From 986fb2c91b4d4da2fb453d7dc4c743bc4ac5233b Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 22 Sep 2010 06:19:07 +0000
Subject: [PATCH] openid: Move the helper function into the OpenIDConsumer
class.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2562 44740490-163a-0410-bde0-09ae8108e29a
---
.../openid/lib/Auth/Source/OpenIDConsumer.php | 172 +++++++++++++++-
modules/openid/www/consumer.php | 183 ++----------------
2 files changed, 180 insertions(+), 175 deletions(-)
diff --git a/modules/openid/lib/Auth/Source/OpenIDConsumer.php b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
index 1d0c4de7b..b96b1a08e 100644
--- a/modules/openid/lib/Auth/Source/OpenIDConsumer.php
+++ b/modules/openid/lib/Auth/Source/OpenIDConsumer.php
@@ -1,5 +1,19 @@
<?php
+/*
+ * Disable strict error reporting, since the OpenID library
+ * used is PHP4-compatible, and not PHP5 strict-standards compatible.
+ */
+SimpleSAML_Utilities::maskErrors(E_STRICT);
+
+/* Add the OpenID library search path. */
+set_include_path(get_include_path() . PATH_SEPARATOR . dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))) . '/lib');
+
+require_once('Auth/OpenID/SReg.php');
+require_once('Auth/OpenID/Server.php');
+require_once('Auth/OpenID/ServerRequest.php');
+
+
/**
* Authentication module which acts as an OpenID Consumer
*
@@ -62,7 +76,7 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
*
* @return array Required attributes.
*/
- public function getRequiredAttributes() {
+ private function getRequiredAttributes() {
return $this->requiredAttributes;
}
@@ -72,10 +86,160 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
*
* @return array Optional attributes.
*/
- public function getOptionalAttributes() {
+ private function getOptionalAttributes() {
return $this->optionalAttributes;
}
-}
-?>
\ No newline at end of file
+ /**
+ * Retrieve the Auth_OpenID_Consumer instance.
+ *
+ * @param array &$state The state array we are currently working with.
+ * @return Auth_OpenID_Consumer The Auth_OpenID_Consumer instance.
+ */
+ private function getConsumer(array &$state) {
+ $store = new sspmod_openid_StateStore($state);
+ $session = new sspmod_openid_SessionStore();
+ return new Auth_OpenID_Consumer($store, $session);
+ }
+
+
+ /**
+ * Retrieve the URL we should return to after successful authentication.
+ *
+ * @return string The URL we should return to after successful authentication.
+ */
+ private function getReturnTo($stateId) {
+ assert('is_string($stateId)');
+
+ return SimpleSAML_Module::getModuleURL('openid/consumer.php', array(
+ 'returned' => 1,
+ 'AuthState' => $stateId,
+ ));
+ }
+
+
+ /**
+ * Retrieve the trust root for this openid site.
+ *
+ * @return string The trust root.
+ */
+ private function getTrustRoot() {
+ return SimpleSAML_Utilities::selfURLhost();
+ }
+
+
+ /**
+ * Send an authentication request to the OpenID provider.
+ *
+ * @param array &$state The state array.
+ * @param string $openid The OpenID we should try to authenticate with.
+ */
+ public function doAuth(array &$state, $openid) {
+ assert('is_string($openid)');
+
+ $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:state');
+
+ $consumer = $this->getConsumer($state);
+
+ // Begin the OpenID authentication process.
+ $auth_request = $consumer->begin($openid);
+
+ // No auth request means we can't begin OpenID.
+ if (!$auth_request) {
+ throw new Exception("Authentication error; not a valid OpenID.");
+ }
+
+ $sreg_request = Auth_OpenID_SRegRequest::build(
+ $this->getRequiredAttributes(),
+ $this->getOptionalAttributes()
+ );
+
+ if ($sreg_request) {
+ $auth_request->addExtension($sreg_request);
+ }
+
+ // Redirect the user to the OpenID server for authentication.
+ // Store the token for this authentication so we can verify the
+ // response.
+
+ // For OpenID 1, send a redirect. For OpenID 2, use a Javascript
+ // form to send a POST request to the server.
+ if ($auth_request->shouldSendRedirect()) {
+ $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
+
+ // If the redirect URL can't be built, display an error message.
+ if (Auth_OpenID::isFailure($redirect_url)) {
+ throw new Exception("Could not redirect to server: " . $redirect_url->message);
+ }
+
+ SimpleSAML_Utilities::redirect($redirect_url);
+ } else {
+ // Generate form markup and render it.
+ $form_id = 'openid_message';
+ $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
+
+ // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
+ if (Auth_OpenID::isFailure($form_html)) {
+ throw new Exception("Could not redirect to server: " . $form_html->message);
+ } else {
+ echo '<html><head><title>OpenID transaction in progress</title></head>
+ <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' .
+ $form_html . '</body></html>';
+ }
+ }
+ }
+
+
+ /**
+ * Process an authentication response.
+ *
+ * @param array &$state The state array.
+ */
+ public function postAuth(array &$state) {
+
+ $consumer = $this->getConsumer($state);
+
+ $return_to = SimpleSAML_Utilities::selfURL();
+
+ // Complete the authentication process using the server's
+ // response.
+ $response = $consumer->complete($return_to);
+
+ // Check the response status.
+ if ($response->status == Auth_OpenID_CANCEL) {
+ // This means the authentication was cancelled.
+ throw new Exception('Verification cancelled.');
+ } else if ($response->status == Auth_OpenID_FAILURE) {
+ // Authentication failed; display the error message.
+ throw new Exception("OpenID authentication failed: " . $response->message);
+ } else if ($response->status != Auth_OpenID_SUCCESS) {
+ throw new Exceptioon('General error. Try again.');
+ }
+
+ // This means the authentication succeeded; extract the
+ // identity URL and Simple Registration data (if it was
+ // returned).
+ $openid = $response->identity_url;
+
+ $attributes = array('openid' => array($openid));
+
+ if ($response->endpoint->canonicalID) {
+ $attributes['openid.canonicalID'] = array($response->endpoint->canonicalID);
+ }
+
+ $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
+ $sregresponse = $sreg_resp->contents();
+
+ if (is_array($sregresponse) && count($sregresponse) > 0) {
+ $attributes['openid.sregkeys'] = array_keys($sregresponse);
+ foreach ($sregresponse AS $sregkey => $sregvalue) {
+ $attributes['openid.sreg.' . $sregkey] = array($sregvalue);
+ }
+ }
+
+ $state['Attributes'] = $attributes;
+ SimpleSAML_Auth_Source::completeAuth($state);
+ }
+
+}
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
index c6b9392e2..0fcc46f5d 100644
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -1,18 +1,5 @@
<?php
-/*
- * Disable strict error reporting, since the OpenID library
- * used is PHP4-compatible, and not PHP5 strict-standards compatible.
- */
-SimpleSAML_Utilities::maskErrors(E_STRICT);
-
-/* Add the OpenID library search path. */
-set_include_path(get_include_path() . PATH_SEPARATOR . dirname(dirname(dirname(dirname(__FILE__)))) . '/lib');
-
-require_once('Auth/OpenID/SReg.php');
-require_once('Auth/OpenID/Server.php');
-require_once('Auth/OpenID/ServerRequest.php');
-
$config = SimpleSAML_Configuration::getInstance();
/* Find the authentication state. */
@@ -27,164 +14,18 @@ if ($authSource === NULL) {
}
-function displayError($message) {
- global $authState;
-
- $config = SimpleSAML_Configuration::getInstance();
- $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
- $t->data['error'] = $message;
- $t->data['AuthState'] = $authState;
- $t->show();
- exit(0);
-}
-
-
-
-function getConsumer() {
- global $state;
- $store = new sspmod_openid_StateStore($state);
- $session = new sspmod_openid_SessionStore();
- return new Auth_OpenID_Consumer($store, $session);
-}
-
-function getReturnTo() {
- return SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(),
- array('returned' => '1')
- );
-
-}
-
-function getTrustRoot() {
- return SimpleSAML_Utilities::selfURLhost();
-}
-
-function run_try_auth() {
- global $authSource;
-
- $openid = $_GET['openid_url'];
- $consumer = getConsumer();
-
- // Begin the OpenID authentication process.
- $auth_request = $consumer->begin($openid);
-
- // No auth request means we can't begin OpenID.
- if (!$auth_request) {
- displayError("Authentication error; not a valid OpenID.");
- }
-
- $sreg_request = Auth_OpenID_SRegRequest::build(
- $authSource->getRequiredAttributes(),
- $authSource->getOptionalAttributes());
-
- if ($sreg_request) {
- $auth_request->addExtension($sreg_request);
- }
-
- // Redirect the user to the OpenID server for authentication.
- // Store the token for this authentication so we can verify the
- // response.
-
- // For OpenID 1, send a redirect. For OpenID 2, use a Javascript
- // form to send a POST request to the server.
- if ($auth_request->shouldSendRedirect()) {
- $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
-
- // If the redirect URL can't be built, display an error message.
- if (Auth_OpenID::isFailure($redirect_url)) {
- displayError("Could not redirect to server: " . $redirect_url->message);
- } else {
- header("Location: ".$redirect_url); // Send redirect.
- }
- } else {
- // Generate form markup and render it.
- $form_id = 'openid_message';
- $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
-
- // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
- if (Auth_OpenID::isFailure($form_html)) {
- displayError("Could not redirect to server: " . $form_html->message);
- } else {
- echo '<html><head><title>OpenID transaction in progress</title></head>
- <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' .
- $form_html . '</body></html>';
- }
- }
-}
-
-function run_finish_auth() {
-
- $error = 'General error. Try again.';
-
- try {
-
- $consumer = getConsumer();
-
- $return_to = SimpleSAML_Utilities::selfURL();
-
- // Complete the authentication process using the server's
- // response.
- $response = $consumer->complete($return_to);
-
- // Check the response status.
- if ($response->status == Auth_OpenID_CANCEL) {
- // This means the authentication was cancelled.
- throw new Exception('Verification cancelled.');
- } else if ($response->status == Auth_OpenID_FAILURE) {
- // Authentication failed; display the error message.
- throw new Exception("OpenID authentication failed: " . $response->message);
- } else if ($response->status == Auth_OpenID_SUCCESS) {
- // This means the authentication succeeded; extract the
- // identity URL and Simple Registration data (if it was
- // returned).
- $openid = $response->identity_url;
-
- $attributes = array('openid' => array($openid));
-
- if ($response->endpoint->canonicalID) {
- $attributes['openid.canonicalID'] = array($response->endpoint->canonicalID);
- }
-
- $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
- $sregresponse = $sreg_resp->contents();
-
- if (is_array($sregresponse) && count($sregresponse) > 0) {
- $attributes['openid.sregkeys'] = array_keys($sregresponse);
- foreach ($sregresponse AS $sregkey => $sregvalue) {
- $attributes['openid.sreg.' . $sregkey] = array($sregvalue);
- }
- }
-
- global $state;
- $state['Attributes'] = $attributes;
- SimpleSAML_Auth_Source::completeAuth($state);
-
- }
-
- } catch (Exception $e) {
- $error = $e->getMessage();
+try {
+ if (array_key_exists('returned', $_GET)) {
+ $authSource->postAuth($state);
+ } elseif (!empty($_GET['openid_url'])) {
+ $authSource->doAuth($state, (string)$_GET['openid_url']);
}
-
- $config = SimpleSAML_Configuration::getInstance();
- $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
- $t->data['error'] = $error;
- global $authState;
- $t->data['AuthState'] = $authState;
- $t->show();
-
+} catch (Exception $e) {
+ $error = $e->getMessage();
}
-if (array_key_exists('returned', $_GET)) {
- run_finish_auth();
-} elseif (!empty($_GET['openid_url'])) {
- run_try_auth();
-} else {
- $config = SimpleSAML_Configuration::getInstance();
- $t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
- global $authState;
- $t->data['AuthState'] = $authState;
- $t->show();
-}
-
-
-
-?>
\ No newline at end of file
+$config = SimpleSAML_Configuration::getInstance();
+$t = new SimpleSAML_XHTML_Template($config, 'openid:consumer.php', 'openid');
+$t->data['error'] = $error;
+$t->data['AuthState'] = $authState;
+$t->show();
--
GitLab