public function testUrlFetchQueryWithQuery() { $url = self::$urlWithQuery; $result = ezcAuthenticationUrl::fetchQuery($url, 'action'); $expected = 'login'; $this->assertEquals($expected, $result); }
public function testOpenidWrapperRunModeIdResDbStoreNonceInvalid() { $_GET = self::$requestCheckAuthenticationGet; $_GET['openid_mode'] = 'id_res'; $nonce = '123456'; $_GET['openid_return_to'] = ezcAuthenticationUrl::appendQuery($_GET['openid_return_to'], 'nonce', $nonce); $options = new ezcAuthenticationOpenidOptions(); $options->store = new ezcAuthenticationOpenidDbStore($this->db); $credentials = new ezcAuthenticationIdCredentials(self::$url); $filter = new ezcAuthenticationOpenidWrapper($options); $result = $filter->run($credentials); $this->assertEquals(ezcAuthenticationOpenidFilter::STATUS_NONCE_INCORRECT, $result); }
/** * Connects to $provider (checkid_immediate OpenID request) and returns an * URL (setup URL) which can be used by the application in a pop-up window. * * The format of the check_authentication $params array is: * <code> * array( * 'openid.return_to' => urlencode( URL ), * 'openid.trust_root' => urlencode( URL ), * 'openid.identity' => urlencode( URL ), * 'openid.mode' => 'checkid_immediate' * ); * </code> * * @throws ezcAuthenticationOpenidException * if connection to the OpenID provider could not be opened * @param string $provider The OpenID provider (discovered in HTML or Yadis) * @param array(string=>string) $params OpenID parameters for checkid_immediate mode * @param string $method The method to connect to the provider (default GET) * @return bool */ protected function checkImmediate($provider, array $params, $method = 'GET') { $parts = parse_url($provider); $path = isset($parts['path']) ? $parts['path'] : '/'; $host = isset($parts['host']) ? $parts['host'] : null; $port = 80; $connection = @fsockopen($host, $port, $errno, $errstr, $this->options->timeoutOpen); if (!$connection) { throw new ezcAuthenticationOpenidException("Could not connect to host {$host}:{$port}: {$errstr}."); } else { stream_set_timeout($connection, $this->options->timeout); $url = $path . '?' . urldecode(http_build_query($params)); $headers = array("{$method} {$url} HTTP/1.0", "Host: {$host}", "Connection: close"); fputs($connection, implode("\r\n", $headers) . "\r\n\r\n"); $src = stream_get_contents($connection); fclose($connection); $pattern = "/Location:\\s(.*)/"; if (preg_match($pattern, $src, $matches) > 0) { $returnUrl = trim($matches[1]); // get the query parameters from the response URL $query = parse_url($returnUrl, PHP_URL_QUERY); $vars = ezcAuthenticationUrl::parseQueryString($query); // get the openid.user_setup_url value from the response URL $setupUrl = isset($vars['openid.user_setup_url']) ? $vars['openid.user_setup_url'] : false; if ($setupUrl !== false) { // the next call to OpenID will be check_authentication $vars['openid.mode'] = 'check_authentication'; // get the query parameters from the openid.user_setup_url in $setupParams // and the other parts of the URL in $parts $parts = parse_url($setupUrl); $query = isset($parts['query']) ? $parts['query'] : false; $setupParams = ezcAuthenticationUrl::parseQueryString($query); // merge the setup_url query parameters with all the other query parameters $params = array_merge($vars, $setupParams); // return the setup URL combined with the rest of the query parameters $parts['query'] = $params; $setupUrl = ezcAuthenticationUrl::buildUrl($parts); } return $setupUrl; } } // the response from the OpenID server did not contain setup_url return false; }