/** * testSetAndGetCheckAuthResponse * * @return void */ public function testSetAndGetCheckAuthResponse() { $message = new OpenID_Message(); $message->set('openid.id_res', 'true'); $this->result->setCheckAuthResponse($message); $this->assertSame($message, $this->result->getCheckAuthResponse()); }
/** * uritoArray * * @param string $string The URI to parse * * @return array */ function uritoArray($string) { $exploded = explode('?', $string); if (count($exploded) > 1) { $queryString = $exploded[1]; } else { $queryString = $exploded[0]; } $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); return $message->getArrayFormat(); }
/** * Initialize the diffie-hellman parameters for the association request. * * @return void */ public function init() { if ($this->cdh === null) { $this->cdh = new Crypt_DiffieHellman(self::DH_DEFAULT_MODULUS, self::DH_DEFAULT_GENERATOR); $this->cdh->generateKeys(); } // Set public key $this->message->set('openid.dh_consumer_public', base64_encode($this->cdh->getPublicKey(Crypt_DiffieHellman::BTWOC))); // Set modulus $prime = $this->cdh->getPrime(Crypt_DiffieHellman::BTWOC); $this->message->set('openid.dh_modulus', base64_encode($prime)); // Set prime $gen = $this->cdh->getGenerator(Crypt_DiffieHellman::BTWOC); $this->message->set('openid.dh_gen', base64_encode($gen)); }
/** * Validates the nonce embedded in the openid.return_to paramater and deletes * it from storage.. (For use with OpenID 1.1 only) * * @return void * @throws OpenID_Assertion_Exception on invalid or non-existing nonce */ protected function validateReturnToNonce() { $returnTo = $this->message->get('openid.return_to'); if ($returnTo === null) { // Must be a checkid_immediate negative assertion. $rtURL2 = new Net_URL2($this->message->get('openid.user_setup_url')); $rtqs = $rtURL2->getQueryVariables(); $returnTo = $rtqs['openid.return_to']; $identity = $rtqs['openid.identity']; } $netURL = new Net_URL2($returnTo); $qs = $netURL->getQueryVariables(); if (!array_key_exists(OpenID_Nonce::RETURN_TO_NONCE, $qs)) { throw new OpenID_Assertion_Exception('Missing OpenID 1.1 return_to nonce'); } if (!isset($identity)) { $identity = $this->message->get('openid.identity'); } $nonce = $qs[OpenID_Nonce::RETURN_TO_NONCE]; $discover = $this->getDiscover($identity); $endPoint = $discover->services[0]; $URIs = $endPoint->getURIs(); $opURL = array_shift($URIs); $fromStore = self::getStore()->getNonce(urldecode($nonce), $opURL); // Observing $logMessage = "returnTo: {$returnTo}\n"; $logMessage .= 'OP URIs: ' . print_r($endPoint->getURIs(), true) . "\n"; $logMessage .= 'Nonce in storage?: ' . var_export($fromStore, true) . "\n"; OpenID::setLastEvent(__METHOD__, $logMessage); if (!$fromStore) { throw new OpenID_Assertion_Exception('Invalid OpenID 1.1 return_to nonce in response'); } self::getStore()->deleteNonce($nonce, $opURL); }
/** * testAddExtension * * @return void */ public function testAddExtension() { $extension = new OpenID_Extension_AX(OpenID_Extension::REQUEST); $extension->set('foo', 'bar'); $this->object->addExtension($extension); $this->assertSame('bar', $this->object->get('openid.ax.foo')); }
/** * Adds a nonce to the openid.return_to URL parameter. Only used in OpenID 1.1 * * @return void */ protected function addNonce() { $nonce = $this->getNonce()->createNonceAndStore(); $returnToURL = new Net_URL2($this->message->get('openid.return_to')); $returnToURL->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, urlencode($nonce)); $this->message->set('openid.return_to', $returnToURL->getURL()); // Observing $logMessage = "Nonce: {$nonce}\n"; $logMessage = 'New ReturnTo: ' . $returnToURL->getURL() . "\n"; $logMessage .= 'OP URIs: ' . print_r($this->serviceEndpoint->getURIs(), true); OpenID::setLastEvent(__METHOD__, $logMessage); }
/** * testNoSignedKeys * * @return void */ public function testNoSignedKeys() { $message = new OpenID_Message(); $message->set('openid.assoc_handle', $this->object->assocHandle); $message->set('openid.op_endpoint', 'http://example.com'); $this->assertFalse($this->object->checkMessageSignature($message)); }
/** * testGetAuthorizeURLSignonLocalIDOneOne * * @return void */ public function testGetAuthorizeURLSignonLocalIDOneOne() { $opEndpoint = new OpenID_ServiceEndpoint(); $opEndpoint->setVersion(OpenID::SERVICE_1_1_SIGNON); $opEndpoint->setTypes(array(OpenID::SERVICE_1_1_SIGNON)); $opEndpoint->setLocalID($this->identifier); $opEndpoint->setURIs(array($this->opURL)); OpenID_Discover_Mock::$opEndpoint = $opEndpoint; $this->setObjects(); $url = $this->authRequest->getAuthorizeURL(); $split = preg_split('/\\?/', $url); $message = new OpenID_Message($split[1], OpenID_Message::FORMAT_HTTP); $this->assertNotSame($this->returnTo, $message->get('openid.return_to')); $this->assertSame($this->identifier, $message->get('openid.identity')); $this->assertSame(null, $message->get('openid.claimed_id')); $this->assertSame($this->opURL, $split[0]); // Mock nonce/store rather than have a new one created $store = new OpenID_Store_Mock(); $nonce = new OpenID_Nonce($this->opURL, null, $store); $this->authRequest->setNonce($nonce); $url = $this->authRequest->getAuthorizeURL(); }
/** * Gets the current session type * * @return string Current session type (sha1, sha256, or no-encryption) */ public function getSessionType() { return $this->message->get('openid.session_type'); }
/** * Verifies an assertion response from the OP. If the openid.mode is error, an * exception is thrown. * * @param Net_URL2 $requestedURL The requested URL (that the user was * directed to by the OP) as a Net_URL2 * object * @param OpenID_Message $message The OpenID_Message instance, as extractd * from the input (GET or POST) * * @throws OpenID_Exception on error or invalid openid.mode * @return OpenID_Assertion_Response */ public function verify(Net_URL2 $requestedURL, OpenID_Message $message) { // Unsolicited assertion? if ($this->normalizedID === null) { $unsolicitedID = $message->get('openid.claimed_id'); $this->normalizedID = OpenID::normalizeIdentifier($unsolicitedID); } $mode = $message->get('openid.mode'); $result = new OpenID_Assertion_Result(); OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true)); switch ($mode) { case OpenID::MODE_ID_RES: if ($message->get('openid.ns') === null && $message->get('openid.user_setup_url') !== null) { // Negative 1.1 checkid_immediate response $result->setAssertionMethod($mode); $result->setUserSetupURL($message->get('openid.user_setup_url')); return $result; } break; case OpenID::MODE_CANCEL: case OpenID::MODE_SETUP_NEEDED: $result->setAssertionMethod($mode); return $result; case OpenID::MODE_ERROR: throw new OpenID_Exception($message->get('openid.error')); default: throw new OpenID_Exception('Unknown mode: ' . $mode); } $discover = $this->getDiscover(); $serviceEndpoint = $discover->services[0]; $URIs = $serviceEndpoint->getURIs(); $opEndpointURL = array_shift($URIs); $assertion = $this->getAssertionObject($message, $requestedURL); $result->setDiscover($discover); // Check via associations if ($this->useAssociations) { if ($message->get('openid.invalidate_handle') === null) { // Don't fall back to check_authentication $result->setAssertionMethod(OpenID::MODE_ASSOCIATE); $assoc = $this->getStore()->getAssociation($opEndpointURL, $message->get('openid.assoc_handle')); OpenID::setLastEvent(__METHOD__, print_r($assoc, true)); if ($assoc instanceof OpenID_Association && $assoc->checkMessageSignature($message)) { $result->setAssertionResult(true); } // If it's not an unsolicited assertion, just return if (!isset($unsolicitedID)) { return $result; } } else { // Invalidate handle requested. Delete it and fall back to // check_authenticate $this->getStore()->deleteAssociation($opEndpointURL); } } // Check via check_authenticate $result->setAssertionMethod(OpenID::MODE_CHECK_AUTHENTICATION); $result->setCheckAuthResponse($assertion->checkAuthentication()); if ($result->getCheckAuthResponse()->get('is_valid') == 'true') { $result->setAssertionResult(true); } return $result; }
/** * testDirectRequest * * @return void */ public function testDirectRequest() { $this->setExpectedException('OpenID_Exception', 'foobar'); $request = $this->getMock('HTTP_Request2', array('send')); $request->expects($this->once())->method('send')->will($this->throwException(new HTTP_Request2_Exception('foobar'))); $openid = $this->getMock('OpenID', array('getHTTPRequest2Instance')); $openid->expects($this->once())->method('getHTTPRequest2Instance')->will($this->returnValue($request)); $message = new OpenID_Message(); $message->set('foo', 'bar'); $openid->directRequest('http://example.com', $message); }
/** * testValidateReturnToOneOneImmediateNegative * * @return void */ public function testValidateReturnToOneOneImmediateNegative() { $opEndpoint = new OpenID_ServiceEndpoint(); $opEndpoint->setURIs(array($this->opEndpointURL)); $opEndpoints = new OpenID_ServiceEndpoints($this->claimedID, $opEndpoint); $nonce = new OpenID_Nonce($this->opEndpointURL); $nonceValue = $nonce->createNonce(); $rt = new Net_URL2('http://examplerp.com'); $rt->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue); $setupMessage = new OpenID_Message(); $setupMessage->set('openid.identity', $this->claimedID); $setupMessage->set('openid.return_to', $rt->getURL()); $setupMessage->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue); $this->message = new OpenID_Message(); $this->message->set('openid.mode', OpenID::MODE_ID_RES); $this->message->set(OpenID_Nonce::RETURN_TO_NONCE, $nonceValue); $this->message->set('openid.user_setup_url', 'http://examplerp.com/?' . $setupMessage->getHTTPFormat()); $this->discover = $this->getMock('OpenID_Discover', array('__get'), array($this->claimedID)); $this->discover->expects($this->once())->method('__get')->will($this->returnValue($opEndpoints)); $this->store->expects($this->once())->method('getDiscover')->will($this->returnValue($this->discover)); $this->store->expects($this->any())->method('getNonce')->will($this->returnValue($nonceValue)); $this->createObjects(); }
exit; } if (isset($_SESSION['openid_url'])) { $usid = $_SESSION['openid_url']; unset($_SESSION['openid_url']); } else { $usid = null; } unset($_SESSION['disable_associations']); if (!count($_POST)) { list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); } else { // I hate php sometimes $queryString = file_get_contents('php://input'); } $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP); $id = $message->get('openid.claimed_id'); $mode = $message->get('openid.mode'); try { $sep = '?'; if (strpos($returnTo, '?') !== false) { $sep = '&'; } $result = $o->verify(new \Net_URL2($returnTo . $sep . $queryString), $message); if ($result->success()) { $status = "<tr><td>Status:</td><td><font color='green'>SUCCESS!"; $status .= " ({$result->getAssertionMethod()})</font></td></tr>"; } else { if ($bAutologin) { $alres = new Login_AutologinResponse('error', 'Error logging in: ' . $result->getAssertionMethod()); $alres->send();
/** * Sends a direct HTTP request. * * @param string $url URL to send the request to * @param OpenID_Message $message Contains message contents * @param array $options Options to pass to HTTP_Request2 * * @see getHTTPRequest2Instance() * @throws OpenID_Exception if send() fails * @return HTTP_Request2_Response */ public function directRequest($url, OpenID_Message $message, array $options = array()) { $request = $this->getHTTPRequest2Instance(); $request->setConfig($options); $request->setURL($url); // Require POST, per the spec $request->setMethod(HTTP_Request2::METHOD_POST); $request->setBody($message->getHTTPFormat()); try { return $request->send(); } catch (HTTP_Request2_Exception $e) { throw new OpenID_Exception($e->getMessage(), $e->getCode()); } }
/** * Signs an OpenID_Message instance * * @param OpenID_Message $message Message to be signed * * @throws OpenID_Association_Exception if the message is already signed, or the association handles do not match * @return void */ public function signMessage(OpenID_Message $message) { if ($message->get('openid.sig') !== null || $message->get('openid.signed') !== null) { throw new OpenID_Association_Exception('This message appears to be already signed'); } // Make sure the handles match for this OP and response if ($this->assocHandle != $message->get('openid.assoc_handle')) { throw new OpenID_Association_Exception('Association handles do not match'); } $keys = array('signed'); foreach ($message->getArrayFormat() as $key => $val) { if (strncmp('openid.', $key, 7) == 0) { $keys[] = substr($key, 7); } } sort($keys); $message->set('openid.signed', implode(',', $keys)); $signedMessage = new OpenID_Message(); foreach ($keys as $key) { $signedMessage->set($key, $message->get('openid.' . $key)); } $rawSignature = $this->hashHMAC($signedMessage->getKVFormat()); $message->set('openid.sig', base64_encode($rawSignature)); }
/** * testFromMessageReponseNoResponseKeys * * @return void */ public function testFromMessageReponseNoResponseKeys() { $extension = new OpenID_Extension_MockNoResponseKeys(OpenID_Extension::RESPONSE); $message = new OpenID_Message(); // Make sure we iterate over the message at least once $message->set('openid.ns.mock', 'http://example.com/mock'); $message->set('openid.mock.foo', 'bar'); $response = $extension->fromMessageResponse($message); $this->assertSame(1, count($response)); }
/** * Extracts extension contents from an OpenID_Message * * @param OpenID_Message $message OpenID_Message to extract the extension * contents from * * @return array An array of the extension's key/value pairs */ public function fromMessageResponse(OpenID_Message $message) { $values = array(); $alias = null; foreach ($message->getArrayFormat() as $ns => $value) { if (!preg_match('/^openid[.]ns[.]([^.]+)$/', $ns, $matches)) { continue; } $nsFromMessage = $message->get('openid.ns.' . $matches[1]); if ($nsFromMessage !== null && $nsFromMessage != $this->namespace) { continue; } $alias = $matches[1]; } if ($alias === null) { return $values; } if (count($this->responseKeys)) { // Only use allowed response keys foreach ($this->responseKeys as $key) { $value = $message->get('openid.' . $alias . '.' . $key); if ($value !== null) { $values[$key] = $value; } } } else { // Just grab all message components foreach ($message->getArrayFormat() as $key => $value) { if (preg_match('/^openid[.]' . $alias . '[.](.*+)$/', $key, $matches)) { $values[$matches[1]] = $value; } } } return $values; }
$contents = "<div class='relyingparty_results'>\n"; $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; $contents .= "</div class='relyingparty_results'>"; Show_page($contents); exit; } $url = $authRequest->getAuthorizeURL(); header("Location: {$url}"); exit; } else { /* Grab query string */ if (!count($_POST)) { list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); } else { // I hate php sometimes $queryString = file_get_contents('php://input'); } /* Check reply */ $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); $id = $message->get('openid.claimed_id'); if (!empty($id) && isset($AUTH_MAP[$id])) { $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; session_write_close(); /* Redirect to phpMyAdmin (should use absolute URL here!) */ header('Location: ../index.php'); } else { Show_page('<p>User not allowed!</p>'); exit; } }
/** * testGetAssertionObject * * @return void */ public function testGetAssertionObject() { $this->store->expects($this->any())->method('getDiscover')->will($this->returnValue($this->discover)); $this->store->expects($this->once())->method('getNonce')->will($this->returnValue(false)); $nonceObj = new OpenID_Nonce($this->opEndpointURL); $nonce = $nonceObj->createNonce(); $message = new OpenID_Message(); $message->set('openid.mode', 'id_res'); $message->set('openid.ns', OpenID::NS_2_0); $message->set('openid.return_to', $this->returnTo); $message->set('openid.claimed_id', $this->id); $message->set('openid.identity', $this->id); $message->set('openid.op_endpoint', $this->opEndpointURL); $message->set('openid.invalidate_handle', '12345qwerty'); $message->set('openid.response_nonce', $nonce); $rp = new OpenID_RelyingParty_Mock($this->id, $this->returnTo, $this->realm); $this->assertInstanceOf('OpenID_Assertion', $rp->returnGetAssertionObject($message, new Net_URL2($this->returnTo))); }