예제 #1
0
 public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
 {
     try {
         $simple_reg_request = new OpenIdSREGRequest($request->getMessage());
         if (!$simple_reg_request->isValid()) {
             return;
         }
         $response->addParam(self::paramNamespace(), self::NamespaceUrl);
         $attributes = $simple_reg_request->getRequiredAttributes();
         $opt_attributes = $simple_reg_request->getOptionalAttributes();
         $attributes = array_merge($attributes, $opt_attributes);
         $user = $this->auth_service->getCurrentUser();
         foreach ($attributes as $attr => $value) {
             $context->addSignParam(self::param($attr));
             if ($attr == self::Email) {
                 $response->addParam(self::param($attr), $user->getEmail());
             }
             if ($attr == self::Country) {
                 $response->addParam(self::param($attr), $user->getCountry());
             }
             if ($attr == self::Nickname || $attr == self::FullName) {
                 $response->addParam(self::param($attr), $user->getFullName());
             }
             if ($attr == self::Language) {
                 $response->addParam(self::param($attr), $user->getLanguage());
             }
         }
     } catch (Exception $ex) {
         $this->log_service->error($ex);
     }
 }
 /**
  * @param ResponseContext $context
  * @param $macAlg
  * @param $secret
  * @param OpenIdPositiveAssertionResponse $response
  */
 public static function build(ResponseContext $context, $macAlg, $secret, OpenIdPositiveAssertionResponse &$response)
 {
     //do signing ...
     $signed = '';
     $data = '';
     $params = $context->getSignParams();
     foreach ($params as $key) {
         if (strpos($key, 'openid.') == 0) {
             $val = $response[$key];
             $key = substr($key, strlen('openid.'));
             if (!empty($signed)) {
                 $signed .= ',';
             }
             $signed .= $key;
             $data .= $key . ':' . $val . "\n";
         }
     }
     $signed .= ',signed';
     $data .= 'signed:' . $signed . "\n";
     $sig = base64_encode(OpenIdCryptoHelper::computeHMAC($macAlg, $data, $secret));
     $response->setSigned($signed);
     $response->setSig($sig);
 }
예제 #3
0
 public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
 {
     try {
         $ax_request = new OpenIdAXRequest($request->getMessage());
         if (!$ax_request->isValid()) {
             return;
         }
         $response->addParam(self::paramNamespace(), self::NamespaceUrl);
         $response->addParam(self::param(self::Mode), self::FetchResponse);
         $context->addSignParam(self::param(self::Mode));
         $attributes = $ax_request->getRequiredAttributes();
         $user = $this->auth_service->getCurrentUser();
         foreach ($attributes as $attr) {
             $response->addParam(self::param(self::Type) . "." . $attr, self::$available_properties[$attr]);
             $context->addSignParam(self::param(self::Type) . "." . $attr);
             $context->addSignParam(self::param(self::Value) . "." . $attr);
             if ($attr == "email") {
                 $response->addParam(self::param(self::Value) . "." . $attr, $user->getEmail());
             }
             if ($attr == "country") {
                 $response->addParam(self::param(self::Value) . "." . $attr, $user->getCountry());
             }
             if ($attr == "firstname") {
                 $response->addParam(self::param(self::Value) . "." . $attr, $user->getFirstName());
             }
             if ($attr == "lastname") {
                 $response->addParam(self::param(self::Value) . "." . $attr, $user->getLastName());
             }
             if ($attr == "language") {
                 $response->addParam(self::param(self::Value) . "." . $attr, $user->getLanguage());
             }
         }
     } catch (Exception $ex) {
         $this->log_service->error($ex);
     }
 }
 /**
  * Create Positive Identity Assertion
  * implements http://openid.net/specs/openid-authentication-2_0.html#positive_assertions
  * @return OpenIdPositiveAssertionResponse
  * @throws InvalidAssociationTypeException
  */
 private function doAssertion()
 {
     $currentUser = $this->auth_service->getCurrentUser();
     $context = new ResponseContext();
     //initial signature params
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Nonce));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_AssocHandle));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId));
     $context->addSignParam(OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity));
     $op_endpoint = $this->server_configuration_service->getOPEndpointURL();
     $identity = $this->server_configuration_service->getUserIdentityEndpointURL($currentUser->getIdentifier());
     $nonce = $this->nonce_service->generateNonce();
     $realm = $this->current_request->getRealm();
     $response = new OpenIdPositiveAssertionResponse($op_endpoint, $identity, $identity, $this->current_request->getReturnTo(), $nonce->getRawFormat(), $realm);
     foreach ($this->extensions as $ext) {
         $ext->prepareResponse($this->current_request, $response, $context);
     }
     //check former assoc handle...
     if (is_null($assoc_handle = $this->current_request->getAssocHandle()) || is_null($association = $this->association_service->getAssociation($assoc_handle))) {
         //create private association ...
         $association = $this->association_service->addAssociation(AssociationFactory::getInstance()->buildPrivateAssociation($realm, $this->server_configuration_service->getConfigValue("Private.Association.Lifetime")));
         $response->setAssocHandle($association->getHandle());
         if (!empty($assoc_handle)) {
             $response->setInvalidateHandle($assoc_handle);
         }
     } else {
         if ($association->getType() != IAssociation::TypeSession) {
             throw new InvalidAssociationTypeException(OpenIdErrorMessages::InvalidAssociationTypeMessage);
         }
         $response->setAssocHandle($assoc_handle);
     }
     //create signature ...
     OpenIdSignatureBuilder::build($context, $association->getMacFunction(), $association->getSecret(), $response);
     /*
      * To prevent replay attacks, the OP MUST NOT issue more than one verification response for each
      * authentication response it had previously issued. An authentication response and its matching
      * verification request may be identified by their "openid.response_nonce" values.
      * so associate $nonce with signature and realm
      */
     $this->nonce_service->associateNonce($nonce, $response->getSig(), $realm);
     //do cleaning ...
     $this->memento_service->clearCurrentRequest();
     $this->auth_service->clearUserAuthorizationResponse();
     return $response;
 }
예제 #5
0
 /**
  * @param OpenIdRequest $request
  * @param OpenIdResponse $response
  * @param ResponseContext $context
  * @return mixed|void
  */
 public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
 {
     try {
         $oauth2_request = new OpenIdOAuth2Request($request->getMessage());
         if (!$oauth2_request->isValid()) {
             return;
         }
         //get auth code
         $oauth2_msg = new OAuth2Message(array(OAuth2Protocol::OAuth2Protocol_ClientId => $oauth2_request->getClientId(), OAuth2Protocol::OAuth2Protocol_Scope => $oauth2_request->getScope(), OAuth2Protocol::OAuth2Protocol_RedirectUri => $request->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo), OAuth2Protocol::OAuth2Protocol_State => $oauth2_request->getState(), OAuth2Protocol::OAuth2Protocol_Approval_Prompt => $oauth2_request->getApprovalPrompt(), OAuth2Protocol::OAuth2Protocol_AccessType => $oauth2_request->getAccessType(), OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType_Code));
         // do oauth2 Authorization Code Grant 1st step (get auth code to exchange for an access token)
         // http://tools.ietf.org/html/rfc6749#section-4.1
         $oauth2_response = $this->oauth2_protocol->authorize(new OAuth2AuthorizationRequest($oauth2_msg));
         if (get_class($oauth2_response) == 'oauth2\\responses\\OAuth2AuthorizationResponse') {
             //add namespace
             $response->addParam(self::paramNamespace(), self::NamespaceUrl);
             $context->addSignParam(self::paramNamespace());
             //add auth code
             $response->addParam(self::param(self::RequestToken), $oauth2_response->getAuthCode());
             $context->addSignParam(self::param(self::RequestToken));
             //add requested scope
             $response->addParam(self::param(self::Scope), $oauth2_response->getScope());
             $context->addSignParam(self::param(self::Scope));
             //add state
             $response->addParam(self::param(self::State), $oauth2_request->getState());
             $context->addSignParam(self::param(self::State));
         }
     } catch (Exception $ex) {
         $this->log_service->error($ex);
         $this->checkpoint_service->trackException($ex);
         //http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html#AuthResp
         /*
          * To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only
          * respond with the parameter "openid.ns.oauth".
          */
         //add namespace
         $response->addParam(self::paramNamespace(), self::NamespaceUrl);
         $context->addSignParam(self::paramNamespace());
     }
 }