extractResponse() статический публичный Метод

request: The simple registration request object data: The simple registration data for this response, as a dictionary from unqualified simple registration field name to string (unicode) value. For instance, the nickname should be stored under the key 'nickname'.
static public extractResponse ( $request, $data )
Пример #1
0
 public function GetSRegDataForRequest(User $user)
 {
     require_once 'Auth/OpenID/SReg.php';
     // Other common SReg fields we could fill are:
     //   dob, country, language, timezone.
     $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($this->request);
     return Auth_OpenID_SRegResponse::extractResponse($sreg_request, array('fullname' => $user->fullName(), 'nickname' => $user->displayName(), 'email' => $user->bestEmail(), 'gender' => $user->isFemale() ? 'F' : 'M'));
 }
Пример #2
0
function addSregFields(&$response, $info, $req_url)
{
    $username = getUsernameFromUrl($req_url);
    $user = get_user_by_username($username);
    if ($user) {
        $email = $user->email;
        $fullname = $user->name;
        $sreg_data = array('fullname' => $fullname, 'email' => $email);
        // Add the simple registration response values to the OpenID
        // response message.
        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
        //error_log('DEBUG:' . (string)($response->fields));
        $sreg_response->toMessage($response->fields);
    }
}
Пример #3
0
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null)
{
    if (!$info) {
        // There is no authentication information, so bail
        return authCancel(null);
    }
    if ($info->idSelect()) {
        if ($idpSelect) {
            $req_url = idURL($idpSelect);
        } else {
            $trusted = false;
        }
    } else {
        $req_url = $info->identity;
    }
    $user = getLoggedInUser();
    setRequestInfo($info);
    if (!$info->idSelect() && $req_url != idURL($user)) {
        return login_render(array(), $req_url, $req_url);
    }
    $trust_root = $info->trust_root;
    if ($trusted) {
        setRequestInfo();
        $server =& getServer();
        $response =& $info->answer(true, null, $req_url);
        // Answer with some sample Simple Registration data.
        $sreg_data = array('fullname' => 'Example User', 'nickname' => 'example', 'dob' => '1970-01-01', 'email' => '*****@*****.**', 'gender' => 'F', 'postcode' => '12345', 'country' => 'ES', 'language' => 'eu', 'timezone' => 'America/New_York');
        // Add the simple registration response values to the OpenID
        // response message.
        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
        $sreg_response->toMessage($response->fields);
        // Generate a response to send to the user agent.
        $webresponse =& $server->encodeResponse($response);
        $new_headers = array();
        foreach ($webresponse->headers as $k => $v) {
            $new_headers[] = $k . ": " . $v;
        }
        return array($new_headers, $webresponse->body);
    } elseif ($fail_cancels) {
        return authCancel($info);
    } else {
        return trust_render($info);
    }
}
Пример #4
0
/**
 * Attach SReg response to authentication response.
 */
function openid_server_sreg_auth_response($response)
{
    $user = wp_get_current_user();
    // should we include SREG in the response?
    $include_sreg = false;
    if (isset($GLOBALS['openid_server_sreg_trust'])) {
        $include_sreg = $GLOBALS['openid_server_sreg_trust'];
    } else {
        $trusted_sites = get_usermeta($user->ID, 'openid_trusted_sites');
        $request = $response->request;
        $site_hash = md5($request->trust_root);
        if (is_array($trusted_sites) && array_key_exists($site_hash, $trusted_sites)) {
            $include_sreg = $trusted_sites[$site_hash]['release_attributes'];
        }
    }
    if ($include_sreg) {
        $sreg_data = array();
        foreach ($GLOBALS['Auth_OpenID_sreg_data_fields'] as $field => $name) {
            $sreg_data[$field] = openid_server_sreg_from_profile($field);
        }
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($GLOBALS['openid_server_sreg_request'], $sreg_data);
        $response->addExtension($sreg_response);
    }
    return $response;
}
Пример #5
0
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null)
{
    if (!$info) {
        // There is no authentication information, so bail
        return authCancel(null);
    }
    $auth = getAuth();
    $cert_webid_23 = str_replace('#', '%23', $auth['agent']['webid']);
    $cert_webid = str_replace('http://', '', $cert_webid_23);
    //	$cert_webid = urlencode($auth['agent']['webid']);
    if ($_SERVER['HTTPS']) {
        $host = "https://openid4.me/";
    } else {
        $host = "http://openid4.me/";
    }
    $normalized_webid = $host . $cert_webid;
    if ($info->idSelect()) {
        //        if ($idpSelect) {
        //            $req_url = idURL($idpSelect);
        if ($auth[isAuthenticated]) {
            $req_url = $normalized_webid;
        } else {
            $trusted = false;
        }
        //        } else {
        //            $trusted = false;
        //        }
    } else {
        $req_url = $info->identity;
        if ($req_url != $normalized_webid) {
            //Get link header
            $link_webid = fetch_foaf_profile($req_url);
            if ($cert_webid == $link_webid) {
                $trusted = true;
            } else {
                $agent = get_agent(urldecode($link_webid));
                /*
                					print "<pre>";
                					print_r($agent);
                					print "</pre>";
                */
                $link_webid = isset($agent['agent']['webid']) ? str_replace('#', '%23', $agent['agent']['webid']) : '';
                if ($cert_webid_23 == $link_webid) {
                    $trusted = true;
                } else {
                    $trusted = false;
                }
            }
        } else {
            $trusted = true;
        }
    }
    $user = getLoggedInUser();
    setRequestInfo($info);
    /*
        if ((!$info->idSelect()) && ($req_url != idURL($user))) {
            return login_render(array(), $req_url, $req_url);
        }
    */
    $trust_root = $info->trust_root;
    if ($trusted) {
        setRequestInfo();
        $server =& getServer();
        $response =& $info->answer(true, null, $req_url);
        // Answer with some sample Simple Registration data.
        $agent = get_agent($auth['agent']['webid']);
        $sreg_data = array();
        if ($fullname = $agent['agent']['name']) {
            $sreg_data = array_merge($sreg_data, array('fullname' => $fullname));
        }
        if ($nickname = $agent['agent']['nick'][0]) {
            $sreg_data = array_merge($sreg_data, array('nickname' => $nickname));
        }
        if ($mbox = $agent['agent']['mbox'][0]) {
            $mbox = str_replace('mailto:', '', $mbox);
            $sreg_data = array_merge($sreg_data, array('email' => $mbox));
        }
        // Add the simple registration response values to the OpenID
        // response message.
        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
        $sreg_response->toMessage($response->fields);
        // Generate a response to send to the user agent.
        $webresponse =& $server->encodeResponse($response);
        $new_headers = array();
        foreach ($webresponse->headers as $k => $v) {
            $new_headers[] = $k . ": " . $v;
        }
        return array($new_headers, $webresponse->body);
    } elseif ($fail_cancels) {
        return authCancel($info);
    } else {
        return trust_render($info);
    }
}
Пример #6
0
 /**
  * Process a request.
  *
  * This function never returns.
  *
  * @param Auth_OpenID_Request $request  The request we are processing.
  */
 public function processRequest(array $state)
 {
     assert('isset($state["request"])');
     $request = $state['request'];
     $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
     $ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request);
     /* In resume.php there should be a way to display data requested through sreg or ax. */
     if (!$this->authSource->isAuthenticated()) {
         if ($request->immediate) {
             /* Not logged in, and we cannot show a login form. */
             $this->sendResponse($request->answer(FALSE));
         }
         $resumeURL = $this->getStateURL('resume.php', $state);
         $this->authSource->requireAuth(array('ReturnTo' => $resumeURL));
     }
     $identity = $this->getIdentity();
     assert('$identity !== FALSE');
     /* Should always be logged in here. */
     if (!$request->idSelect() && $identity !== $request->identity) {
         /* The identity in the request doesn't match the one of the logged in user. */
         throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.');
     }
     if ($this->isTrusted($identity, $request->trust_root)) {
         $trusted = TRUE;
     } elseif (isset($state['TrustResponse'])) {
         $trusted = (bool) $state['TrustResponse'];
     } else {
         if ($request->immediate) {
             /* Not trusted, and we cannot show a trust-form. */
             $this->sendResponse($request->answer(FALSE));
         }
         $trustURL = $this->getStateURL('trust.php', $state);
         SimpleSAML_Utilities::redirectTrustedURL($trustURL);
     }
     if (!$trusted) {
         /* The user doesn't trust this site. */
         $this->sendResponse($request->answer(FALSE));
     }
     $response = $request->answer(TRUE, NULL, $identity);
     //Process attributes
     $attributes = $this->authSource->getAttributes();
     foreach ($attributes as $key => $attr) {
         if (is_array($attr) && count($attr) === 1) {
             $attributes[$key] = $attr[0];
         }
     }
     $pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp');
     $state = array('Attributes' => $attributes, 'isPassive' => TRUE);
     $pc->processStatePassive(&$state);
     $attributes = $state['Attributes'];
     //Process SREG requests
     $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes);
     $sreg_resp->toMessage($response->fields);
     //Process AX requests
     $ax_resp = new Auth_OpenID_AX_FetchResponse();
     foreach ($ax_req->iterTypes() as $type_uri) {
         if (isset($attributes[$type_uri])) {
             $ax_resp->addValue($type_uri, $attributes[$type_uri]);
         }
     }
     $ax_resp->toMessage($response->fields);
     /* The user is authenticated, and trusts this site. */
     $this->sendResponse($response);
 }
Пример #7
0
 function generateAllowResponse($request, $user)
 {
     $response = $request->answer(true, null, common_profile_url($user->nickname));
     $profile = $user->getProfile();
     $sreg_data = array('fullname' => $profile->fullname, 'nickname' => $user->nickname, 'email' => $user->email, 'language' => $user->language, 'timezone' => $user->timezone);
     $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
     $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
     $sreg_response->toMessage($response->fields);
     return $response;
 }
Пример #8
0
 public function executeTrust(sfWebRequest $request)
 {
     opApplicationConfiguration::registerJanRainOpenID();
     require_once 'Auth/OpenID/Server.php';
     require_once 'Auth/OpenID/FileStore.php';
     require_once 'Auth/OpenID/SReg.php';
     require_once 'Auth/OpenID/AX.php';
     $info = unserialize($_SESSION['request']);
     $this->forward404Unless($info);
     $trusted = $request->hasParameter('trust') || $request->hasParameter('permanent');
     if (!$trusted) {
         unset($_SESSION['request']);
         $url = $info->getCancelURL();
         $this->redirect($url);
     }
     $reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true);
     if (!$info->idSelect()) {
         $this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity);
     }
     unset($_SESSION['request']);
     $server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity);
     $response = $info->answer(true, null, $reqUrl);
     $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
     $axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
     $allowedProfiles = $request->getParameter('profiles', array());
     $requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest);
     $rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles));
     if (in_array(true, $rejectedProfiles)) {
         $url = $info->getCancelURL();
         $this->redirect($url);
     }
     if ($sregRequest) {
         $sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember());
         $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles));
         $response->addExtension($sregResp);
     }
     if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) {
         $axResp = new Auth_OpenID_AX_FetchResponse();
         $axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember());
         $userData = $axExchange->getData($allowedProfiles);
         foreach ($axRequest->requested_attributes as $k => $v) {
             if (!empty($userData[$k])) {
                 $axResp->addValue($k, $userData[$k]);
             }
         }
         $response->addExtension($axResp);
     }
     $log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId());
     if ($request->hasParameter('permanent')) {
         $log->is_permanent = true;
         $log->save();
     }
     $response = $server->encodeResponse($response);
     return $this->writeResponse($response);
 }
Пример #9
0
 function _test($uri)
 {
     // Create a request message with simple registration fields
     $sreg_req = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname'));
     $req_msg = new Auth_OpenID_Message($uri);
     $req_msg->updateArgs(Auth_OpenID_SREG_NS_URI, $sreg_req->getExtensionArgs());
     $req = new Auth_OpenID_Request();
     $req->message =& $req_msg;
     $req->namespace = $req_msg->getOpenIDNamespace();
     // -> send checkid_* request
     // Create an empty response message
     $resp_msg = new Auth_OpenID_Message($uri);
     $resp = new Auth_OpenID_ServerResponse($req);
     $resp->fields = $resp_msg;
     $data = array('nickname' => 'linusaur', 'postcode' => '12345', 'country' => 'US', 'gender' => 'M', 'fullname' => 'Leonhard Euler', 'email' => '*****@*****.**', 'dob' => '0000-00-00', 'language' => 'en-us');
     // Put the requested data fields in the response message
     $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $data);
     $resp->addExtension($sreg_resp);
     // <- send id_res response
     // Extract the fields that were sent
     $sreg_data_resp = $resp->fields->getArgs(Auth_OpenID_SREG_NS_URI);
     $this->assertEquals(array('nickname' => 'linusaur', 'email' => '*****@*****.**', 'fullname' => 'Leonhard Euler'), $sreg_data_resp);
 }
Пример #10
0
 /**
  * Authenticate the currently logged in user.  This sends the
  * result, and is thus no-return.
  */
 public function authenticate()
 {
     global $serverUri;
     $id = $this->session->getUser();
     if (!$id) {
         $this->cancel();
     }
     $req = $this->session->getRequestInfo();
     if (!$req) {
         $this->cancel();
     }
     assert($id && $req);
     $fullid = "{$serverUri}?name=" . urlencode($id);
     $resp = $req->answer(true, NULL, $fullid);
     $this->checkError($resp);
     /* Get more data to send.  */
     $data = $this->nc->getIdValue($id);
     $sregData = array();
     $sregKeys = array("name" => "fullname", "email" => "email", "website" => "website", "nick" => "nickname");
     if ($data) {
         foreach ($sregKeys as $key => $val) {
             if (isset($data->{$key})) {
                 $sregData[$val] = $data->{$key};
             }
         }
     }
     /* Add simple registration data to response.  */
     $sregReq = Auth_OpenID_SRegRequest::fromOpenIDRequest($req);
     $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregReq, $sregData);
     $sregResp->toMessage($resp->fields);
     /* Send response and clean out request info.  */
     $this->session->setRequestInfo(NULL);
     $this->sendResponse($resp);
 }
Пример #11
0
/**
 * Convenience function for copying all the sreg data that was
 * requested from a supplied set of sreg data into the response
 * message. If no data were requested, no data will be sent.
 *
 * openid_request: The OpenID (checkid_*) request that may be
 * requesting sreg data.
 *
 * data: The simple registration data to send. All requested fields
 * that are present in this dictionary will be added to the response
 * message.
 *
 * openid_response: The OpenID C{id_res} response to which the simple
 * registration data should be added
 *
 * Does not return a value; updates the openid_response instead.
 */
function Auth_OpenID_sendSRegFields(&$openid_request, $data, &$openid_response)
{
    $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($openid_request->message);
    $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $data);
    $sreg_response->toMessage($openid_response->fields);
}
Пример #12
0
 private function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null, $accepted_scopes = null)
 {
     if (!$info) {
         // There is no authentication information, so bail
         return $this->openid->authCancel(null);
     }
     if ($info->idSelect()) {
         if ($idpSelect) {
             $req_url = $this->openid->idURL($idpSelect);
         } else {
             $trusted = false;
         }
     } else {
         $req_url = $info->identity;
     }
     $id_url = $this->openid->idUrl($_SESSION['id']);
     $this->openid->setRequestInfo($info);
     if (!$info->idSelect() && $req_url != $id_url) {
         return $this->openid->authCancel($info);
     }
     if ($trusted) {
         // prepare the OpenID response object
         $this->openid->setRequestInfo();
         $server =& $this->openid->getOpenIdServer();
         $response =& $info->answer(true, null, $req_url);
         // Simple Registration Extension
         $people = $this->model('people');
         $person = $people->get_person($_SESSION['id'], true);
         $date_of_birth_month = date('n', $person['date_of_birth']);
         $date_of_birth_day = date('j', $person['date_of_birth']);
         $date_of_birth_year = date('y', $person['date_of_birth']);
         // Answer with Simple Registration data.
         $sreg_data = array('fullname' => $person['first_name'] . ' ' . $person['last_name'], 'nickname' => $person['first_name'], 'dob' => $date_of_birth_year . '-' . $date_of_birth_month . '-' . $date_of_birth_day, 'email' => $person['email'], 'gender' => $person['gender'], 'country' => 'US', 'language' => 'en');
         // Add the simple registration response values to the OpenID
         // response message.
         $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
         $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
         $sreg_response->toMessage($response->fields);
         // Hybrid OAuth Extension
         $oauth_request = HybridOAuthRequest::fromOpenIDRequest($info);
         // handle accepted scopes (generates OAuth token)
         if ($oauth_request !== null) {
             $oauthDataStore = new PartuzaOAuthDataStore();
             $consumer = $oauthDataStore->lookup_consumer($oauth_request->consumer);
             $token = $oauthDataStore->new_request_token($consumer, '');
             $oauthDataStore->authorize_request_token($token->key);
             $oauth_response = HybridOAuthResponse::buildResponse($oauth_request, $token->key, $accepted_scopes);
             $oauth_response->toMessage($response->fields);
         }
         // Generate a response to send to the user agent.
         $webresponse =& $server->encodeResponse($response);
         header('Location: ' . $webresponse->headers['location']);
         header('Connection: close');
         echo $webresponse->body;
     } elseif ($fail_cancels) {
         return $this->openid->authCancel($info);
     } else {
         return $this->trust_render($info);
     }
 }
Пример #13
0
function send_geni_user($server, $info)
{
    $geni_user = geni_loadUser();
    $req_url = idURL($geni_user->username);
    $response =& $info->answer(true, null, $req_url);
    // Answer with some sample Simple Registration data.
    global $portal_cert_file;
    global $portal_private_key_file;
    $sreg_data = array();
    if ($geni_user) {
        $sreg_data['nickname'] = $geni_user->username;
        $sreg_data['email'] = $geni_user->email();
    }
    if (empty($sreg_data)) {
        error_log("OpenID: Unable to access user information.");
    }
    // Add the simple registration response values to the OpenID
    // response message.
    $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
    $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
    $sreg_response->toMessage($response->fields);
    /*
     * Attribute Exchange (AX) is an OpenID extension to pass additional
     * attributes. This code was derived by looking at some client
     * examples and the AX code. No server-side examples of PHP OpenID
     * AX were found.
     *
     * AX seems to be fragile. Small changes to the code below can
     * result in authentication failures.
     *
     * The user URN has '+' characters but these consistently caused
     * authentication failures in testing. Replacing the '+' with '|'
     * worked, so that is a necessary transformation below.
     */
    $ax_request = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
    if ($ax_request and !Auth_OpenID_AX::isError($ax_request)) {
        /* error_log("received AX request: " . print_r($ax_request, true)); */
        $ax_response = new Auth_OpenID_AX_FetchResponse();
        add_project_slice_info($geni_user, $projects, $slices);
        foreach ($ax_request->iterTypes() as $ax_req_type) {
            switch ($ax_req_type) {
                case 'http://geni.net/projects':
                    $ax_response->setValues($ax_req_type, $projects);
                    break;
                case 'http://geni.net/slices':
                    $ax_response->setValues($ax_req_type, $slices);
                    break;
                case 'http://geni.net/user/urn':
                    $urn = $geni_user->urn();
                    $urn = str_replace('+', '|', $urn);
                    $ax_response->addValue('http://geni.net/user/urn', $urn);
                    break;
                case 'http://geni.net/user/prettyname':
                    $ax_response->addValue($ax_req_type, $geni_user->prettyName());
                    break;
                case 'http://geni.net/wimax/username':
                case 'http://geni.net/wimax/wimax_username':
                    $wimax_name = null;
                    if (isset($geni_user->ma_member->wimax_username)) {
                        $wimax_name = $geni_user->ma_member->wimax_username;
                    }
                    /* Only send wimax name if it exists. */
                    if ($wimax_name) {
                        $ax_response->addValue($ax_req_type, $wimax_name);
                    }
                    break;
                case 'http://geni.net/irods/username':
                    /* Get the iRODS username. Do we need to respect the
                     * 'irods_enabled' flag?
                     */
                    $irods_username = null;
                    if (isset($geni_user->ma_member->irods_username)) {
                        $irods_username = $geni_user->ma_member->irods_username;
                    }
                    /* Only send it if it exists. */
                    if ($irods_username) {
                        error_log("Returning iRODS username {$irods_username} for user " . $geni_user->urn());
                        $ax_response->addValue($ax_req_type, $irods_username);
                    } else {
                        error_log("No iRODS username in OpenID for user " . $geni_user->urn());
                    }
                    break;
                case 'http://geni.net/irods/zone':
                    /* Get the IRods zone for this user. */
                    $irods_zone = irods_default_zone();
                    /* Only send it if it exists. */
                    if ($irods_zone) {
                        error_log("Returning iRODS zone {$irods_zone} for user " . $geni_user->urn());
                        $ax_response->addValue($ax_req_type, $irods_zone);
                    } else {
                        error_log("No iRODS zone in OpenID for user " . $geni_user->urn());
                    }
                    break;
            }
        }
        $ax_response->toMessage($response->fields);
    }
    // Generate a response to send to the user agent.
    $webresponse =& $server->encodeResponse($response);
    $new_headers = array();
    foreach ($webresponse->headers as $k => $v) {
        $new_headers[] = $k . ": " . $v;
    }
    return array($new_headers, $webresponse->body);
}
Пример #14
0
 public function proceedAction()
 {
     // needed for unit tests
     $this->_helper->layout->disableLayout();
     $this->_helper->viewRenderer->setNeverRender(true);
     $server = $this->_getOpenIdProvider();
     $request = $server->decodeRequest();
     if ($request->idSelect()) {
         $id = $this->user->openid;
     } else {
         $id = null;
     }
     $response = $request->answer(true, null, $id);
     if ($this->_hasSreg($request) && $this->_getParam('profileId')) {
         $profiles = new Users_Model_Profiles();
         $profile = $profiles->getRowInstance($this->_getParam('profileId'));
         $personalInfoForm = Users_Form_PersonalInfo::getForm($request, $profile);
         $formData = $this->_request->getPost();
         $personalInfoForm->populate($formData);
         // not planning on validating stuff here yet, but I call this
         // for the date element to be filled properly
         $foo = $personalInfoForm->isValid($formData);
         $sregResponse = Auth_OpenID_SRegResponse::extractResponse($personalInfoForm->getSregRequest(), $personalInfoForm->getUnqualifiedValues());
         $sregResponse->toMessage($response->fields);
     }
     $trustRoot = $this->_getTrustRoot($request);
     if ($this->_getParam('allow')) {
         if ($this->_getParam('forever')) {
             $sites = new Model_Sites();
             $sites->deleteForUserSite($this->user, $trustRoot);
             $siteObj = $sites->createRow();
             $siteObj->user_id = $this->user->id;
             $siteObj->site = $trustRoot;
             $siteObj->creation_date = date('Y-m-d');
             if (isset($personalInfoForm)) {
                 $trusted = array();
                 // using this key name for BC pre 1.1 when we used Zend_OpenId
                 $trusted['Zend_OpenId_Extension_Sreg'] = $personalInfoForm->getUnqualifiedValues();
             } else {
                 $trusted = true;
             }
             $siteObj->trusted = serialize($trusted);
             $siteObj->save();
         }
         $this->_saveHistory($trustRoot, Model_History::AUTHORIZED);
         require_once 'libs/Auth/OpenID/PAPE.php';
         if ($papeRequest = Auth_OpenID_PAPE_Request::fromOpenIDRequest($request)) {
             $this->_processPape($papeRequest, $response);
         }
         $webresponse = $server->encodeResponse($response);
         foreach ($webresponse->headers as $k => $v) {
             if ($k == 'location') {
                 $this->_response->setRedirect($v);
             } else {
                 $this->_response->setHeader($k, $v);
             }
         }
         $this->_response->setHeader('Connection', 'close');
         $this->_response->appendBody($webresponse->body);
     } elseif ($this->_getParam('deny')) {
         if ($this->_getParam('forever')) {
             $sites = new Model_Sites();
             $sites->deleteForUserSite($this->user, $trustRoot);
             $siteObj = $sites->createRow();
             $siteObj->user_id = $this->user->id;
             $siteObj->site = $trustRoot;
             $siteObj->creation_date = date('Y-m-d');
             $siteObj->trusted = serialize(false);
             $siteObj->save();
         }
         $this->_saveHistory($trustRoot, Model_History::DENIED);
         return $this->_sendResponse($server, $request->answer(false));
     }
 }
 public function trustAction(Request $request)
 {
     if (!$this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
         $request->getSession()->set('_security.target_path', $request->headers->get('referer'));
         throw new AccessDeniedException();
     }
     require_once 'Auth/OpenID/SReg.php';
     $server = $this->getServer();
     $params = $request->server->get('QUERY_STRING');
     $params = $this->decodeQuery($params);
     $openidRequest = $server->decodeRequest($params);
     if (!$openidRequest) {
         throw new HttpException(400);
     }
     if (!$openidRequest instanceof \Auth_OpenID_Request) {
         return $this->handleServerError($openidRequest);
     }
     if ('checkid_setup' !== $openidRequest->mode) {
         throw new HttpException(400);
     }
     $sRegRequest = \Auth_OpenID_SRegRequest::fromOpenIDRequest($openidRequest);
     $user = $this->securityContext->getToken()->getUser();
     $fields = $this->getFieldsData($user, $sRegRequest);
     $form = $this->createTrustForm($user, $sRegRequest);
     if ('POST' === $request->getMethod()) {
         $form->bindRequest($request);
         $trust = $request->request->get('trust');
         if ($form->isValid() && !empty($trust)) {
             $unique = $this->adapter->getUserUnique($user);
             $identifier = $this->getIdentifierUri($unique);
             $openidResponse = $openidRequest->answer(true, null, $identifier);
             $sRegResponse = \Auth_OpenID_SRegResponse::extractResponse($sRegRequest, $fields);
             $sRegResponse->toMessage($openidResponse->fields);
             $webResponse = $server->encodeResponse($openidResponse);
             return $this->convertResponse($webResponse);
         }
     }
     $template = 'AlbOpenIDServerBundle:OpenIDServer:trust.html.twig';
     return $this->render($template, array('form' => $form->createView(), 'form_action' => $this->getTrustUri($params), 'requested_fields' => $fields));
 }