public function testTypeKeyFetchExtraDataWithEmail() { if (!ezcBaseFeatures::hasExtensionSupport('gmp')) { $this->markTestSkipped('PHP must be compiled with --with-gmp.'); } $_GET = self::$responseWithEmail; $credentials = new ezcAuthenticationIdCredentials(self::$token); $authentication = new ezcAuthentication($credentials); $filter = new ezcAuthenticationTypekeyFilter(); $filter->lib = ezcAuthenticationMath::createBignumLibrary('gmp'); $authentication->addFilter($filter); $this->assertEquals(true, $authentication->run()); $expected = array('name' => array('ezc'), 'nick' => array('ezctest'), 'email' => array('*****@*****.**')); $this->assertEquals($expected, $filter->fetchData()); }
/** * Creates a new object of this class. * * @throws ezcBaseExtensionNotFoundException * if neither of the PHP gmp and bcmath extensions are installed * @param ezcAuthenticationTypekeyOptions $options Options for this class */ public function __construct(ezcAuthenticationTypekeyOptions $options = null) { $this->options = $options === null ? new ezcAuthenticationTypekeyOptions() : $options; $this->lib = ezcAuthenticationMath::createBignumLibrary(); }
public function testOpenidWrapperAssociateDhSha1Gmp() { if (!ezcBaseFeatures::hasExtensionSupport('openssl')) { $this->markTestSkipped('PHP must be compiled with --with-openssl.'); } if (!ezcBaseFeatures::hasExtensionSupport('gmp')) { $this->markTestSkipped('PHP must be compiled with --with-gmp.'); } $lib = ezcAuthenticationMath::createBignumLibrary('gmp'); $private = $lib->rand(self::$p); $private = $lib->add($private, 1); $public = $lib->powmod(self::$q, $private, self::$p); $params = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.dh_modulus' => urlencode(base64_encode($lib->btwoc(self::$p))), 'openid.dh_gen' => 2, urlencode(base64_encode($lib->btwoc(self::$q))), 'openid.dh_consumer_public' => urlencode(base64_encode($lib->btwoc($public)))); $filter = new ezcAuthenticationOpenidWrapper(); $result = $filter->associate(self::$provider, $params); $this->assertNotEquals(false, $result); $this->assertEquals(true, isset($result['assoc_handle'])); $this->assertEquals(true, isset($result['mac_key'])); }
public function testBcmathBtwocZero() { if (!ezcBaseFeatures::hasExtensionSupport('bcmath')) { $this->markTestSkipped('PHP must be compiled with --enable-bcmath.'); } $lib = ezcAuthenticationMath::createBignumLibrary('bcmath'); $n = $lib->btwoc(0); $this->assertEquals("", $n); }
/** * Runs the filter and returns a status code when finished. * * @throws ezcAuthenticationOpenidModeNotSupportedException * if trying to authenticate with an unsupported OpenID mode * * @param ezcAuthenticationIdCredentials $credentials Authentication credentials * @return int */ public function run($credentials) { $source = $this->options->requestSource; $mode = isset($source['openid_mode']) ? strtolower($source['openid_mode']) : null; switch ($mode) { case null: if (empty($credentials->id)) { return self::STATUS_URL_INCORRECT; } $providers = $this->discover($credentials->id); // @todo add support for multiple URLs in each category if (!isset($providers['openid.server'][0])) { return self::STATUS_URL_INCORRECT; } $provider = $providers['openid.server'][0]; // if a delegate is found, it is used instead of the credentials $identity = isset($providers['openid.delegate'][0]) ? $providers['openid.delegate'][0] : $credentials->id; $host = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : null; $path = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : null; if ($this->options->mode === self::MODE_SMART) { $store = $this->options->store; if ($store !== null) { $association = $store->getAssociation($provider); if ($association === false || time() - $association->issued > $association->validity) { $lib = ezcAuthenticationMath::createBignumLibrary(); $p = self::DEFAULT_P; $q = self::DEFAULT_Q; $private = $lib->rand($p); $public = $lib->powmod($q, $private, $p); $params = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.dh_modulus' => urlencode(base64_encode($lib->btwoc($p))), 'openid.dh_gen' => 2, urlencode(base64_encode($lib->btwoc($q))), 'openid.dh_consumer_public' => urlencode(base64_encode($lib->btwoc($public)))); $result = $this->associate($provider, $params); $secret = isset($result['enc_mac_key']) ? $result['enc_mac_key'] : $result['mac_key']; $association = new ezcAuthenticationOpenidAssociation($result['assoc_handle'], $secret, time(), $result['expires_in'], $result['assoc_type']); $store->storeAssociation($provider, $association); } } } $nonce = $this->generateNonce($this->options->nonceLength); $returnUrl = $this->options->returnUrl; if ($returnUrl === null) { $returnUrl = "http://{$host}{$path}"; } $returnTo = ezcAuthenticationUrl::appendQuery($returnUrl, $this->options->nonceKey, $nonce); $trustRoot = "http://{$host}"; if ($this->options->store !== null) { $this->options->store->storeNonce($nonce); } $params = array('openid.return_to' => urlencode($returnTo), 'openid.trust_root' => urlencode($trustRoot), 'openid.identity' => urlencode($identity)); if (count($this->requestedData) > 0) { $params['openid.sreg.optional'] = implode(',', $this->requestedData); } if ($this->options->mode === self::MODE_SMART) { $store = $this->options->store; if ($store !== null) { $association = $store->getAssociation($provider); if ($association !== false && time() - $association->issued <= $association->validity) { $params['openid.assoc_handle'] = urlencode($association->handle); } } } if ($this->options->immediate === true) { $params['openid.mode'] = 'checkid_immediate'; $response = $this->checkImmediate($provider, $params); if ($response !== false) { $this->setupUrl = $response; return self::STATUS_SETUP_URL; } else { return self::STATUS_URL_INCORRECT; } } else { $params['openid.mode'] = 'checkid_setup'; $this->redirectToOpenidProvider($provider, $params); } break; case 'id_res': $assocHandle = isset($source['openid_assoc_handle']) ? $source['openid_assoc_handle'] : null; $identity = isset($source['openid_identity']) ? $source['openid_identity'] : null; $sig = isset($source['openid_sig']) ? $source['openid_sig'] : null; $signed = isset($source['openid_signed']) ? $source['openid_signed'] : null; $returnTo = isset($source['openid_return_to']) ? $source['openid_return_to'] : null; if ($this->options->store !== null) { $nonce = ezcAuthenticationUrl::fetchQuery($returnTo, $this->options->nonceKey); if ($nonce !== null) { $nonceTimestamp = $this->options->store->useNonce($nonce); if ($nonceTimestamp === false || time() - $nonceTimestamp > $this->options->nonceValidity) { return self::STATUS_NONCE_INCORRECT; } } } $params = array('openid.assoc_handle' => $assocHandle, 'openid.signed' => $signed, 'openid.sig' => $sig, 'openid.mode' => 'id_res'); $signed = explode(',', $signed); for ($i = 0; $i < count($signed); $i++) { $s = str_replace('sreg.', 'sreg_', $signed[$i]); $c = $source['openid_' . $s]; $params['openid.' . $signed[$i]] = isset($params['openid.' . $s]) ? $params['openid.' . $s] : $c; if (strpos($s, 'sreg_') !== false) { $this->data[str_replace('sreg_', '', $s)] = array($c); } } if (isset($source['openid_op_endpoint'])) { // if the endpoint is available then use it, otherwise discover it $provider = $source['openid_op_endpoint']; } else { // @todo cache this somewhere (in the request URL for example) $providers = $this->discover($credentials->id); if (!isset($providers['openid.server'][0])) { return self::STATUS_URL_INCORRECT; } $provider = $providers['openid.server'][0]; } if ($this->options->mode === self::MODE_SMART) { $store = $this->options->store; if ($store !== null) { $association = $store->getAssociation($provider); if ($association !== false && time() - $association->issued <= $association->validity) { if ($this->checkSignatureSmart($association, $params)) { return self::STATUS_OK; } else { return self::STATUS_SIGNATURE_INCORRECT; } } } } // if smart mode didn't succeed continue with the dumb mode as usual $params['openid.mode'] = 'check_authentication'; foreach ($params as $key => $value) { $params[$key] = urlencode($value); } if ($this->checkSignature($provider, $params)) { return self::STATUS_OK; } break; case 'checkid_setup': return self::STATUS_CANCELLED; case 'cancel': return self::STATUS_CANCELLED; default: throw new ezcAuthenticationOpenidModeNotSupportedException($mode); } return self::STATUS_SIGNATURE_INCORRECT; }
/** * Returns an array of parameters for use in an OpenID associate request. * * @return array(string=>array) */ protected function createAssociateRequest() { $lib = ezcAuthenticationMath::createBignumLibrary(); $p = self::DEFAULT_P; $q = self::DEFAULT_Q; $private = $lib->rand($p); $public = $lib->powmod($q, $private, $p); $params = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.dh_modulus' => urlencode(base64_encode($lib->btwoc($p))), 'openid.dh_gen' => 2, urlencode(base64_encode($lib->btwoc($q))), 'openid.dh_consumer_public' => urlencode(base64_encode($lib->btwoc($public)))); return $params; }