/**
* Show the "login" page
*
* @return string Returns the "login" page as HTML code.
*/
public function login()
{
try {
if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) {
return parent::login();
}
$member = Member::currentUser();
if ($member) {
// user is already logged in
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
if (!Director::is_https()) {
OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']);
}
// Begin the OpenID authentication process.
$auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL);
//remove jainrain nonce
unset($auth_request->return_to_args['janrain_nonce']);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
throw new Exception("The OpenID authentication failed.");
}
if (Auth_OpenID_supportsSReg($auth_request->endpoint)) {
//SREG
$sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
} else {
//AX
// Create attribute request object
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
// Usage: make($type_uri, $count=1, $required=false, $alias=null)
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($attribute as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$auth_request->addExtension($ax);
}
//Redirect the user to the OpenID server for authentication .
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
echo "Could not redirect to server: " . $redirect_url->message;
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
echo "Could not redirect to server: " . $form_html->message;
} else {
print $form_html;
}
}
exit;
} catch (Exception $ex) {
SS_Log::log($ex, SS_Log::WARN);
Session::set("Security.Message.message", $ex->getMessage());
Session::set("Security.Message.type", "bad");
return $this->redirect("Security/badlogin");
}
}
function index()
{
try {
$member = Member::currentUser();
if ($member) {
// user is already logged in
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
$consumer = Injector::inst()->get('MyOpenIDConsumer');
$query = Auth_OpenID::getQuery();
$message = Auth_OpenID_Message::fromPostArgs($query);
$nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
$claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp));
// Complete the authentication process using the server's response.
$response = $consumer->complete(OpenStackIdCommon::getReturnTo());
if ($response->status == Auth_OpenID_CANCEL) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL');
SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN);
throw new Exception('The verification was cancelled. Please try again.');
} else {
if ($response->status == Auth_OpenID_FAILURE) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE');
SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN);
throw new Exception("The OpenID authentication failed.");
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS');
$openid = $response->getDisplayIdentifier();
$openid = OpenStackIdCommon::escape($openid);
if ($response->endpoint->canonicalID) {
$openid = escape($response->endpoint->canonicalID);
}
//get user info from openid response
$member = null;
list($email, $full_name) = $this->getUserProfileInfo($response);
if (!is_null($email)) {
//try to get user by email
$member = $this->member_repository->findByEmail($email);
}
if (!$member) {
// or by openid
$member = Member::get()->filter('IdentityURL', $openid)->first();
}
if ($member) {
$result = $member->canLogIn();
if ($result->valid()) {
$member->setIdentityUrl($openid);
$member->write();
$member->LogIn(true);
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
throw new Exception("Inactive User!");
}
throw new Exception("The OpenID authentication failed: can not find user " . $openid);
}
}
}
} catch (Exception $ex) {
Session::set("Security.Message.message", $ex->getMessage());
Session::set("Security.Message.type", "bad");
SS_Log::log($ex, SS_Log::WARN);
return $this->redirect("Security/badlogin");
}
}
