->request['referer'], 'cookiedate' => intval($this->request['rememberMe']), 'privacy' => intval($this->request['anonymous']), 'fullurl' => $url)); //----------------------------------------- // Set the URLs //----------------------------------------- $openid = $url; if ($this->is_admin_auth) { $process_url = $this->settings['base_url'] . 'app=core&module=login&do=login-complete&firstpass=1&myopenid=' . $id; } else { $process_url = $this->settings['base_url'] . 'app=core&module=global§ion=login&do=process&firstpass=1&myopenid=' . $id; } $trust_root = strpos($this->settings['base_url'], '.php') !== false ? substr($this->settings['base_url'], 0, strpos($this->settings['base_url'], '.php') + 4) : $this->settings['base_url']; $policy_url = $this->openid_config['openid_policy']; //----------------------------------------- // Begin OpenID Auth //----------------------------------------- $auth_request = $consumer->begin($openid); if (!$auth_request) { $this->return_code = 'WRONG_OPENID'; $this->auth_errors[] = 'bad_request'; return false; } //----------------------------------------- // Set required, optional, policy attribs //----------------------------------------- $sreg_request = Auth_OpenID_SRegRequest::build(explode(',', $this->openid_config['args_req']), explode(',', $this->openid_config['args_opt']), $policy_url); if ($sreg_request) { $auth_request->addExtension($sreg_request); } //----------------------------------------- // Redirect user //----------------------------------------- $redirect_url = $auth_request->redirectURL($trust_root, $process_url); if ($this->request['module'] == 'ajax') { require_once IPS_KERNEL_PATH . 'classAjax.php'; $ajax = new classAjax(); $ajax->returnJsonArray(array('url' => $redirect_url)); } // If the redirect URL can't be built, try HTML inline if (!Auth_OpenID::isFailure($redirect_url)) { header("Location: " . $redirect_url); exit; } else { $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; if (Auth_OpenID::isFailure($form_html)) { $this->return_code = 'WRONG_AUTH'; $this->auth_errors[] = 'bad_request'; return false; } else { $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); exit; } } }
/** * Create a C{L{SRegResponse}} object from a successful OpenID * library response * (C{L{openid.consumer.consumer.SuccessResponse}}) response * message * * success_response: A SuccessResponse from consumer.complete() * * signed_only: Whether to process only data that was * signed in the id_res message from the server. * * Returns a simple registration response containing the data that * was supplied with the C{id_res} response. */ function fromSuccessResponse(&$success_response, $signed_only = true) { global $Auth_OpenID_sreg_data_fields; $obj = new Auth_OpenID_SRegResponse(); $obj->ns_uri = $obj->_getSRegNS($success_response->message); if ($signed_only) { $args = $success_response->getSignedNS($obj->ns_uri); } else { $args = $success_response->message->getArgs($obj->ns_uri); } if ($args === null || Auth_OpenID::isFailure($args)) { return null; } foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) { if (in_array($field_name, array_keys($args))) { $obj->data[$field_name] = $args[$field_name]; } } return $obj; }
/** * Show the "login" page * * @return string Returns the "login" page as HTML code. */ public function login() { try { if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) { return parent::login(); } $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } if (!Director::is_https()) { OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']); } // Begin the OpenID authentication process. $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL); //remove jainrain nonce unset($auth_request->return_to_args['janrain_nonce']); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("The OpenID authentication failed."); } if (Auth_OpenID_supportsSReg($auth_request->endpoint)) { //SREG $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } } else { //AX // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); } //Redirect the user to the OpenID server for authentication . // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { echo "Could not redirect to server: " . $redirect_url->message; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { echo "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } exit; } catch (Exception $ex) { SS_Log::log($ex, SS_Log::WARN); Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); return $this->redirect("Security/badlogin"); } }
/** * Returns URL to which user can be directed for * authentication via CS50 ID. * * @param trust_root URL that CS50 ID should prompt user to trust * @param return_to URL to which CS50 ID should return user * @param fields Simple Registration fields to request from CS50 ID * @param attributes Attribute Exchange attributes to request from CS50 ID * * @return URL for CS50 ID */ public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = []) { // ignore Janrain's use of deprecated functions $error_reporting = error_reporting(); error_reporting($error_reporting & ~E_DEPRECATED); // load Janrain's libary set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0"); require_once "Auth/OpenID/AX.php"; require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; // ensure $_SESSION exists for Yadis @session_start(); // prepare filesystem-based store $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to); @mkdir($path, 0700); if (!is_dir($path)) { trigger_error("Could not create {$path}", E_USER_ERROR); } if (!is_readable($path)) { trigger_error("Could not read from {$path}", E_USER_ERROR); } if (!is_writable($path)) { trigger_error("Could not write to {$path}", E_USER_ERROR); } $store = new Auth_OpenID_FileStore($path); // prepare request $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin("https://id.cs50.net/"); // request Simple Registration fields if (is_array($fields) && count($fields) > 0) { $sreg_request = Auth_OpenID_SRegRequest::build(null, $fields); $auth_request->addExtension($sreg_request); } // request Attribute Exchange attributes if (is_array($attributes) && count($attributes) > 0) { $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($attributes as $attribute) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false)); } $auth_request->addExtension($ax_request); } // generate URL for redirection $redirect_url = $auth_request->redirectURL($trust_root, $return_to); // restore error_reporting error_reporting($error_reporting); // return URL unless error if (Auth_OpenID::isFailure($redirect_url)) { trigger_error($redirect_url->message); return false; } else { return $redirect_url; } }
function defaultDecoder($message) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); if (Auth_OpenID::isFailure($mode)) { return new Auth_OpenID_ServerError($message, $mode->message); } return new Auth_OpenID_ServerError($message, sprintf("Unrecognized OpenID mode %s", $mode)); }
$redirect_url = $auth_request->redirectURL($POD->siteRoot(false) . '/openid', $POD->siteRoot(false) . '/openid?mode=verify'); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $POD->addMessage("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); exit; } } else { $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($POD->siteRoot(false), $POD->siteRoot(false) . '/openid?mode=verify', false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $POD->addMessage("Could not redirect to server: " . $form_html->message); } else { print $form_html; exit; } } } } if ($_GET['mode'] == "verify") { // did I just succeed in verifying an openid? $consumer = getConsumer($POD); // Complete the authentication process using the server's // response. $return_to = $POD->siteRoot(false) . '/openid?mode=verify'; $response = $consumer->complete($return_to);
/** * login_do action implementation. * * @access public * @return string forward name. */ public function perform() { require_once 'Auth/OpenID.php'; require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; require_once "Auth/OpenID/PAPE.php"; $store_path = $this->backend->getController()->getDirectory('tmp') . "/openid_filestore"; $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore($store_path)); $auth_request = $consumer->begin($this->af->get('url')); if (!$auth_request) { $this->ae->add(null, "OpenID が不正です"); return 'login'; } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array()); if ($sreg_request) { $auth_request->addExtension($sreg_request); } if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->config->get('url'), $this->config->get('url') . "login_finish"); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $this->ae->add(null, "Could not redirect to server: " . $redirect_url->message); return 'login'; } else { return array('redirect', $redirect_url); } } else { // Generate form markup and render it. $form_html = $auth_request->formMarkup($this->config->get('url'), $this->config->get('url') . "login_finish", false, array('id' => 'openid_form')); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->ae->add(null, "Could not redirect to server: " . $form_html->message); return 'login'; } else { return array('login_do', $form_html); } } return 'login_do'; }