/**
* testSetAndGetCheckAuthResponse
*
* @return void
*/
public function testSetAndGetCheckAuthResponse()
{
$message = new OpenID_Message();
$message->set('openid.id_res', 'true');
$this->result->setCheckAuthResponse($message);
$this->assertSame($message, $this->result->getCheckAuthResponse());
}
/**
* uritoArray
*
* @param string $string The URI to parse
*
* @return array
*/
function uritoArray($string)
{
$exploded = explode('?', $string);
if (count($exploded) > 1) {
$queryString = $exploded[1];
} else {
$queryString = $exploded[0];
}
$message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
return $message->getArrayFormat();
}
/**
* Initialize the diffie-hellman parameters for the association request.
*
* @return void
*/
public function init()
{
if ($this->cdh === null) {
$this->cdh = new Crypt_DiffieHellman(self::DH_DEFAULT_MODULUS, self::DH_DEFAULT_GENERATOR);
$this->cdh->generateKeys();
}
// Set public key
$this->message->set('openid.dh_consumer_public', base64_encode($this->cdh->getPublicKey(Crypt_DiffieHellman::BTWOC)));
// Set modulus
$prime = $this->cdh->getPrime(Crypt_DiffieHellman::BTWOC);
$this->message->set('openid.dh_modulus', base64_encode($prime));
// Set prime
$gen = $this->cdh->getGenerator(Crypt_DiffieHellman::BTWOC);
$this->message->set('openid.dh_gen', base64_encode($gen));
}
/**
* Validates the nonce embedded in the openid.return_to paramater and deletes
* it from storage.. (For use with OpenID 1.1 only)
*
* @return void
* @throws OpenID_Assertion_Exception on invalid or non-existing nonce
*/
protected function validateReturnToNonce()
{
$returnTo = $this->message->get('openid.return_to');
if ($returnTo === null) {
// Must be a checkid_immediate negative assertion.
$rtURL2 = new Net_URL2($this->message->get('openid.user_setup_url'));
$rtqs = $rtURL2->getQueryVariables();
$returnTo = $rtqs['openid.return_to'];
$identity = $rtqs['openid.identity'];
}
$netURL = new Net_URL2($returnTo);
$qs = $netURL->getQueryVariables();
if (!array_key_exists(OpenID_Nonce::RETURN_TO_NONCE, $qs)) {
throw new OpenID_Assertion_Exception('Missing OpenID 1.1 return_to nonce');
}
if (!isset($identity)) {
$identity = $this->message->get('openid.identity');
}
$nonce = $qs[OpenID_Nonce::RETURN_TO_NONCE];
$discover = $this->getDiscover($identity);
$endPoint = $discover->services[0];
$URIs = $endPoint->getURIs();
$opURL = array_shift($URIs);
$fromStore = self::getStore()->getNonce(urldecode($nonce), $opURL);
// Observing
$logMessage = "returnTo: {$returnTo}\n";
$logMessage .= 'OP URIs: ' . print_r($endPoint->getURIs(), true) . "\n";
$logMessage .= 'Nonce in storage?: ' . var_export($fromStore, true) . "\n";
OpenID::setLastEvent(__METHOD__, $logMessage);
if (!$fromStore) {
throw new OpenID_Assertion_Exception('Invalid OpenID 1.1 return_to nonce in response');
}
self::getStore()->deleteNonce($nonce, $opURL);
}
/**
* testAddExtension
*
* @return void
*/
public function testAddExtension()
{
$extension = new OpenID_Extension_AX(OpenID_Extension::REQUEST);
$extension->set('foo', 'bar');
$this->object->addExtension($extension);
$this->assertSame('bar', $this->object->get('openid.ax.foo'));
}
/**
* Adds a nonce to the openid.return_to URL parameter. Only used in OpenID 1.1
*
* @return void
*/
protected function addNonce()
{
$nonce = $this->getNonce()->createNonceAndStore();
$returnToURL = new Net_URL2($this->message->get('openid.return_to'));
$returnToURL->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, urlencode($nonce));
$this->message->set('openid.return_to', $returnToURL->getURL());
// Observing
$logMessage = "Nonce: {$nonce}\n";
$logMessage = 'New ReturnTo: ' . $returnToURL->getURL() . "\n";
$logMessage .= 'OP URIs: ' . print_r($this->serviceEndpoint->getURIs(), true);
OpenID::setLastEvent(__METHOD__, $logMessage);
}
/**
* testNoSignedKeys
*
* @return void
*/
public function testNoSignedKeys()
{
$message = new OpenID_Message();
$message->set('openid.assoc_handle', $this->object->assocHandle);
$message->set('openid.op_endpoint', 'http://example.com');
$this->assertFalse($this->object->checkMessageSignature($message));
}
/**
* testGetAuthorizeURLSignonLocalIDOneOne
*
* @return void
*/
public function testGetAuthorizeURLSignonLocalIDOneOne()
{
$opEndpoint = new OpenID_ServiceEndpoint();
$opEndpoint->setVersion(OpenID::SERVICE_1_1_SIGNON);
$opEndpoint->setTypes(array(OpenID::SERVICE_1_1_SIGNON));
$opEndpoint->setLocalID($this->identifier);
$opEndpoint->setURIs(array($this->opURL));
OpenID_Discover_Mock::$opEndpoint = $opEndpoint;
$this->setObjects();
$url = $this->authRequest->getAuthorizeURL();
$split = preg_split('/\\?/', $url);
$message = new OpenID_Message($split[1], OpenID_Message::FORMAT_HTTP);
$this->assertNotSame($this->returnTo, $message->get('openid.return_to'));
$this->assertSame($this->identifier, $message->get('openid.identity'));
$this->assertSame(null, $message->get('openid.claimed_id'));
$this->assertSame($this->opURL, $split[0]);
// Mock nonce/store rather than have a new one created
$store = new OpenID_Store_Mock();
$nonce = new OpenID_Nonce($this->opURL, null, $store);
$this->authRequest->setNonce($nonce);
$url = $this->authRequest->getAuthorizeURL();
}
/**
* Gets the current session type
*
* @return string Current session type (sha1, sha256, or no-encryption)
*/
public function getSessionType()
{
return $this->message->get('openid.session_type');
}
/**
* Verifies an assertion response from the OP. If the openid.mode is error, an
* exception is thrown.
*
* @param Net_URL2 $requestedURL The requested URL (that the user was
* directed to by the OP) as a Net_URL2
* object
* @param OpenID_Message $message The OpenID_Message instance, as extractd
* from the input (GET or POST)
*
* @throws OpenID_Exception on error or invalid openid.mode
* @return OpenID_Assertion_Response
*/
public function verify(Net_URL2 $requestedURL, OpenID_Message $message)
{
// Unsolicited assertion?
if ($this->normalizedID === null) {
$unsolicitedID = $message->get('openid.claimed_id');
$this->normalizedID = OpenID::normalizeIdentifier($unsolicitedID);
}
$mode = $message->get('openid.mode');
$result = new OpenID_Assertion_Result();
OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true));
switch ($mode) {
case OpenID::MODE_ID_RES:
if ($message->get('openid.ns') === null && $message->get('openid.user_setup_url') !== null) {
// Negative 1.1 checkid_immediate response
$result->setAssertionMethod($mode);
$result->setUserSetupURL($message->get('openid.user_setup_url'));
return $result;
}
break;
case OpenID::MODE_CANCEL:
case OpenID::MODE_SETUP_NEEDED:
$result->setAssertionMethod($mode);
return $result;
case OpenID::MODE_ERROR:
throw new OpenID_Exception($message->get('openid.error'));
default:
throw new OpenID_Exception('Unknown mode: ' . $mode);
}
$discover = $this->getDiscover();
$serviceEndpoint = $discover->services[0];
$URIs = $serviceEndpoint->getURIs();
$opEndpointURL = array_shift($URIs);
$assertion = $this->getAssertionObject($message, $requestedURL);
$result->setDiscover($discover);
// Check via associations
if ($this->useAssociations) {
if ($message->get('openid.invalidate_handle') === null) {
// Don't fall back to check_authentication
$result->setAssertionMethod(OpenID::MODE_ASSOCIATE);
$assoc = $this->getStore()->getAssociation($opEndpointURL, $message->get('openid.assoc_handle'));
OpenID::setLastEvent(__METHOD__, print_r($assoc, true));
if ($assoc instanceof OpenID_Association && $assoc->checkMessageSignature($message)) {
$result->setAssertionResult(true);
}
// If it's not an unsolicited assertion, just return
if (!isset($unsolicitedID)) {
return $result;
}
} else {
// Invalidate handle requested. Delete it and fall back to
// check_authenticate
$this->getStore()->deleteAssociation($opEndpointURL);
}
}
// Check via check_authenticate
$result->setAssertionMethod(OpenID::MODE_CHECK_AUTHENTICATION);
$result->setCheckAuthResponse($assertion->checkAuthentication());
if ($result->getCheckAuthResponse()->get('is_valid') == 'true') {
$result->setAssertionResult(true);
}
return $result;
}
/**
* testDirectRequest
*
* @return void
*/
public function testDirectRequest()
{
$this->setExpectedException('OpenID_Exception', 'foobar');
$request = $this->getMock('HTTP_Request2', array('send'));
$request->expects($this->once())->method('send')->will($this->throwException(new HTTP_Request2_Exception('foobar')));
$openid = $this->getMock('OpenID', array('getHTTPRequest2Instance'));
$openid->expects($this->once())->method('getHTTPRequest2Instance')->will($this->returnValue($request));
$message = new OpenID_Message();
$message->set('foo', 'bar');
$openid->directRequest('http://example.com', $message);
}
/**
* testValidateReturnToOneOneImmediateNegative
*
* @return void
*/
public function testValidateReturnToOneOneImmediateNegative()
{
$opEndpoint = new OpenID_ServiceEndpoint();
$opEndpoint->setURIs(array($this->opEndpointURL));
$opEndpoints = new OpenID_ServiceEndpoints($this->claimedID, $opEndpoint);
$nonce = new OpenID_Nonce($this->opEndpointURL);
$nonceValue = $nonce->createNonce();
$rt = new Net_URL2('http://examplerp.com');
$rt->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$setupMessage = new OpenID_Message();
$setupMessage->set('openid.identity', $this->claimedID);
$setupMessage->set('openid.return_to', $rt->getURL());
$setupMessage->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$this->message = new OpenID_Message();
$this->message->set('openid.mode', OpenID::MODE_ID_RES);
$this->message->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue);
$this->message->set('openid.user_setup_url', 'http://examplerp.com/?' . $setupMessage->getHTTPFormat());
$this->discover = $this->getMock('OpenID_Discover', array('__get'), array($this->claimedID));
$this->discover->expects($this->once())->method('__get')->will($this->returnValue($opEndpoints));
$this->store->expects($this->once())->method('getDiscover')->will($this->returnValue($this->discover));
$this->store->expects($this->any())->method('getNonce')->will($this->returnValue($nonceValue));
$this->createObjects();
}
exit;
}
if (isset($_SESSION['openid_url'])) {
$usid = $_SESSION['openid_url'];
unset($_SESSION['openid_url']);
} else {
$usid = null;
}
unset($_SESSION['disable_associations']);
if (!count($_POST)) {
list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
} else {
// I hate php sometimes
$queryString = file_get_contents('php://input');
}
$message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
$id = $message->get('openid.claimed_id');
$mode = $message->get('openid.mode');
try {
$sep = '?';
if (strpos($returnTo, '?') !== false) {
$sep = '&';
}
$result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message);
if ($result->success()) {
$status = "<tr><td>Status:</td><td><font color='green'>SUCCESS!";
$status .= " ({$result->getAssertionMethod()})</font></td></tr>";
} else {
if ($bAutologin) {
$alres = new Login_AutologinResponse('error', 'Error logging in: ' . $result->getAssertionMethod());
$alres->send();
/**
* Sends a direct HTTP request.
*
* @param string $url URL to send the request to
* @param OpenID_Message $message Contains message contents
* @param array $options Options to pass to HTTP_Request2
*
* @see getHTTPRequest2Instance()
* @throws OpenID_Exception if send() fails
* @return HTTP_Request2_Response
*/
public function directRequest($url, OpenID_Message $message, array $options = array())
{
$request = $this->getHTTPRequest2Instance();
$request->setConfig($options);
$request->setURL($url);
// Require POST, per the spec
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setBody($message->getHTTPFormat());
try {
return $request->send();
} catch (HTTP_Request2_Exception $e) {
throw new OpenID_Exception($e->getMessage(), $e->getCode());
}
}
/**
* Signs an OpenID_Message instance
*
* @param OpenID_Message $message Message to be signed
*
* @throws OpenID_Association_Exception if the message is already signed,
or the association handles do not match
* @return void
*/
public function signMessage(OpenID_Message $message)
{
if ($message->get('openid.sig') !== null || $message->get('openid.signed') !== null) {
throw new OpenID_Association_Exception('This message appears to be already signed');
}
// Make sure the handles match for this OP and response
if ($this->assocHandle != $message->get('openid.assoc_handle')) {
throw new OpenID_Association_Exception('Association handles do not match');
}
$keys = array('signed');
foreach ($message->getArrayFormat() as $key => $val) {
if (strncmp('openid.', $key, 7) == 0) {
$keys[] = substr($key, 7);
}
}
sort($keys);
$message->set('openid.signed', implode(',', $keys));
$signedMessage = new OpenID_Message();
foreach ($keys as $key) {
$signedMessage->set($key, $message->get('openid.' . $key));
}
$rawSignature = $this->hashHMAC($signedMessage->getKVFormat());
$message->set('openid.sig', base64_encode($rawSignature));
}
/**
* testFromMessageReponseNoResponseKeys
*
* @return void
*/
public function testFromMessageReponseNoResponseKeys()
{
$extension = new OpenID_Extension_MockNoResponseKeys(OpenID_Extension::RESPONSE);
$message = new OpenID_Message();
// Make sure we iterate over the message at least once
$message->set('openid.ns.mock', 'http://example.com/mock');
$message->set('openid.mock.foo', 'bar');
$response = $extension->fromMessageResponse($message);
$this->assertSame(1, count($response));
}
/**
* Extracts extension contents from an OpenID_Message
*
* @param OpenID_Message $message OpenID_Message to extract the extension
* contents from
*
* @return array An array of the extension's key/value pairs
*/
public function fromMessageResponse(OpenID_Message $message)
{
$values = array();
$alias = null;
foreach ($message->getArrayFormat() as $ns => $value) {
if (!preg_match('/^openid[.]ns[.]([^.]+)$/', $ns, $matches)) {
continue;
}
$nsFromMessage = $message->get('openid.ns.' . $matches[1]);
if ($nsFromMessage !== null && $nsFromMessage != $this->namespace) {
continue;
}
$alias = $matches[1];
}
if ($alias === null) {
return $values;
}
if (count($this->responseKeys)) {
// Only use allowed response keys
foreach ($this->responseKeys as $key) {
$value = $message->get('openid.' . $alias . '.' . $key);
if ($value !== null) {
$values[$key] = $value;
}
}
} else {
// Just grab all message components
foreach ($message->getArrayFormat() as $key => $value) {
if (preg_match('/^openid[.]' . $alias . '[.](.*+)$/', $key, $matches)) {
$values[$matches[1]] = $value;
}
}
}
return $values;
}
$contents = "<div class='relyingparty_results'>\n";
$contents .= "<pre>" . $e->getMessage() . "</pre>\n";
$contents .= "</div class='relyingparty_results'>";
Show_page($contents);
exit;
}
$url = $authRequest->getAuthorizeURL();
header("Location: {$url}");
exit;
} else {
/* Grab query string */
if (!count($_POST)) {
list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
} else {
// I hate php sometimes
$queryString = file_get_contents('php://input');
}
/* Check reply */
$message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
$id = $message->get('openid.claimed_id');
if (!empty($id) && isset($AUTH_MAP[$id])) {
$_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user'];
$_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password'];
session_write_close();
/* Redirect to phpMyAdmin (should use absolute URL here!) */
header('Location: ../index.php');
} else {
Show_page('<p>User not allowed!</p>');
exit;
}
}
/**
* testGetAssertionObject
*
* @return void
*/
public function testGetAssertionObject()
{
$this->store->expects($this->any())->method('getDiscover')->will($this->returnValue($this->discover));
$this->store->expects($this->once())->method('getNonce')->will($this->returnValue(false));
$nonceObj = new OpenID_Nonce($this->opEndpointURL);
$nonce = $nonceObj->createNonce();
$message = new OpenID_Message();
$message->set('openid.mode', 'id_res');
$message->set('openid.ns', OpenID::NS_2_0);
$message->set('openid.return_to', $this->returnTo);
$message->set('openid.claimed_id', $this->id);
$message->set('openid.identity', $this->id);
$message->set('openid.op_endpoint', $this->opEndpointURL);
$message->set('openid.invalidate_handle', '12345qwerty');
$message->set('openid.response_nonce', $nonce);
$rp = new OpenID_RelyingParty_Mock($this->id, $this->returnTo, $this->realm);
$this->assertInstanceOf('OpenID_Assertion', $rp->returnGetAssertionObject($message, new Net_URL2($this->returnTo)));
}
