function checkid($req)
{
// This function does the logic for the checkid functions.
// Since the only difference in behavior between them is how
// authentication errors are handled, this does all logic for
// dealing with successful authentication, and raises an
// exception for its caller to handle on a failed authentication.
$tr = TrustRoot::parse($req->get('trust_root'));
if (!$tr) {
//raise ProtocolError('Malformed trust_root: %s' % req.trust_root)
$error = sprintf('Malformed trust_root: %s', $req->get('trust_root'));
return OpenIDServer::_error_page($error);
}
if (!$tr->isSane()) {
// raise ProtocolError('trust_root %r makes no sense' % req.trust_root)
$error = sprintf('trust_root %s makes no sense', $req->get('trust_root'));
return OpenIDServer::_error_page($error);
}
if (!$tr->validateURL($req->get('return_to'))) {
// raise ProtocolError('url(%s) not valid against trust_root(%s)' % (
// req.return_to, req.trust_root))
$error = sprintf('url(%s) not valid against trust_root(%s)', $req->get('return_to'), $req->get('trust_root'));
return OpenIDServer::_error_page($error);
}
if (!$this->is_valid($req)) {
// raise AuthenticationError
return _oid_authentication_error;
}
$reply = array('openid.mode' => 'id_res', 'openid.return_to' => $req->get('return_to'), 'openid.identity' => $req->get('identity'));
$assoc_handle = $req->get('assoc_handle');
if ($assoc_handle) {
$assoc = $this->estore->lookup($assoc_handle, 'HMAC-SHA1');
// fall back to dumb mode if assoc_handle not found,
// and send the consumer an invalidate_handle message
if (!$assoc || $assoc->get_expires_in() <= 0) {
if ($assoc && $assoc->get_expires_in() <= 0) {
$this->estore->remove($assoc->handle);
}
$assoc = $this->istore->get('HMAC-SHA1');
$reply['openid.invalidate_handle'] = $assoc_handle;
}
} else {
$assoc = $this->istore->get('HMAC-SHA1');
}
$reply['openid.assoc_handle'] = $assoc->handle;
$_signed_fields = array('mode', 'identity', 'return_to');
list($signed, $sig) = oidUtil::sign_reply($reply, $assoc->secret, $_signed_fields);
$reply['openid.signed'] = $signed;
$reply['openid.sig'] = $sig;
return redirect(oidUtil::append_args($req->get('return_to'), $reply));
}
function checkURL($trust_root, $url)
{
// quick func for validating a url against a trust root. See the
// TrustRoot class if you need more control.
$tr = TrustRoot::parse($trust_root, true);
return $tr && $tr->validateURL($url);
}
