fromOpenIDRequest() статический публичный Метод

Extract a FetchRequest from an OpenID message
static public fromOpenIDRequest ( $request )
Документация по классу Auth_OpenID_AX_FetchRequest
Пример #1
0
 public function executeTrust(sfWebRequest $request)
 {
     opApplicationConfiguration::registerJanRainOpenID();
     require_once 'Auth/OpenID/Server.php';
     require_once 'Auth/OpenID/FileStore.php';
     require_once 'Auth/OpenID/SReg.php';
     require_once 'Auth/OpenID/AX.php';
     $info = unserialize($_SESSION['request']);
     $this->forward404Unless($info);
     $trusted = $request->hasParameter('trust') || $request->hasParameter('permanent');
     if (!$trusted) {
         unset($_SESSION['request']);
         $url = $info->getCancelURL();
         $this->redirect($url);
     }
     $reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true);
     if (!$info->idSelect()) {
         $this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity);
     }
     unset($_SESSION['request']);
     $server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity);
     $response = $info->answer(true, null, $reqUrl);
     $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
     $axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
     $allowedProfiles = $request->getParameter('profiles', array());
     $requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest);
     $rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles));
     if (in_array(true, $rejectedProfiles)) {
         $url = $info->getCancelURL();
         $this->redirect($url);
     }
     if ($sregRequest) {
         $sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember());
         $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles));
         $response->addExtension($sregResp);
     }
     if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) {
         $axResp = new Auth_OpenID_AX_FetchResponse();
         $axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember());
         $userData = $axExchange->getData($allowedProfiles);
         foreach ($axRequest->requested_attributes as $k => $v) {
             if (!empty($userData[$k])) {
                 $axResp->addValue($k, $userData[$k]);
             }
         }
         $response->addExtension($axResp);
     }
     $log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId());
     if ($request->hasParameter('permanent')) {
         $log->is_permanent = true;
         $log->save();
     }
     $response = $server->encodeResponse($response);
     return $this->writeResponse($response);
 }
Пример #2
0
 function test_openidUpdateURLVerificationSuccessReturnTo()
 {
     $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'checkid_setup', 'ns' => Auth_OpenID_OPENID2_NS, 'return_to' => 'http://example.com/realm', 'ns.ax' => Auth_OpenID_AX_NS_URI, 'ax.update_url' => 'http://example.com/realm/update_path', 'ax.mode' => 'fetch_request'));
     $openid_req = new Auth_OpenID_Request();
     $openid_req->message =& $openid_req_msg;
     $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req);
     $this->assertFalse(Auth_OpenID_AX::isError($fr));
 }
Пример #3
0
function send_geni_user($server, $info)
{
    $geni_user = geni_loadUser();
    $req_url = idURL($geni_user->username);
    $response =& $info->answer(true, null, $req_url);
    // Answer with some sample Simple Registration data.
    global $portal_cert_file;
    global $portal_private_key_file;
    $sreg_data = array();
    if ($geni_user) {
        $sreg_data['nickname'] = $geni_user->username;
        $sreg_data['email'] = $geni_user->email();
    }
    if (empty($sreg_data)) {
        error_log("OpenID: Unable to access user information.");
    }
    // Add the simple registration response values to the OpenID
    // response message.
    $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
    $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
    $sreg_response->toMessage($response->fields);
    /*
     * Attribute Exchange (AX) is an OpenID extension to pass additional
     * attributes. This code was derived by looking at some client
     * examples and the AX code. No server-side examples of PHP OpenID
     * AX were found.
     *
     * AX seems to be fragile. Small changes to the code below can
     * result in authentication failures.
     *
     * The user URN has '+' characters but these consistently caused
     * authentication failures in testing. Replacing the '+' with '|'
     * worked, so that is a necessary transformation below.
     */
    $ax_request = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
    if ($ax_request and !Auth_OpenID_AX::isError($ax_request)) {
        /* error_log("received AX request: " . print_r($ax_request, true)); */
        $ax_response = new Auth_OpenID_AX_FetchResponse();
        add_project_slice_info($geni_user, $projects, $slices);
        foreach ($ax_request->iterTypes() as $ax_req_type) {
            switch ($ax_req_type) {
                case 'http://geni.net/projects':
                    $ax_response->setValues($ax_req_type, $projects);
                    break;
                case 'http://geni.net/slices':
                    $ax_response->setValues($ax_req_type, $slices);
                    break;
                case 'http://geni.net/user/urn':
                    $urn = $geni_user->urn();
                    $urn = str_replace('+', '|', $urn);
                    $ax_response->addValue('http://geni.net/user/urn', $urn);
                    break;
                case 'http://geni.net/user/prettyname':
                    $ax_response->addValue($ax_req_type, $geni_user->prettyName());
                    break;
                case 'http://geni.net/wimax/username':
                case 'http://geni.net/wimax/wimax_username':
                    $wimax_name = null;
                    if (isset($geni_user->ma_member->wimax_username)) {
                        $wimax_name = $geni_user->ma_member->wimax_username;
                    }
                    /* Only send wimax name if it exists. */
                    if ($wimax_name) {
                        $ax_response->addValue($ax_req_type, $wimax_name);
                    }
                    break;
                case 'http://geni.net/irods/username':
                    /* Get the iRODS username. Do we need to respect the
                     * 'irods_enabled' flag?
                     */
                    $irods_username = null;
                    if (isset($geni_user->ma_member->irods_username)) {
                        $irods_username = $geni_user->ma_member->irods_username;
                    }
                    /* Only send it if it exists. */
                    if ($irods_username) {
                        error_log("Returning iRODS username {$irods_username} for user " . $geni_user->urn());
                        $ax_response->addValue($ax_req_type, $irods_username);
                    } else {
                        error_log("No iRODS username in OpenID for user " . $geni_user->urn());
                    }
                    break;
                case 'http://geni.net/irods/zone':
                    /* Get the IRods zone for this user. */
                    $irods_zone = irods_default_zone();
                    /* Only send it if it exists. */
                    if ($irods_zone) {
                        error_log("Returning iRODS zone {$irods_zone} for user " . $geni_user->urn());
                        $ax_response->addValue($ax_req_type, $irods_zone);
                    } else {
                        error_log("No iRODS zone in OpenID for user " . $geni_user->urn());
                    }
                    break;
            }
        }
        $ax_response->toMessage($response->fields);
    }
    // Generate a response to send to the user agent.
    $webresponse =& $server->encodeResponse($response);
    $new_headers = array();
    foreach ($webresponse->headers as $k => $v) {
        $new_headers[] = $k . ": " . $v;
    }
    return array($new_headers, $webresponse->body);
}