static function ServerCheck($server, $request, $sreg, $imm = true) { assert(isset($server)); assert(isset($request)); assert(isset($sreg)); assert(isset($imm) && is_bool($imm)); # Is the passed identity URL a user page? $url = $request->identity; assert(isset($url) && strlen($url) > 0); $user = self::DEPRECATEDgetUsernameFromOpenIdUrl($url); if (!$user) { throw new Exception("OpenID: '{$url}' not a user page.\n"); return $request->answer(false, self::getOpenIdServerUrl()); } assert($user); # Is there a logged in user? if ($user != User::getCurrentUser()) { //throw new Exception ("OpenID: User not logged in.\n"); if ($imm) { return $request->answer(false, self::getOpenIdServerUrl()); } else { # Bank these for later self::serverSessionSaveValues($request, $sreg); self::serverLoginForm($request, null, $user); return NULL; } } assert($user); assert(is_array($sreg)); # Does the request require sreg fields that the user has not specified? if (array_key_exists('required', $sreg)) { $notFound = false; foreach ($sreg['required'] as $reqfield) { if (is_null(self::getUserField($user, $reqfield))) { $notFound = true; break; } } if ($notFound) { //("OpenID: Consumer demands info we don't have.\n"); return $request->answer(false, self::getOpenIdServerUrl()); } } # Trust check $trust_root = $request->trust_root; assert(isset($trust_root) && is_string($trust_root) && strlen($trust_root) > 0); $trust = self::GetUserTrust($user, $trust_root); # Is there a trust record? if (is_null($trust)) { wfDebug("OpenID: No trust record.\n"); if ($imm) { return $request->answer(false, self::getOpenIdServerUrl()); } else { # Bank these for later self::serverSessionSaveValues($request, $sreg); OpenIDServerTrustForm($request, $sreg); return NULL; } } assert(!is_null($trust)); # Is the trust record _not_ to allow trust? # NB: exactly equal if ($trust === false) { wfDebug("OpenID: User specified not to allow trust.\n"); return $request->answer(false, self::getOpenIdServerUrl()); } assert(isset($trust) && is_array($trust)); # Does the request require sreg fields that the user has # not allowed us to pass, or has not specified? if (array_key_exists('required', $sreg)) { $notFound = false; foreach ($sreg['required'] as $reqfield) { if (!in_array($reqfield, $trust) || is_null(self::getUserField($user, $reqfield))) { $notFound = true; break; } } if ($notFound) { wfDebug("OpenID: Consumer demands info user doesn't want shared.\n"); return $request->answer(false, self::getOpenIdServerUrl()); } } # assert(all required sreg fields are in $trust) # XXX: run a hook here to check # SUCCESS $response_fields = array_intersect(array_unique(array_merge($sreg['required'], $sreg['optional'])), $trust); $response = $request->answer(true); assert(isset($response)); foreach ($response_fields as $field) { $value = self::getUserField($user, $field); if (!is_null($value)) { $response->addField('sreg', $field, $value); } } return $response; }
function OpenIDServerCheck($server, $request, $sreg, $imm = true) { global $wgUser, $wgOut; assert(isset($wgUser) && isset($wgOut)); assert(isset($server)); assert(isset($request)); assert(isset($sreg)); assert(isset($imm) && is_bool($imm)); # Is the passed identity URL a user page? $url = $request->identity; assert(isset($url) && strlen($url) > 0); $name = OpenIDUrlToUserName($url); if (!isset($name) || strlen($name) == 0) { wfDebug("OpenID: '{$url}' not a user page.\n"); return $request->answer(false, OpenIdServerUrl()); } assert(isset($name) && strlen($name) > 0); # Is there a logged in user? if ($wgUser->getId() == 0) { wfDebug("OpenID: User not logged in.\n"); if ($imm) { return $request->answer(false, OpenIdServerUrl()); } else { # Bank these for later OpenIDServerSaveValues($request, $sreg); OpenIDServerLoginForm($request); return NULL; } } assert($wgUser->getId() != 0); # Is the user page for the logged-in user? $user = User::newFromName($name); if (!isset($user) || $user->getId() != $wgUser->getId()) { wfDebug("OpenID: User from url not logged in user.\n"); return $request->answer(false, OpenIdServerUrl()); } assert(isset($user) && $user->getId() == $wgUser->getId() && $user->getId() != 0); # Is the user an OpenID user? $openid = OpenIDGetUserUrl($user); if (isset($openid) && strlen($openid) > 0) { wfDebug("OpenID: Not one of our users; logs in with OpenID.\n"); return $request->answer(false, OpenIdServerUrl()); } assert(is_array($sreg)); # Does the request require sreg fields that the user has not specified? if (array_key_exists('required', $sreg)) { $notFound = false; foreach ($sreg['required'] as $reqfield) { if (is_null(OpenIdGetUserField($user, $reqfield))) { $notFound = true; break; } } if ($notFound) { wfDebug("OpenID: Consumer demands info we don't have.\n"); return $request->answer(false, OpenIdServerUrl()); } } # Trust check $trust_root = $request->trust_root; assert(isset($trust_root) && is_string($trust_root) && strlen($trust_root) > 0); $trust = OpenIDGetUserTrust($user, $trust_root); # Is there a trust record? if (is_null($trust)) { wfDebug("OpenID: No trust record.\n"); if ($imm) { return $request->answer(false, OpenIdServerUrl()); } else { # Bank these for later OpenIDServerSaveValues($request, $sreg); OpenIDServerTrustForm($request, $sreg); return NULL; } } assert(!is_null($trust)); # Is the trust record _not_ to allow trust? # NB: exactly equal if ($trust === false) { wfDebug("OpenID: User specified not to allow trust.\n"); return $request->answer(false, OpenIdServerUrl()); } assert(isset($trust) && is_array($trust)); # Does the request require sreg fields that the user has # not allowed us to pass, or has not specified? if (array_key_exists('required', $sreg)) { $notFound = false; foreach ($sreg['required'] as $reqfield) { if (!in_array($reqfield, $trust) || is_null(OpenIdGetUserField($user, $reqfield))) { $notFound = true; break; } } if ($notFound) { wfDebug("OpenID: Consumer demands info user doesn't want shared.\n"); return $request->answer(false, OpenIdServerUrl()); } } # assert(all required sreg fields are in $trust) # XXX: run a hook here to check # SUCCESS $response_fields = array_intersect(array_unique(array_merge($sreg['required'], $sreg['optional'])), $trust); $response = $request->answer(true); assert(isset($response)); foreach ($response_fields as $field) { $value = OpenIDGetUserField($user, $field); if (!is_null($value)) { $response->addField('sreg', $field, $value); } } return $response; }