/** * Respond to this request. Return either an * {@link Auth_OpenID_ServerResponse} or * {@link Auth_OpenID_ServerError}. * * @param bool $allow Allow this user to claim this identity, and * allow the consumer to have this information? * * @param string $server_url DEPRECATED. Passing $op_endpoint to * the {@link Auth_OpenID_Server} constructor makes this optional. * * When an OpenID 1.x immediate mode request does not succeed, it * gets back a URL where the request may be carried out in a * not-so-immediate fashion. Pass my URL in here (the fully * qualified address of this server's endpoint, i.e. * http://example.com/server), and I will use it as a base for the * URL for a new request. * * Optional for requests where {@link $immediate} is false or * $allow is true. * * @param string $identity The OP-local identifier to answer with. * Only for use when the relying party requested identifier * selection. * * @param string $claimed_id The claimed identifier to answer * with, for use with identifier selection in the case where the * claimed identifier and the OP-local identifier differ, * i.e. when the claimed_id uses delegation. * * If $identity is provided but this is not, $claimed_id will * default to the value of $identity. When answering requests * that did not ask for identifier selection, the response * $claimed_id will default to that of the request. * * This parameter is new in OpenID 2.0. * * @return mixed */ function answer($allow, $server_url = null, $identity = null, $claimed_id = null) { if (!$this->return_to) { return new Auth_OpenID_NoReturnToError(); } if (!$server_url) { if (!$this->message->isOpenID1() && !$this->server->op_endpoint) { return new Auth_OpenID_ServerError(null, "server should be constructed with op_endpoint to " . "respond to OpenID 2.0 messages."); } $server_url = $this->server->op_endpoint; } if ($allow) { $mode = 'id_res'; } else { if ($this->message->isOpenID1()) { if ($this->immediate) { $mode = 'id_res'; } else { $mode = 'cancel'; } } else { if ($this->immediate) { $mode = 'setup_needed'; } else { $mode = 'cancel'; } } } if (!$this->trustRootValid()) { return new Auth_OpenID_UntrustedReturnURL(null, $this->return_to, $this->trust_root); } $response = new Auth_OpenID_ServerResponse($this); if ($claimed_id && $this->message->isOpenID1()) { return new Auth_OpenID_ServerError(null, "claimed_id is new in OpenID 2.0 and not " . "available for " . $this->namespace); } if ($identity && !$claimed_id) { $claimed_id = $identity; } if ($allow) { if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) { if (!$identity) { return new Auth_OpenID_ServerError(null, "This request uses IdP-driven identifier selection. " . "You must supply an identifier in the response."); } $response_identity = $identity; $response_claimed_id = $claimed_id; } else { if ($this->identity) { if ($identity && $this->identity != $identity) { $fmt = "Request was for %s, cannot reply with identity %s"; return new Auth_OpenID_ServerError(null, sprintf($fmt, $this->identity, $identity)); } $response_identity = $this->identity; $response_claimed_id = $this->claimed_id; } else { if ($identity) { return new Auth_OpenID_ServerError(null, "This request specified no identity and " . "you supplied " . $identity); } $response_identity = null; } } if ($this->message->isOpenID1() && $response_identity === null) { return new Auth_OpenID_ServerError(null, "Request was an OpenID 1 request, so response must " . "include an identifier."); } $response->fields->updateArgs(Auth_OpenID_OPENID_NS, array('mode' => $mode, 'return_to' => $this->return_to, 'response_nonce' => Auth_OpenID_mkNonce())); if (!$this->message->isOpenID1()) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'op_endpoint', $server_url); } if ($response_identity !== null) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'identity', $response_identity); if ($this->message->isOpenID2()) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', $response_claimed_id); } } } else { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'mode', $mode); if ($this->immediate) { if ($this->message->isOpenID1() && !$server_url) { return new Auth_OpenID_ServerError(null, 'setup_url is required for $allow=false \\ in OpenID 1.x immediate mode.'); } $setup_request = new Auth_OpenID_CheckIDRequest($this->identity, $this->return_to, $this->trust_root, false, $this->assoc_handle, $this->server, $this->claimed_id); $setup_request->message = $this->message; $setup_url = $setup_request->encodeToURL($server_url); if ($setup_url === null) { return new Auth_OpenID_NoReturnToError(); } $response->fields->setArg(Auth_OpenID_OPENID_NS, 'user_setup_url', $setup_url); } } return $response; }
function answer($allow, $server_url = null) { if ($allow || $this->immediate) { $mode = 'id_res'; } else { $mode = 'cancel'; } $response = new Auth_OpenID_CheckIDResponse($this, $mode); if ($allow) { $response->fields['identity'] = $this->identity; $response->fields['return_to'] = $this->return_to; if (!$this->trustRootValid()) { return new Auth_OpenID_UntrustedReturnURL($this->return_to, $this->trust_root); } } else { $response->signed = array(); if ($this->immediate) { if (!$server_url) { return new Auth_OpenID_ServerError(null, 'setup_url is required for $allow=false \\ in immediate mode.'); } $setup_request = new Auth_OpenID_CheckIDRequest($this->identity, $this->return_to, $this->trust_root, false, $this->assoc_handle); $setup_url = $setup_request->encodeToURL($server_url); $response->fields['user_setup_url'] = $setup_url; } } return $response; }