4 * Copyright (C) 2010 ReiniUrban
5 * Zend_OpenId_Consumer parts from Zend licensed under
6 * http://framework.zend.com/license/new-bsd
8 * This file is part of PhpWiki.
10 * PhpWiki is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * PhpWiki is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with PhpWiki; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * This is not yet finished. We do not want to use zend extensions.
26 * See http://openid.net/specs/openid-authentication-1_1.html
29 // requires the openssl extension
30 require_once("lib/HttpClient.php");
35 * Preferences are handled in _PassUser
39 * Verifies authentication response from OpenID server.
41 * This is the second step of OpenID authentication process.
42 * The function returns true on successful authentication and false on
45 * @param array $params HTTP query data from OpenID server
46 * @param string &$identity this argument is set to end-user's claimed
47 * identifier or OpenID provider local identifier.
48 * @param mixed $extensions extension object or array of extensions objects
51 function verify($params, &$identity = "", $extensions = null) {
54 if (isset($params['openid_ns']) &&
55 $params['openid_ns'] == $NS_2_0) { // global session var
58 if (isset($params["openid_claimed_id"])) {
59 $identity = $params["openid_claimed_id"];
60 } else if (isset($params["openid_identity"])){
61 $identity = $params["openid_identity"];
66 if ($version < 2.0 && !isset($params["openid_claimed_id"])) {
68 $session = $request->getSessionVar('openid');
70 $request->setSessionVar('openid', array());
72 if ($session['identity'] == $identity) {
73 $identity = $session['claimed_id'];
76 if (empty($params['openid_return_to'])) {
77 $this->_setError("Missing openid.return_to");
80 if (empty($params['openid_signed'])) {
81 $this->_setError("Missing openid.signed");
84 if (empty($params['openid_sig'])) {
85 $this->_setError("Missing openid.sig");
88 if (empty($params['openid_mode'])) {
89 $this->_setError("Missing openid.mode");
92 if ($params['openid_mode'] != 'id_res') {
93 $this->_setError("Wrong openid.mode '".$params['openid_mode']."' != 'id_res'");
96 if (empty($params['openid_assoc_handle'])) {
97 $this->_setError("Missing openid.assoc_handle");
103 * Performs check of OpenID identity.
105 * This is the first step of OpenID authentication process.
106 * On success the function does not return (it does HTTP redirection to
107 * server and exits). On failure it returns false.
109 * @param bool $immediate enables or disables interaction with user
110 * @param string $id OpenID identity
111 * @param string $returnTo HTTP URL to redirect response from server to
112 * @param string $root HTTP URL to identify consumer on server
113 * @param mixed $extensions extension object or array of extensions objects
114 * @param Zend_Controller_Response_Abstract $response an optional response
115 * object to perform HTTP or HTML form redirection
118 function _checkId($immediate, $id, $returnTo=null, $root=null,
119 $extensions=null, $response = null) {
120 $this->_setError('');
122 /*if (!Zend_OpenId::normalize($id)) {
123 $this->_setError("Normalisation failed");
128 if (!$this->_discovery($id, $server, $version)) {
129 $this->_setError("Discovery failed");
132 if (!$this->_associate($server, $version)) {
133 $this->_setError("Association failed");
136 if (!$this->_getAssociation(
150 if ($version >= 2.0) {
151 //$params['openid.ns'] = Zend_OpenId::NS_2_0;
154 $params['openid.mode'] = $immediate ?
155 'checkid_immediate' : 'checkid_setup';
157 $params['openid.identity'] = $id;
159 $params['openid.claimed_id'] = $claimedId;
161 if ($version <= 2.0) {
163 $session = $request->getSessionVar('openid');
164 $request->setSessionVar('identity', $id);
165 $request->setSessionVar('claimed_id', $claimedId);
168 if (isset($handle)) {
169 $params['openid.assoc_handle'] = $handle;
172 //$params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo);
174 // See lib/WikiUser/FaceBook.php how to handle http requests
175 $web = new HttpClient("$server", 80);
176 if (DEBUG & _DEBUG_LOGIN) $web->setDebug(true);
179 //$root = Zend_OpenId::selfUrl();
180 if ($root[strlen($root)-1] != '/') {
181 $root = dirname($root);
184 if ($version >= 2.0) {
185 $params['openid.realm'] = $root;
187 $params['openid.trust_root'] = $root;
190 /*if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) {
191 $this->_setError("Extension::prepareRequest failure");
196 //Zend_OpenId::redirect($server, $params, $response);
200 function _setError($message) {
201 $this->_error = $message;
204 function checkPass($password) {
205 $userid = $this->_userid;
206 if (!loadPhpExtension('openssl')) {
208 sprintf(_("The PECL %s extension cannot be loaded."), "openssl")
209 . sprintf(_(" %s AUTH ignored."), 'OpenID'),
211 return $this->_tryNextUser();
214 $retval = $this->_checkId(false, $id, $returnTo, $root, $extensions, $response);
215 $this->_authmethod = 'OpenID';
216 if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => $retval",
219 $this->_level = WIKIAUTH_USER;
221 $this->_level = WIKIAUTH_ANON;
223 return $this->_level;
226 /* do nothing. the login/redirect is done in checkPass */
227 function userExists() {
228 if (!$this->isValidName($this->_userid)) {
229 return $this->_tryNextUser();
231 if (!loadPhpExtension('openssl')) {
233 (sprintf(_("The PECL %s extension cannot be loaded."), "openssl")
234 . sprintf(_(" %s AUTH ignored."), 'OpenID'),
236 return $this->_tryNextUser();
238 if (DEBUG & _DEBUG_LOGIN)
239 trigger_error(get_class($this)."::userExists => true (dummy)", E_USER_WARNING);
243 // no quotes and shorter than 128
244 function isValidName() {
245 if (!$this->_userid) return false;
246 return !preg_match('/[\"\']/', $this->_userid) and strlen($this->_userid) < 128;
254 // c-hanging-comment-ender-p: nil
255 // indent-tabs-mode: nil