public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context) { try { $ax_request = new OpenIdAXRequest($request->getMessage()); if (!$ax_request->isValid()) { return; } $response->addParam(self::paramNamespace(), self::NamespaceUrl); $response->addParam(self::param(self::Mode), self::FetchResponse); $context->addSignParam(self::param(self::Mode)); $attributes = $ax_request->getRequiredAttributes(); $user = $this->auth_service->getCurrentUser(); foreach ($attributes as $attr) { $response->addParam(self::param(self::Type) . "." . $attr, self::$available_properties[$attr]); $context->addSignParam(self::param(self::Type) . "." . $attr); $context->addSignParam(self::param(self::Value) . "." . $attr); if ($attr == "email") { $response->addParam(self::param(self::Value) . "." . $attr, $user->getEmail()); } if ($attr == "country") { $response->addParam(self::param(self::Value) . "." . $attr, $user->getCountry()); } if ($attr == "firstname") { $response->addParam(self::param(self::Value) . "." . $attr, $user->getFirstName()); } if ($attr == "lastname") { $response->addParam(self::param(self::Value) . "." . $attr, $user->getLastName()); } if ($attr == "language") { $response->addParam(self::param(self::Value) . "." . $attr, $user->getLanguage()); } } } catch (Exception $ex) { $this->log_service->error($ex); } }
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context) { try { $simple_reg_request = new OpenIdSREGRequest($request->getMessage()); if (!$simple_reg_request->isValid()) { return; } $response->addParam(self::paramNamespace(), self::NamespaceUrl); $attributes = $simple_reg_request->getRequiredAttributes(); $opt_attributes = $simple_reg_request->getOptionalAttributes(); $attributes = array_merge($attributes, $opt_attributes); $user = $this->auth_service->getCurrentUser(); foreach ($attributes as $attr => $value) { $context->addSignParam(self::param($attr)); if ($attr == self::Email) { $response->addParam(self::param($attr), $user->getEmail()); } if ($attr == self::Country) { $response->addParam(self::param($attr), $user->getCountry()); } if ($attr == self::Nickname || $attr == self::FullName) { $response->addParam(self::param($attr), $user->getFullName()); } if ($attr == self::Language) { $response->addParam(self::param($attr), $user->getLanguage()); } } } catch (Exception $ex) { $this->log_service->error($ex); } }
/** * Create Positive Identity Assertion * implements http://openid.net/specs/openid-authentication-2_0.html#positive_assertions * @return OpenIdPositiveAssertionResponse * @throws InvalidAssociationTypeException */ private function doAssertion() { $currentUser = $this->auth_service->getCurrentUser(); $context = new ResponseContext(); //initial signature params $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Nonce)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_AssocHandle)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId)); $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity)); $op_endpoint = $this->server_configuration_service->getOPEndpointURL(); $identity = $this->server_configuration_service->getUserIdentityEndpointURL($currentUser->getIdentifier()); $nonce = $this->nonce_service->generateNonce(); $realm = $this->current_request->getRealm(); $response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $this->current_request->getReturnTo(), $nonce->getRawFormat(), $realm); foreach ($this->extensions as $ext) { $ext->prepareResponse($this->current_request, $response, $context); } //check former assoc handle... if (is_null($assoc_handle = $this->current_request->getAssocHandle()) || is_null($association = $this->association_service->getAssociation($assoc_handle))) { //create private association ... $association = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildPrivateAssociation($realm, $this->server_configuration_service->getConfigValue("Private.Association.Lifetime"))); $response->setAssocHandle($association->getHandle()); if (!empty($assoc_handle)) { $response->setInvalidateHandle($assoc_handle); } } else { if ($association->getType() != IAssociation::TypeSession) { throw new InvalidAssociationTypeException(OpenIdErrorMessages::InvalidAssociationTypeMessage); } $response->setAssocHandle($assoc_handle); } //create signature ... OpenIdSignatureBuilder::build($context, $association->getMacFunction(), $association->getSecret(), $response); /* * To prevent replay attacks, the OP MUST NOT issue more than one verification response for each * authentication response it had previously issued. An authentication response and its matching * verification request may be identified by their "openid.response_nonce" values. * so associate $nonce with signature and realm */ $this->nonce_service->associateNonce($nonce, $response->getSig(), $realm); //do cleaning ... $this->memento_service->clearCurrentRequest(); $this->auth_service->clearUserAuthorizationResponse(); return $response; }
/** * @param OpenIdRequest $request * @param OpenIdResponse $response * @param ResponseContext $context * @return mixed|void */ public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context) { try { $oauth2_request = new OpenIdOAuth2Request($request->getMessage()); if (!$oauth2_request->isValid()) { return; } //get auth code $oauth2_msg = new OAuth2Message(array(OAuth2Protocol::OAuth2Protocol_ClientId => $oauth2_request->getClientId(), OAuth2Protocol::OAuth2Protocol_Scope => $oauth2_request->getScope(), OAuth2Protocol::OAuth2Protocol_RedirectUri => $request->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo), OAuth2Protocol::OAuth2Protocol_State => $oauth2_request->getState(), OAuth2Protocol::OAuth2Protocol_Approval_Prompt => $oauth2_request->getApprovalPrompt(), OAuth2Protocol::OAuth2Protocol_AccessType => $oauth2_request->getAccessType(), OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType_Code)); // do oauth2 Authorization Code Grant 1st step (get auth code to exchange for an access token) // http://tools.ietf.org/html/rfc6749#section-4.1 $oauth2_response = $this->oauth2_protocol->authorize(new OAuth2AuthorizationRequest($oauth2_msg)); if (get_class($oauth2_response) == 'oauth2\\responses\\OAuth2AuthorizationResponse') { //add namespace $response->addParam(self::paramNamespace(), self::NamespaceUrl); $context->addSignParam(self::paramNamespace()); //add auth code $response->addParam(self::param(self::RequestToken), $oauth2_response->getAuthCode()); $context->addSignParam(self::param(self::RequestToken)); //add requested scope $response->addParam(self::param(self::Scope), $oauth2_response->getScope()); $context->addSignParam(self::param(self::Scope)); //add state $response->addParam(self::param(self::State), $oauth2_request->getState()); $context->addSignParam(self::param(self::State)); } } catch (Exception $ex) { $this->log_service->error($ex); $this->checkpoint_service->trackException($ex); //http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html#AuthResp /* * To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only * respond with the parameter "openid.ns.oauth". */ //add namespace $response->addParam(self::paramNamespace(), self::NamespaceUrl); $context->addSignParam(self::paramNamespace()); } }