4 * Copyright (C) 2010 ReiniUrban
5 * Zend_OpenId_Consumer parts from Zend licensed under
6 * http://framework.zend.com/license/new-bsd
8 * This file is part of PhpWiki.
10 * PhpWiki is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * PhpWiki is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 * This is not yet finished. We do not want to use zend extensions.
26 * See http://openid.net/specs/openid-authentication-1_1.html
29 // requires the openssl extension
30 require_once 'lib/HttpClient.php';
35 * Preferences are handled in _PassUser
39 * Verifies authentication response from OpenID server.
41 * This is the second step of OpenID authentication process.
42 * The function returns true on successful authentication and false on
45 * @param array $params HTTP query data from OpenID server
46 * @param string &$identity this argument is set to end-user's claimed
47 * identifier or OpenID provider local identifier.
48 * @param mixed $extensions extension object or array of extensions objects
51 function verify($params, &$identity = "", $extensions = null)
55 if (isset($params['openid_ns']) &&
56 $params['openid_ns'] == $NS_2_0
57 ) { // global session var
60 if (isset($params["openid_claimed_id"])) {
61 $identity = $params["openid_claimed_id"];
62 } elseif (isset($params["openid_identity"])) {
63 $identity = $params["openid_identity"];
68 if ($version < 2.0 && !isset($params["openid_claimed_id"])) {
70 $session = $request->getSessionVar('openid');
72 $request->setSessionVar('openid', array());
74 if ($session['identity'] == $identity) {
75 $identity = $session['claimed_id'];
78 if (empty($params['openid_return_to'])) {
79 $this->_setError("Missing openid.return_to");
82 if (empty($params['openid_signed'])) {
83 $this->_setError("Missing openid.signed");
86 if (empty($params['openid_sig'])) {
87 $this->_setError("Missing openid.sig");
90 if (empty($params['openid_mode'])) {
91 $this->_setError("Missing openid.mode");
94 if ($params['openid_mode'] != 'id_res') {
95 $this->_setError("Wrong openid.mode '" . $params['openid_mode'] . "' != 'id_res'");
98 if (empty($params['openid_assoc_handle'])) {
99 $this->_setError("Missing openid.assoc_handle");
105 * Performs check of OpenID identity.
107 * This is the first step of OpenID authentication process.
108 * On success the function does not return (it does HTTP redirection to
109 * server and exits). On failure it returns false.
111 * @param bool $immediate enables or disables interaction with user
112 * @param string $id OpenID identity
113 * @param string $returnTo HTTP URL to redirect response from server to
114 * @param string $root HTTP URL to identify consumer on server
115 * @param mixed $extensions extension object or array of extensions objects
116 * @param Zend_Controller_Response_Abstract $response an optional response
117 * object to perform HTTP or HTML form redirection
120 function _checkId($immediate, $id, $returnTo = null, $root = null,
121 $extensions = null, $response = null)
123 $this->_setError('');
125 /*if (!Zend_OpenId::normalize($id)) {
126 $this->_setError("Normalisation failed");
131 if (!$this->_discovery($id, $server, $version)) {
132 $this->_setError("Discovery failed");
135 if (!$this->_associate($server, $version)) {
136 $this->_setError("Association failed");
139 if (!$this->_getAssociation(
154 if ($version >= 2.0) {
155 //$params['openid.ns'] = Zend_OpenId::NS_2_0;
158 $params['openid.mode'] = $immediate ?
159 'checkid_immediate' : 'checkid_setup';
161 $params['openid.identity'] = $id;
163 $params['openid.claimed_id'] = $claimedId;
165 if ($version <= 2.0) {
167 $session = $request->getSessionVar('openid');
168 $request->setSessionVar('identity', $id);
169 $request->setSessionVar('claimed_id', $claimedId);
172 if (isset($handle)) {
173 $params['openid.assoc_handle'] = $handle;
176 //$params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo);
178 // See lib/WikiUser/FaceBook.php how to handle http requests
179 $web = new HttpClient("$server", 80);
180 if (DEBUG & _DEBUG_LOGIN) $web->setDebug(true);
183 //$root = Zend_OpenId::selfUrl();
184 if ($root[strlen($root) - 1] != '/') {
185 $root = dirname($root);
188 if ($version >= 2.0) {
189 $params['openid.realm'] = $root;
191 $params['openid.trust_root'] = $root;
194 /*if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) {
195 $this->_setError("Extension::prepareRequest failure");
200 //Zend_OpenId::redirect($server, $params, $response);
204 function _setError($message)
206 $this->_error = $message;
209 function checkPass($password)
211 if (!loadPhpExtension('openssl')) {
213 sprintf(_("The PECL %s extension cannot be loaded."), "openssl")
214 . sprintf(_(" %s AUTH ignored."), 'OpenID'),
216 return $this->_tryNextUser();
219 $retval = $this->_checkId(false, $id, $returnTo, $root, $extensions, $response);
220 $this->_authmethod = 'OpenID';
221 if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this) . "::checkPass => $retval",
224 $this->_level = WIKIAUTH_USER;
226 $this->_level = WIKIAUTH_ANON;
228 return $this->_level;
231 /* do nothing. the login/redirect is done in checkPass */
232 function userExists()
234 if (!$this->isValidName($this->_userid)) {
235 return $this->_tryNextUser();
237 if (!loadPhpExtension('openssl')) {
239 (sprintf(_("The PECL %s extension cannot be loaded."), "openssl")
240 . sprintf(_(" %s AUTH ignored."), 'OpenID'),
242 return $this->_tryNextUser();
244 if (DEBUG & _DEBUG_LOGIN)
245 trigger_error(get_class($this) . "::userExists => true (dummy)", E_USER_WARNING);
249 // no quotes and shorter than 128
250 function isValidName()
252 if (!$this->_userid) return false;
253 return !preg_match('/[\"\']/', $this->_userid) and strlen($this->_userid) < 128;
261 // c-hanging-comment-ender-p: nil
262 // indent-tabs-mode: nil