/** * Returns an OpenID response indicating a negative assertion to a * checkid_immediate request, where the user has not logged in. * * @param Request $request the OpenID request * @param int $result the authentication result providing the negative * assertion * @return Response an OpenID response with a negative assertion * @link http://openid.net/specs/openid-authentication-1_1.html#anchor17, http://openid.net/specs/openid-authentication-1_1.html#anchor23, http://openid.net/specs/openid-authentication-2_0.html#negative_assertions */ protected function createLoginRequiredResponse($request, $result = self::CHECKID_LOGIN_REQUIRED) { $response = new Response($request); if ($request->getVersion() == Message::OPENID_VERSION_2) { $response['mode'] = 'setup_needed'; } else { $token = new SecurityToken(); $state = array('rq' => $request->toArray()); $query = $result == self::CHECKID_REENTER_CREDENTIALS ? 'mode=' . AuthManager::MODE_REENTER_CREDENTIALS : ''; $response->setArray(array('mode' => 'id_res', 'user_setup_url' => $this->getCanonicalURL('auth/login/continue/' . rawurlencode($token->generate($state)), $query))); } $this->mgr->invokeAll('openIDResponse', false, $request, $response); $this->logger->log(LogLevel::INFO, 'OpenID authentication response', $response->toArray()); return $response; }