/** * Handle a standard OpenID server request */ function action_default() { global $store; $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; /*$request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } */ $request = $server->decodeRequest(); if (!$request) { return ""; //about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { $identity = getLoggedInUser(); if (isTrusted($identity, $request->trust_root, $request->return_to)) { if ($request->message->isOpenID1()) { $response =& $request->answer(true); } else { $response =& $request->answer(true, false, getServerURL(), $identity); } } else { if ($request->immediate) { $response =& $request->answer(false, getServerURL()); } else { if (!getLoggedInUser()) { $_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery()); system_message(elgg_echo('openid_server:not_logged_in')); forward('login'); } return trust_render($request); } } addSregFields(&$response); } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
/** * Decodes a query args array into the appropriate * {@link Auth_OpenID_Request} object. */ function decodeRequest($query=null) { if ($query === null) { $query = Auth_OpenID::getQuery(); } return $this->decoder->decode($query); }
/** * Called to interpret the server's response to an OpenID * request. It is called in step 4 of the flow described in the * consumer overview. * * @param string $current_url The URL used to invoke the application. * Extract the URL from your application's web * request framework and specify it here to have it checked * against the openid.current_url value in the response. If * the current_url URL check fails, the status of the * completion will be FAILURE. * * @param array $query An array of the query parameters (key => * value pairs) for this HTTP request. Defaults to null. If * null, the GET or POST data are automatically gotten from the * PHP environment. It is only useful to override $query for * testing. * * @return Auth_OpenID_ConsumerResponse $response A instance of an * Auth_OpenID_ConsumerResponse subclass. The type of response is * indicated by the status attribute, which will be one of * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED. */ function complete($current_url, $query = null) { if ($current_url && !is_string($current_url)) { // This is ugly, but we need to complain loudly when // someone uses the API incorrectly. trigger_error("current_url must be a string; see NEWS file " . "for upgrading notes.", E_USER_ERROR); } if ($query === null) { $query = Auth_OpenID::getQuery(); } $loader = new Auth_OpenID_ServiceEndpointLoader(); $endpoint_data = $this->session->get($this->_token_key); $endpoint = $loader->fromSession($endpoint_data); $message = Auth_OpenID_Message::fromPostArgs($query); $response = $this->consumer->complete($message, $endpoint, $current_url); $this->session->del($this->_token_key); if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) { if ($response->identity_url !== null) { $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix); $disco->cleanup(true); } } return $response; }
function index() { try { $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } $consumer = Injector::inst()->get('MyOpenIDConsumer'); $query = Auth_OpenID::getQuery(); $message = Auth_OpenID_Message::fromPostArgs($query); $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce'); list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id'); error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp)); // Complete the authentication process using the server's response. $response = $consumer->complete(OpenStackIdCommon::getReturnTo()); if ($response->status == Auth_OpenID_CANCEL) { error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN); throw new Exception('The verification was cancelled. Please try again.'); } else { if ($response->status == Auth_OpenID_FAILURE) { error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN); throw new Exception("The OpenID authentication failed."); } else { if ($response->status == Auth_OpenID_SUCCESS) { error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS'); $openid = $response->getDisplayIdentifier(); $openid = OpenStackIdCommon::escape($openid); if ($response->endpoint->canonicalID) { $openid = escape($response->endpoint->canonicalID); } //get user info from openid response $member = null; list($email, $full_name) = $this->getUserProfileInfo($response); if (!is_null($email)) { //try to get user by email $member = $this->member_repository->findByEmail($email); } if (!$member) { // or by openid $member = Member::get()->filter('IdentityURL', $openid)->first(); } if ($member) { $result = $member->canLogIn(); if ($result->valid()) { $member->setIdentityUrl($openid); $member->write(); $member->LogIn(true); return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } throw new Exception("Inactive User!"); } throw new Exception("The OpenID authentication failed: can not find user " . $openid); } } } } catch (Exception $ex) { Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); SS_Log::log($ex, SS_Log::WARN); return $this->redirect("Security/badlogin"); } }
function test_getQuery() { $queries = array('' => array(), 'single' => array(), 'no&pairs' => array(), 'x%3Dy' => array(), 'single&real=value' => array('real' => 'value'), 'x=y&m=x%3Dn' => array('x' => 'y', 'm' => 'x=n'), '&m=x%20y' => array('m' => 'x y'), 'single&&m=x%20y&bogus' => array('m' => 'x y'), 'too=many=equals&' => array('too' => 'many=equals')); foreach ($queries as $s => $data) { $query = Auth_OpenID::getQuery($s); foreach ($data as $key => $value) { $this->assertTrue($query[$key] === $value); } foreach ($query as $key => $value) { $this->assertTrue($data[$key] === $value); } } }
public function GetQueryStringForRequest() { foreach (Auth_OpenID::getQuery() as $key => $value) { if (strpos($key, 'openid.') === 0) { $args[$key] = $value; } } return http_build_query($args); }
/** * @todo check whether the url field causes errors due to rewriting */ public function getResponse($aReturnTo) { $OpenIDConsumer = new Auth_OpenID_Consumer($this->OpenIDStorage, $this->OpenIDSessionInterface); return $OpenIDConsumer->complete($aReturnTo, Auth_OpenID::getQuery()); }
function test_getCancelURL() { $url = $this->request->getCancelURL(); $parsed = parse_url($url); $query = Auth_OpenID::getQuery($parsed['query']); $this->assertEquals(array('openid.mode' => 'cancel', 'openid.ns' => Auth_OpenID_OPENID2_NS), $query); }
/** * Called to interpret the server's response to an OpenID * request. It is called in step 4 of the flow described in the * consumer overview. * * @param array $query An array of the query parameters (key => * value pairs) for this HTTP request. Defaults to null. If * null, the GET or POST data are automatically gotten from the * PHP environment. It is only useful to override $query for * testing. * * @return Auth_OpenID_ConsumerResponse $response A instance of an * Auth_OpenID_ConsumerResponse subclass. The type of response is * indicated by the status attribute, which will be one of * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED. */ function complete($query = null) { if ($query === null) { $query = Auth_OpenID::getQuery(); } $loader = new Auth_OpenID_ServiceEndpointLoader(); $endpoint_data = $this->session->get($this->_token_key); $endpoint = $loader->fromSession($endpoint_data); if ($endpoint === null) { $response = new Auth_OpenID_FailureResponse(null, 'No session state found'); } else { $message = Auth_OpenID_Message::fromPostArgs($query); $response = $this->consumer->complete($message, $endpoint); $this->session->del($this->_token_key); } if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) { if ($response->identity_url !== null) { $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix); $disco->cleanup(); } } return $response; }
private function getQuery() { $query = Auth_OpenID::getQuery(); // unset the url parameter automatically added by app/webroot/.htaccess // as it causes problems with the verification of the return_to url unset($query['url']); return $query; }
/** * Called to interpret the server's response to an OpenID * request. It is called in step 4 of the flow described in the * consumer overview. * * @param string $current_url The URL used to invoke the application. * Extract the URL from your application's web * request framework and specify it here to have it checked * against the openid.current_url value in the response. If * the current_url URL check fails, the status of the * completion will be FAILURE. * * @param array $query An array of the query parameters (key => * value pairs) for this HTTP request. Defaults to null. If * null, the GET or POST data are automatically gotten from the * PHP environment. It is only useful to override $query for * testing. * * @return Auth_OpenID_ConsumerResponse $response A instance of an * Auth_OpenID_ConsumerResponse subclass. The type of response is * indicated by the status attribute, which will be one of * SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED. */ function complete($current_url, $query = null) { if ($current_url && !is_string($current_url)) { // This is ugly, but we need to complain loudly when // someone uses the API incorrectly. trigger_error("current_url must be a string; see NEWS file " . "for upgrading notes.", E_USER_ERROR); } if ($query === null) { $query = Auth_OpenID::getQuery(); if (empty($query)) { error_log('/lib/openid/Auth/OpenID/Consumer.php::complete() - warning: empty query string!'); if (isset($_SERVER['HTTP_REFERER']) && ($argpos = strpos($_SERVER['HTTP_REFERER'], '?')) !== false) { $query = Auth_OpenID::getQuery(substr($_SERVER['HTTP_REFERER'], $argpos + 1)); } } } $loader = new Auth_OpenID_ServiceEndpointLoader(); $endpoint_data = $this->session->get($this->_token_key); $endpoint = $loader->fromSession($endpoint_data); $message = Auth_OpenID_Message::fromPostArgs($query); $response = $this->consumer->complete($message, $endpoint, $current_url); $this->session->del($this->_token_key); if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) { if ($response->identity_url !== null) { $disco = $this->getDiscoveryObject($this->session, $response->identity_url, $this->session_key_prefix); $disco->cleanup(true); } } return $response; }
/** * Handle a standard OpenID server request */ function action_default() { header('X-XRDS-Location: ' . buildURL('idpXrds')); $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; $request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } $request = $server->decodeRequest(); if (!$request) { return about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { // Redirect to indirect server here with a 307 code to redirect // the POST to the new location. Normal redirect (without 307) // causes a GET instead of a POST global $indirect_server_url; $new_location = $indirect_server_url; if ($method == 'GET') { // If the request comes in via get, we want to redirect // to a URL that includes the full query string. Otherwise // all that juicy data gets lost. This was a problem for GIMI, // which uses a ruby openid client. $new_location .= '?' . $_SERVER['QUERY_STRING']; } else { if ($method == 'POST') { $query = Auth_OpenID::getQuery(); $new_location .= '?' . http_build_query($query); } } header('Location: ' . $new_location, true, 307); exit; if ($request->idSelect()) { // Perform IDP-driven identifier selection if ($request->mode == 'checkid_immediate') { $response =& $request->answer(false); } else { return trust_render($request); } } else { if (!$request->identity && !$request->idSelect()) { // No identifier used or desired; display a page saying // so. return noIdentifier_render(); } else { if ($request->immediate) { $response =& $request->answer(false, buildURL()); } else { if (!getLoggedInUser()) { return login_render(); } return trust_render($request); } } } } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); if ($webresponse->code != AUTH_OPENID_HTTP_OK) { header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code); } foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }