Exemplo n.º 1
0
/**
 * Handle a standard OpenID server request
 */
function action_default()
{
    global $store;
    $server =& getServer();
    $method = $_SERVER['REQUEST_METHOD'];
    /*$request = null;
      if ($method == 'GET') {
          $request = $_GET;
      } else {
          $request = $_POST;
      } */
    $request = $server->decodeRequest();
    if (!$request) {
        return "";
        //about_render();
    }
    setRequestInfo($request);
    if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
        $identity = getLoggedInUser();
        if (isTrusted($identity, $request->trust_root, $request->return_to)) {
            if ($request->message->isOpenID1()) {
                $response =& $request->answer(true);
            } else {
                $response =& $request->answer(true, false, getServerURL(), $identity);
            }
        } else {
            if ($request->immediate) {
                $response =& $request->answer(false, getServerURL());
            } else {
                if (!getLoggedInUser()) {
                    $_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery());
                    system_message(elgg_echo('openid_server:not_logged_in'));
                    forward('login');
                }
                return trust_render($request);
            }
        }
        addSregFields(&$response);
    } else {
        $response =& $server->handleRequest($request);
    }
    $webresponse =& $server->encodeResponse($response);
    foreach ($webresponse->headers as $k => $v) {
        header("{$k}: {$v}");
    }
    header(header_connection_close);
    print $webresponse->body;
    exit(0);
}
Exemplo n.º 2
0
	/**
	 * Decodes a query args array into the appropriate
	 * {@link Auth_OpenID_Request} object.
	 */
	function decodeRequest($query=null)
	{
		if ($query === null) {
			$query = Auth_OpenID::getQuery();
		}

		return $this->decoder->decode($query);
	}
Exemplo n.º 3
0
 /**
  * Called to interpret the server's response to an OpenID
  * request. It is called in step 4 of the flow described in the
  * consumer overview.
  *
  * @param string $current_url The URL used to invoke the application.
  * Extract the URL from your application's web
  * request framework and specify it here to have it checked
  * against the openid.current_url value in the response.  If
  * the current_url URL check fails, the status of the
  * completion will be FAILURE.
  *
  * @param array $query An array of the query parameters (key =>
  * value pairs) for this HTTP request.  Defaults to null.  If
  * null, the GET or POST data are automatically gotten from the
  * PHP environment.  It is only useful to override $query for
  * testing.
  *
  * @return Auth_OpenID_ConsumerResponse $response A instance of an
  * Auth_OpenID_ConsumerResponse subclass. The type of response is
  * indicated by the status attribute, which will be one of
  * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
  */
 function complete($current_url, $query = null)
 {
     if ($current_url && !is_string($current_url)) {
         // This is ugly, but we need to complain loudly when
         // someone uses the API incorrectly.
         trigger_error("current_url must be a string; see NEWS file " . "for upgrading notes.", E_USER_ERROR);
     }
     if ($query === null) {
         $query = Auth_OpenID::getQuery();
     }
     $loader = new Auth_OpenID_ServiceEndpointLoader();
     $endpoint_data = $this->session->get($this->_token_key);
     $endpoint = $loader->fromSession($endpoint_data);
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $response = $this->consumer->complete($message, $endpoint, $current_url);
     $this->session->del($this->_token_key);
     if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) {
         if ($response->identity_url !== null) {
             $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix);
             $disco->cleanup(true);
         }
     }
     return $response;
 }
Exemplo n.º 4
0
 function index()
 {
     try {
         $member = Member::currentUser();
         if ($member) {
             // user is already logged in
             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
         }
         $consumer = Injector::inst()->get('MyOpenIDConsumer');
         $query = Auth_OpenID::getQuery();
         $message = Auth_OpenID_Message::fromPostArgs($query);
         $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
         list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
         $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
         error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp));
         // Complete the authentication process using the server's response.
         $response = $consumer->complete(OpenStackIdCommon::getReturnTo());
         if ($response->status == Auth_OpenID_CANCEL) {
             error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL');
             SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN);
             throw new Exception('The verification was cancelled. Please try again.');
         } else {
             if ($response->status == Auth_OpenID_FAILURE) {
                 error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE');
                 SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN);
                 throw new Exception("The OpenID authentication failed.");
             } else {
                 if ($response->status == Auth_OpenID_SUCCESS) {
                     error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS');
                     $openid = $response->getDisplayIdentifier();
                     $openid = OpenStackIdCommon::escape($openid);
                     if ($response->endpoint->canonicalID) {
                         $openid = escape($response->endpoint->canonicalID);
                     }
                     //get user info from openid response
                     $member = null;
                     list($email, $full_name) = $this->getUserProfileInfo($response);
                     if (!is_null($email)) {
                         //try to get user by email
                         $member = $this->member_repository->findByEmail($email);
                     }
                     if (!$member) {
                         // or by openid
                         $member = Member::get()->filter('IdentityURL', $openid)->first();
                     }
                     if ($member) {
                         $result = $member->canLogIn();
                         if ($result->valid()) {
                             $member->setIdentityUrl($openid);
                             $member->write();
                             $member->LogIn(true);
                             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
                         }
                         throw new Exception("Inactive User!");
                     }
                     throw new Exception("The OpenID authentication failed: can not find user " . $openid);
                 }
             }
         }
     } catch (Exception $ex) {
         Session::set("Security.Message.message", $ex->getMessage());
         Session::set("Security.Message.type", "bad");
         SS_Log::log($ex, SS_Log::WARN);
         return $this->redirect("Security/badlogin");
     }
 }
Exemplo n.º 5
0
 function test_getQuery()
 {
     $queries = array('' => array(), 'single' => array(), 'no&pairs' => array(), 'x%3Dy' => array(), 'single&real=value' => array('real' => 'value'), 'x=y&m=x%3Dn' => array('x' => 'y', 'm' => 'x=n'), '&m=x%20y' => array('m' => 'x y'), 'single&&m=x%20y&bogus' => array('m' => 'x y'), 'too=many=equals&' => array('too' => 'many=equals'));
     foreach ($queries as $s => $data) {
         $query = Auth_OpenID::getQuery($s);
         foreach ($data as $key => $value) {
             $this->assertTrue($query[$key] === $value);
         }
         foreach ($query as $key => $value) {
             $this->assertTrue($data[$key] === $value);
         }
     }
 }
Exemplo n.º 6
0
 public function GetQueryStringForRequest()
 {
     foreach (Auth_OpenID::getQuery() as $key => $value) {
         if (strpos($key, 'openid.') === 0) {
             $args[$key] = $value;
         }
     }
     return http_build_query($args);
 }
Exemplo n.º 7
0
 /**
  * @todo check whether the url field causes errors due to rewriting
  */
 public function getResponse($aReturnTo)
 {
     $OpenIDConsumer = new Auth_OpenID_Consumer($this->OpenIDStorage, $this->OpenIDSessionInterface);
     return $OpenIDConsumer->complete($aReturnTo, Auth_OpenID::getQuery());
 }
Exemplo n.º 8
0
 function test_getCancelURL()
 {
     $url = $this->request->getCancelURL();
     $parsed = parse_url($url);
     $query = Auth_OpenID::getQuery($parsed['query']);
     $this->assertEquals(array('openid.mode' => 'cancel', 'openid.ns' => Auth_OpenID_OPENID2_NS), $query);
 }
Exemplo n.º 9
0
 /**
  * Called to interpret the server's response to an OpenID
  * request. It is called in step 4 of the flow described in the
  * consumer overview.
  *
  * @param array $query An array of the query parameters (key =>
  * value pairs) for this HTTP request.  Defaults to null.  If
  * null, the GET or POST data are automatically gotten from the
  * PHP environment.  It is only useful to override $query for
  * testing.
  *
  * @return Auth_OpenID_ConsumerResponse $response A instance of an
  * Auth_OpenID_ConsumerResponse subclass. The type of response is
  * indicated by the status attribute, which will be one of
  * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
  */
 function complete($query = null)
 {
     if ($query === null) {
         $query = Auth_OpenID::getQuery();
     }
     $loader = new Auth_OpenID_ServiceEndpointLoader();
     $endpoint_data = $this->session->get($this->_token_key);
     $endpoint = $loader->fromSession($endpoint_data);
     if ($endpoint === null) {
         $response = new Auth_OpenID_FailureResponse(null, 'No session state found');
     } else {
         $message = Auth_OpenID_Message::fromPostArgs($query);
         $response = $this->consumer->complete($message, $endpoint);
         $this->session->del($this->_token_key);
     }
     if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) {
         if ($response->identity_url !== null) {
             $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix);
             $disco->cleanup();
         }
     }
     return $response;
 }
Exemplo n.º 10
0
 private function getQuery()
 {
     $query = Auth_OpenID::getQuery();
     // unset the url parameter automatically added by app/webroot/.htaccess
     // as it causes problems with the verification of the return_to url
     unset($query['url']);
     return $query;
 }
Exemplo n.º 11
0
 /**
  * Called to interpret the server's response to an OpenID
  * request. It is called in step 4 of the flow described in the
  * consumer overview.
  *
  * @param string $current_url The URL used to invoke the application.
  * Extract the URL from your application's web
  * request framework and specify it here to have it checked
  * against the openid.current_url value in the response.  If
  * the current_url URL check fails, the status of the
  * completion will be FAILURE.
  *
  * @param array $query An array of the query parameters (key =>
  * value pairs) for this HTTP request.  Defaults to null.  If
  * null, the GET or POST data are automatically gotten from the
  * PHP environment.  It is only useful to override $query for
  * testing.
  *
  * @return Auth_OpenID_ConsumerResponse $response A instance of an
  * Auth_OpenID_ConsumerResponse subclass. The type of response is
  * indicated by the status attribute, which will be one of
  * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
  */
 function complete($current_url, $query = null)
 {
     if ($current_url && !is_string($current_url)) {
         // This is ugly, but we need to complain loudly when
         // someone uses the API incorrectly.
         trigger_error("current_url must be a string; see NEWS file " . "for upgrading notes.", E_USER_ERROR);
     }
     if ($query === null) {
         $query = Auth_OpenID::getQuery();
         if (empty($query)) {
             error_log('/lib/openid/Auth/OpenID/Consumer.php::complete() - warning: empty query string!');
             if (isset($_SERVER['HTTP_REFERER']) && ($argpos = strpos($_SERVER['HTTP_REFERER'], '?')) !== false) {
                 $query = Auth_OpenID::getQuery(substr($_SERVER['HTTP_REFERER'], $argpos + 1));
             }
         }
     }
     $loader = new Auth_OpenID_ServiceEndpointLoader();
     $endpoint_data = $this->session->get($this->_token_key);
     $endpoint = $loader->fromSession($endpoint_data);
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $response = $this->consumer->complete($message, $endpoint, $current_url);
     $this->session->del($this->_token_key);
     if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) {
         if ($response->identity_url !== null) {
             $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix);
             $disco->cleanup(true);
         }
     }
     return $response;
 }
Exemplo n.º 12
0
/**
 * Handle a standard OpenID server request
 */
function action_default()
{
    header('X-XRDS-Location: ' . buildURL('idpXrds'));
    $server =& getServer();
    $method = $_SERVER['REQUEST_METHOD'];
    $request = null;
    if ($method == 'GET') {
        $request = $_GET;
    } else {
        $request = $_POST;
    }
    $request = $server->decodeRequest();
    if (!$request) {
        return about_render();
    }
    setRequestInfo($request);
    if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
        // Redirect to indirect server here with a 307 code to redirect
        // the POST to the new location. Normal redirect (without 307)
        // causes a GET instead of a POST
        global $indirect_server_url;
        $new_location = $indirect_server_url;
        if ($method == 'GET') {
            // If the request comes in via get, we want to redirect
            // to a URL that includes the full query string. Otherwise
            // all that juicy data gets lost. This was a problem for GIMI,
            // which uses a ruby openid client.
            $new_location .= '?' . $_SERVER['QUERY_STRING'];
        } else {
            if ($method == 'POST') {
                $query = Auth_OpenID::getQuery();
                $new_location .= '?' . http_build_query($query);
            }
        }
        header('Location: ' . $new_location, true, 307);
        exit;
        if ($request->idSelect()) {
            // Perform IDP-driven identifier selection
            if ($request->mode == 'checkid_immediate') {
                $response =& $request->answer(false);
            } else {
                return trust_render($request);
            }
        } else {
            if (!$request->identity && !$request->idSelect()) {
                // No identifier used or desired; display a page saying
                // so.
                return noIdentifier_render();
            } else {
                if ($request->immediate) {
                    $response =& $request->answer(false, buildURL());
                } else {
                    if (!getLoggedInUser()) {
                        return login_render();
                    }
                    return trust_render($request);
                }
            }
        }
    } else {
        $response =& $server->handleRequest($request);
    }
    $webresponse =& $server->encodeResponse($response);
    if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
        header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code);
    }
    foreach ($webresponse->headers as $k => $v) {
        header("{$k}: {$v}");
    }
    header(header_connection_close);
    print $webresponse->body;
    exit(0);
}