/** * Show the "login" page * * @return string Returns the "login" page as HTML code. */ public function login() { try { if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) { return parent::login(); } $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } if (!Director::is_https()) { OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']); } // Begin the OpenID authentication process. $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL); //remove jainrain nonce unset($auth_request->return_to_args['janrain_nonce']); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("The OpenID authentication failed."); } if (Auth_OpenID_supportsSReg($auth_request->endpoint)) { //SREG $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } } else { //AX // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); } //Redirect the user to the OpenID server for authentication . // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { echo "Could not redirect to server: " . $redirect_url->message; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { echo "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } exit; } catch (Exception $ex) { SS_Log::log($ex, SS_Log::WARN); Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); return $this->redirect("Security/badlogin"); } }
function index() { try { $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } $consumer = Injector::inst()->get('MyOpenIDConsumer'); $query = Auth_OpenID::getQuery(); $message = Auth_OpenID_Message::fromPostArgs($query); $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce'); list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id'); error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp)); // Complete the authentication process using the server's response. $response = $consumer->complete(OpenStackIdCommon::getReturnTo()); if ($response->status == Auth_OpenID_CANCEL) { error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN); throw new Exception('The verification was cancelled. Please try again.'); } else { if ($response->status == Auth_OpenID_FAILURE) { error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN); throw new Exception("The OpenID authentication failed."); } else { if ($response->status == Auth_OpenID_SUCCESS) { error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS'); $openid = $response->getDisplayIdentifier(); $openid = OpenStackIdCommon::escape($openid); if ($response->endpoint->canonicalID) { $openid = escape($response->endpoint->canonicalID); } //get user info from openid response $member = null; list($email, $full_name) = $this->getUserProfileInfo($response); if (!is_null($email)) { //try to get user by email $member = $this->member_repository->findByEmail($email); } if (!$member) { // or by openid $member = Member::get()->filter('IdentityURL', $openid)->first(); } if ($member) { $result = $member->canLogIn(); if ($result->valid()) { $member->setIdentityUrl($openid); $member->write(); $member->LogIn(true); return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } throw new Exception("Inactive User!"); } throw new Exception("The OpenID authentication failed: can not find user " . $openid); } } } } catch (Exception $ex) { Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); SS_Log::log($ex, SS_Log::WARN); return $this->redirect("Security/badlogin"); } }