function test_returnTo() { $query = array('openid.return_to' => 'return_to'); $message = Auth_OpenID_Message::fromPostArgs($query); $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $message, array('openid.return_to')); $this->assertEquals($resp->getReturnTo(), 'return_to'); }
/** * @access private */ function _doIdRes($query, $endpoint) { $user_setup_url = Auth_OpenID::arrayGet($query, 'openid.user_setup_url'); if ($user_setup_url !== null) { return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } $return_to = Auth_OpenID::arrayGet($query, 'openid.return_to', null); $server_id2 = Auth_OpenID::arrayGet($query, 'openid.identity', null); $assoc_handle = Auth_OpenID::arrayGet($query, 'openid.assoc_handle', null); if ($return_to === null || $server_id2 === null || $assoc_handle === null) { return new Auth_OpenID_FailureResponse($endpoint, "Missing required field"); } if ($endpoint->getServerID() != $server_id2) { return new Auth_OpenID_FailureResponse($endpoint, "Server ID (delegate) mismatch"); } $signed = Auth_OpenID::arrayGet($query, 'openid.signed'); $assoc = $this->store->getAssociation($endpoint->server_url, $assoc_handle); if ($assoc === null) { // It's not an association we know about. Dumb mode is // our only possible path for recovery. if ($this->_checkAuth($query, $endpoint->server_url)) { return new Auth_OpenID_SuccessResponse($endpoint, $query, $signed); } else { return new Auth_OpenID_FailureResponse($endpoint, "Server denied check_authentication"); } } if ($assoc->getExpiresIn() <= 0) { $msg = sprintf("Association with %s expired", $endpoint->server_url); return new Auth_OpenID_FailureResponse($endpoint, $msg); } // Check the signature $sig = Auth_OpenID::arrayGet($query, 'openid.sig', null); if ($sig === null || $signed === null) { return new Auth_OpenID_FailureResponse($endpoint, "Missing argument signature"); } $signed_list = explode(",", $signed); //Fail if the identity field is present but not signed if ($endpoint->identity_url !== null && !in_array('identity', $signed_list)) { $msg = '"openid.identity" not signed'; return new Auth_OpenID_FailureResponse($endpoint, $msg); } $v_sig = $assoc->signDict($signed_list, $query); if ($v_sig != $sig) { return new Auth_OpenID_FailureResponse($endpoint, "Bad signature"); } return Auth_OpenID_SuccessResponse::fromQuery($endpoint, $query, $signed); }