Exemplo n.º 1
0
 /**
  * Initiate an OpenID request
  *
  * @param boolean $allow_sreg Default true
  * @param string $process_url Default empty (will use $CFG->wwwroot)
  * @param array $params Array of extra parameters to append to the request
  */
 function do_request($allow_sreg = true, $process_url = '', $params = array())
 {
     global $CFG, $USER;
     // Create the consumer instance
     $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
     $consumer = new Auth_OpenID_Consumer($store);
     $openid_url = optional_param('openid_url', null);
     if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
         // BJB101206: map Google email addresses to OpenID url
         $tmpemail = $openid_url;
         $openid_url = GOOGLE_OPENID_URL;
         logout_guestuser();
         if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
             $allow_sreg = true;
             // would like to verify email later
             $process_url = $CFG->wwwroot . '/auth/openid/actions.php';
             $USER = $tmpuser;
             $params['openid_tmp_login'] = true;
             // require flag in action.php
             $params['openid_action'] = 'change';
             $params['openid_url'] = $openid_url;
             $params['openid_mode'] = 'switch2openid';
             // arbitrary != null
             //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
         }
     }
     if (!empty($this->config->auth_openid_google_apps_domain)) {
         $openid_url = $this->config->auth_openid_google_apps_domain;
         new GApps_OpenID_Discovery($consumer);
     }
     $authreq = $consumer->begin($openid_url);
     if (!$authreq && $this->is_sso()) {
         $endpoint = new Auth_OpenID_ServiceEndpoint();
         $endpoint->server_url = $openid_url;
         $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
         $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
         $authreq = $consumer->beginWithoutDiscovery($endpoint);
     }
     if (!$authreq) {
         print_error('auth_openid_login_error', 'auth_openid');
     } else {
         // Add any simple registration fields to the request
         if ($allow_sreg === true) {
             $sreg_added = false;
             $req = array();
             $opt = array();
             $privacy_url = null;
             // Required fields
             if (!empty($this->config->openid_sreg_required)) {
                 $req = array_map('trim', explode(',', $this->config->openid_sreg_required));
                 $sreg_added = true;
             }
             // Optional fields
             if (!empty($this->config->openid_sreg_optional)) {
                 $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
                 $sreg_added = true;
             }
             // Privacy statement
             if ($sreg_added && !empty($this->config->openid_privacy_url)) {
                 $privacy_url = $this->config->openid_privacy_url;
             }
             // We call the on_openid_do_request event handler function if it
             // exists. This is called before the simple registration (sreg)
             // extension is added to allow changes to be made to the sreg
             // data fields if required
             if (function_exists('on_openid_do_request')) {
                 on_openid_do_request($authreq);
             }
             // Finally, the simple registration data is added
             if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
                 $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
                 if ($sreg_request) {
                     $authreq->addExtension($sreg_request);
                 }
             }
             if (defined('ADD_AX_SUPPORT')) {
                 $AXattr = array();
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
                 // Create AX fetch request
                 $ax = new Auth_OpenID_AX_FetchRequest();
                 // Add attributes to AX fetch request
                 foreach ($AXattr as $attr) {
                     $ax->add($attr);
                 }
                 // Add AX fetch request to authentication request
                 $authreq->addExtension($ax);
             }
         }
         // Prepare the remaining components for the request
         if (empty($process_url)) {
             $process_url = $CFG->wwwroot . '/login/index.php';
         }
         if (is_array($params) && !empty($params)) {
             $query = '';
             foreach ($params as $key => $val) {
                 $query .= '&' . $key . '=' . $val;
             }
             $process_url .= '?' . substr($query, 1);
         }
         $trust_root = $CFG->wwwroot . '/';
         $_SESSION['openid_process_url'] = $process_url;
         // Finally, redirect to the OpenID provider
         // Check if the server is allowed ...
         if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
             print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
         } elseif ($authreq->shouldSendRedirect()) {
             $redirect_url = $authreq->redirectURL($trust_root, $process_url);
             // If the redirect URL can't be built, display an error message.
             if (Auth_OpenID::isFailure($redirect_url)) {
                 error($redirect_url->message);
             } else {
                 redirect($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $message = $authreq->getMessage($trust_root, $process_url, false);
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($message)) {
                 error($message);
             } else {
                 $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
                 echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
                 exit;
             }
         }
     }
 }
Exemplo n.º 2
0
 /**
  * Initiate an OpenID request
  *
  * @param boolean $allow_sreg Default true
  * @param string $process_url Default empty (will use $CFG->wwwroot)
  * @param array $params Array of extra parameters to append to the request
  */
 function do_request($allow_sreg = true, $process_url = '', $params = array())
 {
     global $CFG;
     // Create the consumer instance
     $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
     $consumer = new Auth_OpenID_Consumer($store);
     // Create our own endpoint and skip the discovery step.
     $endpoint = new Auth_OpenID_ServiceEndpoint();
     $endpoint->server_url = $this->config->openid_sso_url;
     $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
     $endpoint->type_uris = array(Auth_OpenID_OPENID1_NS);
     $authreq = $consumer->beginWithoutDiscovery($endpoint);
     if (!$authreq) {
         error(get_string('auth_openid_login_error', 'auth_openid'));
     } else {
         // Add any simple registration fields to the request
         if ($allow_sreg === true) {
             $sreg_added = false;
             $req = array();
             $opt = array();
             $privacy_url = null;
             // Required fields
             if (!empty($this->config->openid_sreg_required)) {
                 $req = explode(',', $this->config->openid_sreg_required);
                 $sreg_added = true;
             }
             // Optional fields
             if (!empty($this->config->openid_sreg_optional)) {
                 $opt = explode(',', $this->config->openid_sreg_optional);
                 $sreg_added = true;
             }
             // Privacy statement
             if ($sreg_added && !empty($this->config->openid_privacy_url)) {
                 $privacy_url = $this->config->openid_privacy_url;
             }
             // We call the on_openid_do_request event handler function if it
             // exists. This is called before the simple registration (sreg)
             // extension is added to allow changes to be made to the sreg
             // data fields if required
             if (function_exists('on_openid_do_request')) {
                 on_openid_do_request($authreq);
             }
             // Finally, the simple registration data is added
             if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
                 $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
                 if ($sreg_request) {
                     $authreq->addExtension($sreg_request);
                 }
             }
         }
         // Prepare the remaining components for the request
         if (empty($process_url)) {
             $process_url = $CFG->wwwroot . '/login/index.php';
         }
         if (is_array($params) && !empty($params)) {
             $query = '';
             foreach ($params as $key => $val) {
                 $query .= '&' . $key . '=' . $val;
             }
             $process_url .= '?' . substr($query, 1);
         }
         $trust_root = $CFG->wwwroot . '/';
         $_SESSION['openid_process_url'] = $process_url;
         // Finally, redirect to the OpenID provider
         if ($authreq->shouldSendRedirect()) {
             $redirect_url = $authreq->redirectURL($trust_root, $process_url);
             if (Auth_OpenID::isFailure($redirect_url)) {
                 error($redirect_url->message);
             } else {
                 redirect($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $message = $authreq->getMessage($trust_root, $process_url, false);
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($message)) {
                 error($message);
             } else {
                 $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
                 echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
                 exit;
             }
         }
     }
 }