public function testUrlFetchQueryWithQuery()
{
$url = self::$urlWithQuery;
$result = ezcAuthenticationUrl::fetchQuery($url, 'action');
$expected = 'login';
$this->assertEquals($expected, $result);
}
public function testOpenidWrapperRunModeIdResDbStoreNonceInvalid()
{
$_GET = self::$requestCheckAuthenticationGet;
$_GET['openid_mode'] = 'id_res';
$nonce = '123456';
$_GET['openid_return_to'] = ezcAuthenticationUrl::appendQuery($_GET['openid_return_to'], 'nonce', $nonce);
$options = new ezcAuthenticationOpenidOptions();
$options->store = new ezcAuthenticationOpenidDbStore($this->db);
$credentials = new ezcAuthenticationIdCredentials(self::$url);
$filter = new ezcAuthenticationOpenidWrapper($options);
$result = $filter->run($credentials);
$this->assertEquals(ezcAuthenticationOpenidFilter::STATUS_NONCE_INCORRECT, $result);
}
/**
* Connects to $provider (checkid_immediate OpenID request) and returns an
* URL (setup URL) which can be used by the application in a pop-up window.
*
* The format of the check_authentication $params array is:
* <code>
* array(
* 'openid.return_to' => urlencode( URL ),
* 'openid.trust_root' => urlencode( URL ),
* 'openid.identity' => urlencode( URL ),
* 'openid.mode' => 'checkid_immediate'
* );
* </code>
*
* @throws ezcAuthenticationOpenidException
* if connection to the OpenID provider could not be opened
* @param string $provider The OpenID provider (discovered in HTML or Yadis)
* @param array(string=>string) $params OpenID parameters for checkid_immediate mode
* @param string $method The method to connect to the provider (default GET)
* @return bool
*/
protected function checkImmediate($provider, array $params, $method = 'GET')
{
$parts = parse_url($provider);
$path = isset($parts['path']) ? $parts['path'] : '/';
$host = isset($parts['host']) ? $parts['host'] : null;
$port = 80;
$connection = @fsockopen($host, $port, $errno, $errstr, $this->options->timeoutOpen);
if (!$connection) {
throw new ezcAuthenticationOpenidException("Could not connect to host {$host}:{$port}: {$errstr}.");
} else {
stream_set_timeout($connection, $this->options->timeout);
$url = $path . '?' . urldecode(http_build_query($params));
$headers = array("{$method} {$url} HTTP/1.0", "Host: {$host}", "Connection: close");
fputs($connection, implode("\r\n", $headers) . "\r\n\r\n");
$src = stream_get_contents($connection);
fclose($connection);
$pattern = "/Location:\\s(.*)/";
if (preg_match($pattern, $src, $matches) > 0) {
$returnUrl = trim($matches[1]);
// get the query parameters from the response URL
$query = parse_url($returnUrl, PHP_URL_QUERY);
$vars = ezcAuthenticationUrl::parseQueryString($query);
// get the openid.user_setup_url value from the response URL
$setupUrl = isset($vars['openid.user_setup_url']) ? $vars['openid.user_setup_url'] : false;
if ($setupUrl !== false) {
// the next call to OpenID will be check_authentication
$vars['openid.mode'] = 'check_authentication';
// get the query parameters from the openid.user_setup_url in $setupParams
// and the other parts of the URL in $parts
$parts = parse_url($setupUrl);
$query = isset($parts['query']) ? $parts['query'] : false;
$setupParams = ezcAuthenticationUrl::parseQueryString($query);
// merge the setup_url query parameters with all the other query parameters
$params = array_merge($vars, $setupParams);
// return the setup URL combined with the rest of the query parameters
$parts['query'] = $params;
$setupUrl = ezcAuthenticationUrl::buildUrl($parts);
}
return $setupUrl;
}
}
// the response from the OpenID server did not contain setup_url
return false;
}
