protected function getOpenidProvider($identity) { $pos = strpos($identity, '@'); $provider = substr($identity, $pos + 1); // we check whether the email provider is an known openid porivder // make webfinger request // @todo we should probably add here an request cache for // the lrdd template $webfinger = new \PSX\Webfinger($this->http); $url = new Url('http://' . $provider); $template = $webfinger->getLrddTemplate($url); // get acct xrd $acct = 'acct:' . $identity; $xrd = $webfinger->getLrdd($acct, $template); // check subject if (strcmp($xrd->getSubject(), $acct) !== 0) { throw new Exception('Invalid subject'); } // find openid profile url $profileUrl = $xrd->getLinkHref('http://specs.openid.net/auth/2.0/provider'); if (!empty($profileUrl)) { // initalize openid $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); $openid->initialize($profileUrl, $callback); return $openid; } return false; }
/** * If $identity is an url we assume that this is an openid url and try to * discover the provider. If $identity is an email address we look first at * the provider and check whether it is also an OpenID provider in any other * case we return false * * @param string $identity * @return false|PSX_OpenId_ProviderInterface */ protected function getOpenidProvider($identity) { // add http prefix if its not an email if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') { $identity = 'http://' . $identity; } // build callback $callback = $this->pageUrl . '/callback/openid'; $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); $openid->initialize($identity, $callback); return $openid; }
protected function isOpenidProvider($identity) { // add http prefix if its not an email if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') { $identity = 'http://' . $identity; } // build callback $callback = $this->pageUrl . '/callback/remote'; // create an openid object $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); // check whether identity is an url if not it is an email $filter = new Filter\Url(); if ($filter->apply($identity) === false) { $pos = strpos($identity, '@'); $provider = substr($identity, $pos + 1); // check whether the provider belongs to an connected website. If // yes we also try to get an token and tokenSecret for the user $host = $this->hm->getTable('AmunService\\Core\\Host')->select(array('id', 'consumerKey', 'url', 'template'))->where('name', '=', $provider)->where('status', '=', Host\Record::NORMAL)->getRow(); if (!empty($host)) { // make webfinger request $webfinger = new Webfinger($this->http); $acct = 'acct:' . $identity; $xrd = $webfinger->getLrdd($acct, $host['template']); // check subject if (strcmp($xrd->getSubject(), $acct) !== 0) { throw new Exception('Invalid subject'); } // get profile url $profileUrl = $xrd->getLinkHref('profile'); if (empty($profileUrl)) { throw new Exception('Could not find profile'); } // get global id $globalId = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/id'); // initalize openid $openid->initialize($profileUrl, $callback); // if the provider is connected with the website and supports // the oauth extension request an token $identity = sha1($this->config['amun_salt'] . OpenId::normalizeIdentifier($profileUrl)); $con = new Condition(array('identity', '=', $identity)); $userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con); $oauth = false; if (!empty($userId)) { $con = new Condition(); $con->add('hostId', '=', $host['id']); $con->add('userId', '=', $userId); $requestId = $this->hm->getTable('AmunService\\Core\\Host\\Request')->getField('id', $con); if (empty($requestId)) { $oauth = true; } } else { $oauth = true; } if ($oauth) { $oauth = new Extension\Oauth($host['consumerKey']); if ($openid->hasExtension($oauth->getNs())) { $this->session->set('openid_register_user_host_id', $host['id']); $this->session->set('openid_register_user_global_id', $globalId); $openid->add($oauth); } } return $openid; } } return false; }