From: Maxious Date: Fri, 16 Sep 2011 03:53:46 +0000 Subject: Purge openid-php X-Git-Url: http://maxious.lambdacomplex.org/git/?p=busui.git&a=commitdiff&h=0dc105deddf45bf359e88445ba8371b31ec212e4 --- Purge openid-php --- --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /labs/tiles/16 /labs/tiles/17 /labs/tiles/19 +/nbproject/private/ --- a/aws/busuiphp.sh +++ b/aws/busuiphp.sh @@ -9,6 +9,7 @@ chcon -R -t httpd_sys_content_rw_t /var/www/labs/tiles chmod -R 777 /var/www/labs/tiles +mkdir /var/www/lib/openid-php/oid_store chcon -R -t httpd_sys_content_rw_t /var/www/lib/openid-php/oid_store chmod -R 777 /var/www/lib/openid-php/oid_store --- a/include/common-auth.inc.php +++ b/include/common-auth.inc.php @@ -1,62 +1,15 @@ begin($oid_identifier); - - // Create attribute request object - // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters - // Usage: make($type_uri, $count=1, $required=false, $alias=null) - $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/contact/email', 2, 1, 'email'); - $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); - $attribute[] = Auth_OpenID_AX_AttrInfo :: make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); - - // Create AX fetch request - $ax = new Auth_OpenID_AX_FetchRequest; - - // Add attributes to AX fetch request - foreach($attribute as $attr) { - $ax -> add($attr); - } - - // Add AX fetch request to authentication request - $auth -> addExtension($ax); - $_SESSION['returnURL'] = curPageURL(); - // Redirect to OpenID provider for authentication - $url = $auth -> redirectURL(getTrustRoot(), $_SESSION['returnURL']); - header('Location: ' . $url); + global $openid; + if(!$openid->mode) { + $openid->required = array('contact/email'); + $openid->identity = 'https://www.google.com/accounts/o8/id'; + header('Location: ' . $openid->authUrl()); + } } @@ -64,21 +17,11 @@ { if ($_SESSION['authed'] == true) return true; - - // Create file storage area for OpenID data - $store = new Auth_OpenID_FileStore('lib/openid-php/oid_store'); - // Create OpenID consumer - $consumer = new Auth_OpenID_Consumer($store); - // Create an authentication request to the OpenID provider - $response = $consumer -> complete($_SESSION['returnURL']); - - if ($response -> status == Auth_OpenID_SUCCESS) { - // Get registration informations - $ax = new Auth_OpenID_AX_FetchResponse(); - $obj = $ax -> fromSuccessResponse($response); - $email = $obj -> data['http://axschema.org/contact/email'][0]; - var_dump($email); - if ($email != "maxious@gmail.com") { + global $openid; + + if($openid->mode) { + $attr = $openid->getAttributes(); + if ($attr["contact/email"] != "maxious@gmail.com") { die("Access Denied"); } else { $_SESSION['authed'] = true; @@ -87,5 +30,4 @@ login(); } } - if ($_REQUEST['janrain_nonce']) auth(); ?> --- a/lib/openid-php/Auth/OpenID.php +++ /dev/null @@ -1,564 +1,1 @@ - - * @copyright 2005-2008 Janrain, Inc. - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache - */ - -/** - * The library version string - */ -define('Auth_OpenID_VERSION', '2.2.2'); - -/** - * Require the fetcher code. - */ -require_once "Auth/Yadis/PlainHTTPFetcher.php"; -require_once "Auth/Yadis/ParanoidHTTPFetcher.php"; -require_once "Auth/OpenID/BigMath.php"; -require_once "Auth/OpenID/URINorm.php"; - -/** - * Status code returned by the server when the only option is to show - * an error page, since we do not have enough information to redirect - * back to the consumer. The associated value is an error message that - * should be displayed on an HTML error page. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_LOCAL_ERROR', 'local_error'); - -/** - * Status code returned when there is an error to return in key-value - * form to the consumer. The caller should return a 400 Bad Request - * response with content-type text/plain and the value as the body. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_REMOTE_ERROR', 'remote_error'); - -/** - * Status code returned when there is a key-value form OK response to - * the consumer. The value associated with this code is the - * response. The caller should return a 200 OK response with - * content-type text/plain and the value as the body. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_REMOTE_OK', 'remote_ok'); - -/** - * Status code returned when there is a redirect back to the - * consumer. The value is the URL to redirect back to. The caller - * should return a 302 Found redirect with a Location: header - * containing the URL. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_REDIRECT', 'redirect'); - -/** - * Status code returned when the caller needs to authenticate the - * user. The associated value is a {@link Auth_OpenID_ServerRequest} - * object that can be used to complete the authentication. If the user - * has taken some authentication action, use the retry() method of the - * {@link Auth_OpenID_ServerRequest} object to complete the request. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_DO_AUTH', 'do_auth'); - -/** - * Status code returned when there were no OpenID arguments - * passed. This code indicates that the caller should return a 200 OK - * response and display an HTML page that says that this is an OpenID - * server endpoint. - * - * @see Auth_OpenID_Server - */ -define('Auth_OpenID_DO_ABOUT', 'do_about'); - -/** - * Defines for regexes and format checking. - */ -define('Auth_OpenID_letters', - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); - -define('Auth_OpenID_digits', - "0123456789"); - -define('Auth_OpenID_punct', - "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"); - -Auth_OpenID_include_init(); - -/** - * The OpenID utility function class. - * - * @package OpenID - * @access private - */ -class Auth_OpenID { - - /** - * Return true if $thing is an Auth_OpenID_FailureResponse object; - * false if not. - * - * @access private - */ - static function isFailure($thing) - { - return is_a($thing, 'Auth_OpenID_FailureResponse'); - } - - /** - * Gets the query data from the server environment based on the - * request method used. If GET was used, this looks at - * $_SERVER['QUERY_STRING'] directly. If POST was used, this - * fetches data from the special php://input file stream. - * - * Returns an associative array of the query arguments. - * - * Skips invalid key/value pairs (i.e. keys with no '=value' - * portion). - * - * Returns an empty array if neither GET nor POST was used, or if - * POST was used but php://input cannot be opened. - * - * See background: - * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html - * - * @access private - */ - static function getQuery($query_str=null) - { - $data = array(); - - if ($query_str !== null) { - $data = Auth_OpenID::params_from_string($query_str); - } else if (!array_key_exists('REQUEST_METHOD', $_SERVER)) { - // Do nothing. - } else { - // XXX HACK FIXME HORRIBLE. - // - // POSTing to a URL with query parameters is acceptable, but - // we don't have a clean way to distinguish those parameters - // when we need to do things like return_to verification - // which only want to look at one kind of parameter. We're - // going to emulate the behavior of some other environments - // by defaulting to GET and overwriting with POST if POST - // data is available. - $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']); - - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $str = file_get_contents('php://input'); - - if ($str === false) { - $post = array(); - } else { - $post = Auth_OpenID::params_from_string($str); - } - - $data = array_merge($data, $post); - } - } - - return $data; - } - - static function params_from_string($str) - { - $chunks = explode("&", $str); - - $data = array(); - foreach ($chunks as $chunk) { - $parts = explode("=", $chunk, 2); - - if (count($parts) != 2) { - continue; - } - - list($k, $v) = $parts; - $data[urldecode($k)] = urldecode($v); - } - - return $data; - } - - /** - * Create dir_name as a directory if it does not exist. If it - * exists, make sure that it is, in fact, a directory. Returns - * true if the operation succeeded; false if not. - * - * @access private - */ - static function ensureDir($dir_name) - { - if (is_dir($dir_name) || @mkdir($dir_name)) { - return true; - } else { - $parent_dir = dirname($dir_name); - - // Terminal case; there is no parent directory to create. - if ($parent_dir == $dir_name) { - return true; - } - - return (Auth_OpenID::ensureDir($parent_dir) && @mkdir($dir_name)); - } - } - - /** - * Adds a string prefix to all values of an array. Returns a new - * array containing the prefixed values. - * - * @access private - */ - static function addPrefix($values, $prefix) - { - $new_values = array(); - foreach ($values as $s) { - $new_values[] = $prefix . $s; - } - return $new_values; - } - - /** - * Convenience function for getting array values. Given an array - * $arr and a key $key, get the corresponding value from the array - * or return $default if the key is absent. - * - * @access private - */ - static function arrayGet($arr, $key, $fallback = null) - { - if (is_array($arr)) { - if (array_key_exists($key, $arr)) { - return $arr[$key]; - } else { - return $fallback; - } - } else { - trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " . - "array as first parameter, got " . - gettype($arr), E_USER_WARNING); - - return false; - } - } - - /** - * Replacement for PHP's broken parse_str. - */ - static function parse_str($query) - { - if ($query === null) { - return null; - } - - $parts = explode('&', $query); - - $new_parts = array(); - for ($i = 0; $i < count($parts); $i++) { - $pair = explode('=', $parts[$i]); - - if (count($pair) != 2) { - continue; - } - - list($key, $value) = $pair; - $new_parts[urldecode($key)] = urldecode($value); - } - - return $new_parts; - } - - /** - * Implements the PHP 5 'http_build_query' functionality. - * - * @access private - * @param array $data Either an array key/value pairs or an array - * of arrays, each of which holding two values: a key and a value, - * sequentially. - * @return string $result The result of url-encoding the key/value - * pairs from $data into a URL query string - * (e.g. "username=bob&id=56"). - */ - static function httpBuildQuery($data) - { - $pairs = array(); - foreach ($data as $key => $value) { - if (is_array($value)) { - $pairs[] = urlencode($value[0])."=".urlencode($value[1]); - } else { - $pairs[] = urlencode($key)."=".urlencode($value); - } - } - return implode("&", $pairs); - } - - /** - * "Appends" query arguments onto a URL. The URL may or may not - * already have arguments (following a question mark). - * - * @access private - * @param string $url A URL, which may or may not already have - * arguments. - * @param array $args Either an array key/value pairs or an array of - * arrays, each of which holding two values: a key and a value, - * sequentially. If $args is an ordinary key/value array, the - * parameters will be added to the URL in sorted alphabetical order; - * if $args is an array of arrays, their order will be preserved. - * @return string $url The original URL with the new parameters added. - * - */ - static function appendArgs($url, $args) - { - if (count($args) == 0) { - return $url; - } - - // Non-empty array; if it is an array of arrays, use - // multisort; otherwise use sort. - if (array_key_exists(0, $args) && - is_array($args[0])) { - // Do nothing here. - } else { - $keys = array_keys($args); - sort($keys); - $new_args = array(); - foreach ($keys as $key) { - $new_args[] = array($key, $args[$key]); - } - $args = $new_args; - } - - $sep = '?'; - if (strpos($url, '?') !== false) { - $sep = '&'; - } - - return $url . $sep . Auth_OpenID::httpBuildQuery($args); - } - - /** - * Implements python's urlunparse, which is not available in PHP. - * Given the specified components of a URL, this function rebuilds - * and returns the URL. - * - * @access private - * @param string $scheme The scheme (e.g. 'http'). Defaults to 'http'. - * @param string $host The host. Required. - * @param string $port The port. - * @param string $path The path. - * @param string $query The query. - * @param string $fragment The fragment. - * @return string $url The URL resulting from assembling the - * specified components. - */ - static function urlunparse($scheme, $host, $port = null, $path = '/', - $query = '', $fragment = '') - { - - if (!$scheme) { - $scheme = 'http'; - } - - if (!$host) { - return false; - } - - if (!$path) { - $path = ''; - } - - $result = $scheme . "://" . $host; - - if ($port) { - $result .= ":" . $port; - } - - $result .= $path; - - if ($query) { - $result .= "?" . $query; - } - - if ($fragment) { - $result .= "#" . $fragment; - } - - return $result; - } - - /** - * Given a URL, this "normalizes" it by adding a trailing slash - * and / or a leading http:// scheme where necessary. Returns - * null if the original URL is malformed and cannot be normalized. - * - * @access private - * @param string $url The URL to be normalized. - * @return mixed $new_url The URL after normalization, or null if - * $url was malformed. - */ - static function normalizeUrl($url) - { - @$parsed = parse_url($url); - - if (!$parsed) { - return null; - } - - if (isset($parsed['scheme']) && - isset($parsed['host'])) { - $scheme = strtolower($parsed['scheme']); - if (!in_array($scheme, array('http', 'https'))) { - return null; - } - } else { - $url = 'http://' . $url; - } - - $normalized = Auth_OpenID_urinorm($url); - if ($normalized === null) { - return null; - } - list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); - return $defragged; - } - - /** - * Replacement (wrapper) for PHP's intval() because it's broken. - * - * @access private - */ - static function intval($value) - { - $re = "/^\\d+$/"; - - if (!preg_match($re, $value)) { - return false; - } - - return intval($value); - } - - /** - * Count the number of bytes in a string independently of - * multibyte support conditions. - * - * @param string $str The string of bytes to count. - * @return int The number of bytes in $str. - */ - static function bytes($str) - { - return strlen(bin2hex($str)) / 2; - } - - /** - * Get the bytes in a string independently of multibyte support - * conditions. - */ - static function toBytes($str) - { - $hex = bin2hex($str); - - if (!$hex) { - return array(); - } - - $b = array(); - for ($i = 0; $i < strlen($hex); $i += 2) { - $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10)); - } - - return $b; - } - - static function urldefrag($url) - { - $parts = explode("#", $url, 2); - - if (count($parts) == 1) { - return array($parts[0], ""); - } else { - return $parts; - } - } - - static function filter($callback, &$sequence) - { - $result = array(); - - foreach ($sequence as $item) { - if (call_user_func_array($callback, array($item))) { - $result[] = $item; - } - } - - return $result; - } - - static function update(&$dest, &$src) - { - foreach ($src as $k => $v) { - $dest[$k] = $v; - } - } - - /** - * Wrap PHP's standard error_log functionality. Use this to - * perform all logging. It will interpolate any additional - * arguments into the format string before logging. - * - * @param string $format_string The sprintf format for the message - */ - static function log($format_string) - { - $args = func_get_args(); - $message = call_user_func_array('sprintf', $args); - error_log($message); - } - - static function autoSubmitHTML($form, $title="OpenId transaction in progress") - { - return("". - "". - $title . - "". - "". - $form . - "". - "". - ""); - } -} - -/* - * Function to run when this file is included. - * Abstracted to a function to make life easier - * for some PHP optimizers. - */ -function Auth_OpenID_include_init() { - if (Auth_OpenID_getMathLib() === null) { - Auth_OpenID_setNoMathSupport(); - } -} - --- a/lib/openid-php/Auth/OpenID/AX.php +++ /dev/null @@ -1,1023 +1,1 @@ -message = $message; - } -} - -/** - * Abstract class containing common code for attribute exchange - * messages. - * - * @package OpenID - */ -class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { - /** - * ns_alias: The preferred namespace alias for attribute exchange - * messages - */ - var $ns_alias = 'ax'; - - /** - * mode: The type of this attribute exchange message. This must be - * overridden in subclasses. - */ - var $mode = null; - - var $ns_uri = Auth_OpenID_AX_NS_URI; - - /** - * Return Auth_OpenID_AX_Error if the mode in the attribute - * exchange arguments does not match what is expected for this - * class; true otherwise. - * - * @access private - */ - function _checkMode($ax_args) - { - $mode = Auth_OpenID::arrayGet($ax_args, 'mode'); - if ($mode != $this->mode) { - return new Auth_OpenID_AX_Error( - sprintf( - "Expected mode '%s'; got '%s'", - $this->mode, $mode)); - } - - return true; - } - - /** - * Return a set of attribute exchange arguments containing the - * basic information that must be in every attribute exchange - * message. - * - * @access private - */ - function _newArgs() - { - return array('mode' => $this->mode); - } -} - -/** - * Represents a single attribute in an attribute exchange - * request. This should be added to an AXRequest object in order to - * request the attribute. - * - * @package OpenID - */ -class Auth_OpenID_AX_AttrInfo { - /** - * Construct an attribute information object. Do not call this - * directly; call make(...) instead. - * - * @param string $type_uri The type URI for this attribute. - * - * @param int $count The number of values of this type to request. - * - * @param bool $required Whether the attribute will be marked as - * required in the request. - * - * @param string $alias The name that should be given to this - * attribute in the request. - */ - function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required, - $alias) - { - /** - * required: Whether the attribute will be marked as required - * when presented to the subject of the attribute exchange - * request. - */ - $this->required = $required; - - /** - * count: How many values of this type to request from the - * subject. Defaults to one. - */ - $this->count = $count; - - /** - * type_uri: The identifier that determines what the attribute - * represents and how it is serialized. For example, one type - * URI representing dates could represent a Unix timestamp in - * base 10 and another could represent a human-readable - * string. - */ - $this->type_uri = $type_uri; - - /** - * alias: The name that should be given to this attribute in - * the request. If it is not supplied, a generic name will be - * assigned. For example, if you want to call a Unix timestamp - * value 'tstamp', set its alias to that value. If two - * attributes in the same message request to use the same - * alias, the request will fail to be generated. - */ - $this->alias = $alias; - } - - /** - * Construct an attribute information object. For parameter - * details, see the constructor. - */ - static function make($type_uri, $count=1, $required=false, - $alias=null) - { - if ($alias !== null) { - $result = Auth_OpenID_AX_checkAlias($alias); - - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - } - - return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required, - $alias); - } - - /** - * When processing a request for this attribute, the OP should - * call this method to determine whether all available attribute - * values were requested. If self.count == UNLIMITED_VALUES, this - * returns True. Otherwise this returns False, in which case - * self.count is an integer. - */ - function wantsUnlimitedValues() - { - return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES; - } -} - -/** - * Given a namespace mapping and a string containing a comma-separated - * list of namespace aliases, return a list of type URIs that - * correspond to those aliases. - * - * @param $namespace_map The mapping from namespace URI to alias - * @param $alias_list_s The string containing the comma-separated - * list of aliases. May also be None for convenience. - * - * @return $seq The list of namespace URIs that corresponds to the - * supplied list of aliases. If the string was zero-length or None, an - * empty list will be returned. - * - * return null If an alias is present in the list of aliases but - * is not present in the namespace map. - */ -function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s) -{ - $uris = array(); - - if ($alias_list_s) { - foreach (explode(',', $alias_list_s) as $alias) { - $type_uri = $namespace_map->getNamespaceURI($alias); - if ($type_uri === null) { - // raise KeyError( - // 'No type is defined for attribute name %r' % (alias,)) - return new Auth_OpenID_AX_Error( - sprintf('No type is defined for attribute name %s', - $alias) - ); - } else { - $uris[] = $type_uri; - } - } - } - - return $uris; -} - -/** - * An attribute exchange 'fetch_request' message. This message is sent - * by a relying party when it wishes to obtain attributes about the - * subject of an OpenID authentication request. - * - * @package OpenID - */ -class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { - - var $mode = 'fetch_request'; - - function Auth_OpenID_AX_FetchRequest($update_url=null) - { - /** - * requested_attributes: The attributes that have been - * requested thus far, indexed by the type URI. - */ - $this->requested_attributes = array(); - - /** - * update_url: A URL that will accept responses for this - * attribute exchange request, even in the absence of the user - * who made this request. - */ - $this->update_url = $update_url; - } - - /** - * Add an attribute to this attribute exchange request. - * - * @param attribute: The attribute that is being requested - * @return true on success, false when the requested attribute is - * already present in this fetch request. - */ - function add($attribute) - { - if ($this->contains($attribute->type_uri)) { - return new Auth_OpenID_AX_Error( - sprintf("The attribute %s has already been requested", - $attribute->type_uri)); - } - - $this->requested_attributes[$attribute->type_uri] = $attribute; - - return true; - } - - /** - * Get the serialized form of this attribute fetch request. - * - * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters - */ - function getExtensionArgs() - { - $aliases = new Auth_OpenID_NamespaceMap(); - - $required = array(); - $if_available = array(); - - $ax_args = $this->_newArgs(); - - foreach ($this->requested_attributes as $type_uri => $attribute) { - if ($attribute->alias === null) { - $alias = $aliases->add($type_uri); - } else { - $alias = $aliases->addAlias($type_uri, $attribute->alias); - - if ($alias === null) { - return new Auth_OpenID_AX_Error( - sprintf("Could not add alias %s for URI %s", - $attribute->alias, $type_uri - )); - } - } - - if ($attribute->required) { - $required[] = $alias; - } else { - $if_available[] = $alias; - } - - if ($attribute->count != 1) { - $ax_args['count.' . $alias] = strval($attribute->count); - } - - $ax_args['type.' . $alias] = $type_uri; - } - - if ($required) { - $ax_args['required'] = implode(',', $required); - } - - if ($if_available) { - $ax_args['if_available'] = implode(',', $if_available); - } - - return $ax_args; - } - - /** - * Get the type URIs for all attributes that have been marked as - * required. - * - * @return A list of the type URIs for attributes that have been - * marked as required. - */ - function getRequiredAttrs() - { - $required = array(); - foreach ($this->requested_attributes as $type_uri => $attribute) { - if ($attribute->required) { - $required[] = $type_uri; - } - } - - return $required; - } - - /** - * Extract a FetchRequest from an OpenID message - * - * @param request: The OpenID request containing the attribute - * fetch request - * - * @returns mixed An Auth_OpenID_AX_Error or the - * Auth_OpenID_AX_FetchRequest extracted from the request message if - * successful - */ - static function fromOpenIDRequest($request) - { - $m = $request->message; - $obj = new Auth_OpenID_AX_FetchRequest(); - $ax_args = $m->getArgs($obj->ns_uri); - - $result = $obj->parseExtensionArgs($ax_args); - - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - - if ($obj->update_url) { - // Update URL must match the openid.realm of the - // underlying OpenID 2 message. - $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', - $m->getArg( - Auth_OpenID_OPENID_NS, - 'return_to')); - - if (!$realm) { - $obj = new Auth_OpenID_AX_Error( - sprintf("Cannot validate update_url %s " . - "against absent realm", $obj->update_url)); - } else if (!Auth_OpenID_TrustRoot::match($realm, - $obj->update_url)) { - $obj = new Auth_OpenID_AX_Error( - sprintf("Update URL %s failed validation against realm %s", - $obj->update_url, $realm)); - } - } - - return $obj; - } - - /** - * Given attribute exchange arguments, populate this FetchRequest. - * - * @return $result Auth_OpenID_AX_Error if the data to be parsed - * does not follow the attribute exchange specification. At least - * when 'if_available' or 'required' is not specified for a - * particular attribute type. Returns true otherwise. - */ - function parseExtensionArgs($ax_args) - { - $result = $this->_checkMode($ax_args); - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - - $aliases = new Auth_OpenID_NamespaceMap(); - - foreach ($ax_args as $key => $value) { - if (strpos($key, 'type.') === 0) { - $alias = substr($key, 5); - $type_uri = $value; - - $alias = $aliases->addAlias($type_uri, $alias); - - if ($alias === null) { - return new Auth_OpenID_AX_Error( - sprintf("Could not add alias %s for URI %s", - $alias, $type_uri) - ); - } - - $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias); - if ($count_s) { - $count = Auth_OpenID::intval($count_s); - if (($count === false) && - ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) { - $count = $count_s; - } - } else { - $count = 1; - } - - if ($count === false) { - return new Auth_OpenID_AX_Error( - sprintf("Integer value expected for %s, got %s", - 'count.' . $alias, $count_s)); - } - - $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count, - false, $alias); - - if (Auth_OpenID_AX::isError($attrinfo)) { - return $attrinfo; - } - - $this->add($attrinfo); - } - } - - $required = Auth_OpenID_AX_toTypeURIs($aliases, - Auth_OpenID::arrayGet($ax_args, 'required')); - - foreach ($required as $type_uri) { - $attrib = $this->requested_attributes[$type_uri]; - $attrib->required = true; - } - - $if_available = Auth_OpenID_AX_toTypeURIs($aliases, - Auth_OpenID::arrayGet($ax_args, 'if_available')); - - $all_type_uris = array_merge($required, $if_available); - - foreach ($aliases->iterNamespaceURIs() as $type_uri) { - if (!in_array($type_uri, $all_type_uris)) { - return new Auth_OpenID_AX_Error( - sprintf('Type URI %s was in the request but not ' . - 'present in "required" or "if_available"', - $type_uri)); - - } - } - - $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url'); - - return true; - } - - /** - * Iterate over the AttrInfo objects that are contained in this - * fetch_request. - */ - function iterAttrs() - { - return array_values($this->requested_attributes); - } - - function iterTypes() - { - return array_keys($this->requested_attributes); - } - - /** - * Is the given type URI present in this fetch_request? - */ - function contains($type_uri) - { - return in_array($type_uri, $this->iterTypes()); - } -} - -/** - * An abstract class that implements a message that has attribute keys - * and values. It contains the common code between fetch_response and - * store_request. - * - * @package OpenID - */ -class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { - - function Auth_OpenID_AX_KeyValueMessage() - { - $this->data = array(); - } - - /** - * Add a single value for the given attribute type to the - * message. If there are already values specified for this type, - * this value will be sent in addition to the values already - * specified. - * - * @param type_uri: The URI for the attribute - * @param value: The value to add to the response to the relying - * party for this attribute - * @return null - */ - function addValue($type_uri, $value) - { - if (!array_key_exists($type_uri, $this->data)) { - $this->data[$type_uri] = array(); - } - - $values =& $this->data[$type_uri]; - $values[] = $value; - } - - /** - * Set the values for the given attribute type. This replaces any - * values that have already been set for this attribute. - * - * @param type_uri: The URI for the attribute - * @param values: A list of values to send for this attribute. - */ - function setValues($type_uri, &$values) - { - $this->data[$type_uri] =& $values; - } - - /** - * Get the extension arguments for the key/value pairs contained - * in this message. - * - * @param aliases: An alias mapping. Set to None if you don't care - * about the aliases for this request. - * - * @access private - */ - function _getExtensionKVArgs($aliases) - { - if ($aliases === null) { - $aliases = new Auth_OpenID_NamespaceMap(); - } - - $ax_args = array(); - - foreach ($this->data as $type_uri => $values) { - $alias = $aliases->add($type_uri); - - $ax_args['type.' . $alias] = $type_uri; - $ax_args['count.' . $alias] = strval(count($values)); - - foreach ($values as $i => $value) { - $key = sprintf('value.%s.%d', $alias, $i + 1); - $ax_args[$key] = $value; - } - } - - return $ax_args; - } - - /** - * Parse attribute exchange key/value arguments into this object. - * - * @param ax_args: The attribute exchange fetch_response - * arguments, with namespacing removed. - * - * @return Auth_OpenID_AX_Error or true - */ - function parseExtensionArgs($ax_args) - { - $result = $this->_checkMode($ax_args); - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - - $aliases = new Auth_OpenID_NamespaceMap(); - - foreach ($ax_args as $key => $value) { - if (strpos($key, 'type.') === 0) { - $type_uri = $value; - $alias = substr($key, 5); - - $result = Auth_OpenID_AX_checkAlias($alias); - - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - - $alias = $aliases->addAlias($type_uri, $alias); - - if ($alias === null) { - return new Auth_OpenID_AX_Error( - sprintf("Could not add alias %s for URI %s", - $alias, $type_uri) - ); - } - } - } - - foreach ($aliases->iteritems() as $pair) { - list($type_uri, $alias) = $pair; - - if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) { - - $count_key = 'count.' . $alias; - $count_s = $ax_args[$count_key]; - - $count = Auth_OpenID::intval($count_s); - - if ($count === false) { - return new Auth_OpenID_AX_Error( - sprintf("Integer value expected for %s, got %s", - 'count. %s' . $alias, $count_s, - Auth_OpenID_AX_UNLIMITED_VALUES) - ); - } - - $values = array(); - for ($i = 1; $i < $count + 1; $i++) { - $value_key = sprintf('value.%s.%d', $alias, $i); - - if (!array_key_exists($value_key, $ax_args)) { - return new Auth_OpenID_AX_Error( - sprintf( - "No value found for key %s", - $value_key)); - } - - $value = $ax_args[$value_key]; - $values[] = $value; - } - } else { - $key = 'value.' . $alias; - - if (!array_key_exists($key, $ax_args)) { - return new Auth_OpenID_AX_Error( - sprintf( - "No value found for key %s", - $key)); - } - - $value = $ax_args['value.' . $alias]; - - if ($value == '') { - $values = array(); - } else { - $values = array($value); - } - } - - $this->data[$type_uri] = $values; - } - - return true; - } - - /** - * Get a single value for an attribute. If no value was sent for - * this attribute, use the supplied default. If there is more than - * one value for this attribute, this method will fail. - * - * @param type_uri: The URI for the attribute - * @param default: The value to return if the attribute was not - * sent in the fetch_response. - * - * @return $value Auth_OpenID_AX_Error on failure or the value of - * the attribute in the fetch_response message, or the default - * supplied - */ - function getSingle($type_uri, $default=null) - { - $values = Auth_OpenID::arrayGet($this->data, $type_uri); - if (!$values) { - return $default; - } else if (count($values) == 1) { - return $values[0]; - } else { - return new Auth_OpenID_AX_Error( - sprintf('More than one value present for %s', - $type_uri) - ); - } - } - - /** - * Get the list of values for this attribute in the - * fetch_response. - * - * XXX: what to do if the values are not present? default - * parameter? this is funny because it's always supposed to return - * a list, so the default may break that, though it's provided by - * the user's code, so it might be okay. If no default is - * supplied, should the return be None or []? - * - * @param type_uri: The URI of the attribute - * - * @return $values The list of values for this attribute in the - * response. May be an empty list. If the attribute was not sent - * in the response, returns Auth_OpenID_AX_Error. - */ - function get($type_uri) - { - if (array_key_exists($type_uri, $this->data)) { - return $this->data[$type_uri]; - } else { - return new Auth_OpenID_AX_Error( - sprintf("Type URI %s not found in response", - $type_uri) - ); - } - } - - /** - * Get the number of responses for a particular attribute in this - * fetch_response message. - * - * @param type_uri: The URI of the attribute - * - * @returns int The number of values sent for this attribute. If - * the attribute was not sent in the response, returns - * Auth_OpenID_AX_Error. - */ - function count($type_uri) - { - if (array_key_exists($type_uri, $this->data)) { - return count($this->get($type_uri)); - } else { - return new Auth_OpenID_AX_Error( - sprintf("Type URI %s not found in response", - $type_uri) - ); - } - } -} - -/** - * A fetch_response attribute exchange message. - * - * @package OpenID - */ -class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'fetch_response'; - - function Auth_OpenID_AX_FetchResponse($update_url=null) - { - $this->Auth_OpenID_AX_KeyValueMessage(); - $this->update_url = $update_url; - } - - /** - * Serialize this object into arguments in the attribute exchange - * namespace - * - * @return $args The dictionary of unqualified attribute exchange - * arguments that represent this fetch_response, or - * Auth_OpenID_AX_Error on error. - */ - function getExtensionArgs($request=null) - { - $aliases = new Auth_OpenID_NamespaceMap(); - - $zero_value_types = array(); - - if ($request !== null) { - // Validate the data in the context of the request (the - // same attributes should be present in each, and the - // counts in the response must be no more than the counts - // in the request) - - foreach ($this->data as $type_uri => $unused) { - if (!$request->contains($type_uri)) { - return new Auth_OpenID_AX_Error( - sprintf("Response attribute not present in request: %s", - $type_uri) - ); - } - } - - foreach ($request->iterAttrs() as $attr_info) { - // Copy the aliases from the request so that reading - // the response in light of the request is easier - if ($attr_info->alias === null) { - $aliases->add($attr_info->type_uri); - } else { - $alias = $aliases->addAlias($attr_info->type_uri, - $attr_info->alias); - - if ($alias === null) { - return new Auth_OpenID_AX_Error( - sprintf("Could not add alias %s for URI %s", - $attr_info->alias, $attr_info->type_uri) - ); - } - } - - if (array_key_exists($attr_info->type_uri, $this->data)) { - $values = $this->data[$attr_info->type_uri]; - } else { - $values = array(); - $zero_value_types[] = $attr_info; - } - - if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) && - ($attr_info->count < count($values))) { - return new Auth_OpenID_AX_Error( - sprintf("More than the number of requested values " . - "were specified for %s", - $attr_info->type_uri) - ); - } - } - } - - $kv_args = $this->_getExtensionKVArgs($aliases); - - // Add the KV args into the response with the args that are - // unique to the fetch_response - $ax_args = $this->_newArgs(); - - // For each requested attribute, put its type/alias and count - // into the response even if no data were returned. - foreach ($zero_value_types as $attr_info) { - $alias = $aliases->getAlias($attr_info->type_uri); - $kv_args['type.' . $alias] = $attr_info->type_uri; - $kv_args['count.' . $alias] = '0'; - } - - $update_url = null; - if ($request) { - $update_url = $request->update_url; - } else { - $update_url = $this->update_url; - } - - if ($update_url) { - $ax_args['update_url'] = $update_url; - } - - Auth_OpenID::update($ax_args, $kv_args); - - return $ax_args; - } - - /** - * @return $result Auth_OpenID_AX_Error on failure or true on - * success. - */ - function parseExtensionArgs($ax_args) - { - $result = parent::parseExtensionArgs($ax_args); - - if (Auth_OpenID_AX::isError($result)) { - return $result; - } - - $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url'); - - return true; - } - - /** - * Construct a FetchResponse object from an OpenID library - * SuccessResponse object. - * - * @param success_response: A successful id_res response object - * - * @param signed: Whether non-signed args should be processsed. If - * True (the default), only signed arguments will be processsed. - * - * @return $response A FetchResponse containing the data from the - * OpenID message - */ - static function fromSuccessResponse($success_response, $signed=true) - { - $obj = new Auth_OpenID_AX_FetchResponse(); - if ($signed) { - $ax_args = $success_response->getSignedNS($obj->ns_uri); - } else { - $ax_args = $success_response->message->getArgs($obj->ns_uri); - } - if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || - sizeof($ax_args) == 0) { - return null; - } - - $result = $obj->parseExtensionArgs($ax_args); - if (Auth_OpenID_AX::isError($result)) { - #XXX log me - return null; - } - return $obj; - } -} - -/** - * A store request attribute exchange message representation. - * - * @package OpenID - */ -class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'store_request'; - - /** - * @param array $aliases The namespace aliases to use when making - * this store response. Leave as None to use defaults. - */ - function getExtensionArgs($aliases=null) - { - $ax_args = $this->_newArgs(); - $kv_args = $this->_getExtensionKVArgs($aliases); - Auth_OpenID::update($ax_args, $kv_args); - return $ax_args; - } -} - -/** - * An indication that the store request was processed along with this - * OpenID transaction. Use make(), NOT the constructor, to create - * response objects. - * - * @package OpenID - */ -class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { - var $SUCCESS_MODE = 'store_response_success'; - var $FAILURE_MODE = 'store_response_failure'; - - /** - * Returns Auth_OpenID_AX_Error on error or an - * Auth_OpenID_AX_StoreResponse object on success. - */ - function make($succeeded=true, $error_message=null) - { - if (($succeeded) && ($error_message !== null)) { - return new Auth_OpenID_AX_Error('An error message may only be '. - 'included in a failing fetch response'); - } - - return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message); - } - - function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null) - { - if ($succeeded) { - $this->mode = $this->SUCCESS_MODE; - } else { - $this->mode = $this->FAILURE_MODE; - } - - $this->error_message = $error_message; - } - - /** - * Was this response a success response? - */ - function succeeded() - { - return $this->mode == $this->SUCCESS_MODE; - } - - function getExtensionArgs() - { - $ax_args = $this->_newArgs(); - if ((!$this->succeeded()) && $this->error_message) { - $ax_args['error'] = $this->error_message; - } - - return $ax_args; - } -} - - --- a/lib/openid-php/Auth/OpenID/Association.php +++ /dev/null @@ -1,611 +1,1 @@ - - * @copyright 2005-2008 Janrain, Inc. - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache - */ - -/** - * @access private - */ -require_once 'Auth/OpenID/CryptUtil.php'; - -/** - * @access private - */ -require_once 'Auth/OpenID/KVForm.php'; - -/** - * @access private - */ -require_once 'Auth/OpenID/HMAC.php'; - -/** - * This class represents an association between a server and a - * consumer. In general, users of this library will never see - * instances of this object. The only exception is if you implement a - * custom {@link Auth_OpenID_OpenIDStore}. - * - * If you do implement such a store, it will need to store the values - * of the handle, secret, issued, lifetime, and assoc_type instance - * variables. - * - * @package OpenID - */ -class Auth_OpenID_Association { - - /** - * This is a HMAC-SHA1 specific value. - * - * @access private - */ - var $SIG_LENGTH = 20; - - /** - * The ordering and name of keys as stored by serialize. - * - * @access private - */ - var $assoc_keys = array( - 'version', - 'handle', - 'secret', - 'issued', - 'lifetime', - 'assoc_type' - ); - - var $_macs = array( - 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1', - 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256' - ); - - /** - * This is an alternate constructor (factory method) used by the - * OpenID consumer library to create associations. OpenID store - * implementations shouldn't use this constructor. - * - * @access private - * - * @param integer $expires_in This is the amount of time this - * association is good for, measured in seconds since the - * association was issued. - * - * @param string $handle This is the handle the server gave this - * association. - * - * @param string secret This is the shared secret the server - * generated for this association. - * - * @param assoc_type This is the type of association this - * instance represents. The only valid values of this field at - * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may - * be defined in the future. - * - * @return association An {@link Auth_OpenID_Association} - * instance. - */ - static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) - { - $issued = time(); - $lifetime = $expires_in; - return new Auth_OpenID_Association($handle, $secret, - $issued, $lifetime, $assoc_type); - } - - /** - * This is the standard constructor for creating an association. - * The library should create all of the necessary associations, so - * this constructor is not part of the external API. - * - * @access private - * - * @param string $handle This is the handle the server gave this - * association. - * - * @param string $secret This is the shared secret the server - * generated for this association. - * - * @param integer $issued This is the time this association was - * issued, in seconds since 00:00 GMT, January 1, 1970. (ie, a - * unix timestamp) - * - * @param integer $lifetime This is the amount of time this - * association is good for, measured in seconds since the - * association was issued. - * - * @param string $assoc_type This is the type of association this - * instance represents. The only valid values of this field at - * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may - * be defined in the future. - */ - function Auth_OpenID_Association( - $handle, $secret, $issued, $lifetime, $assoc_type) - { - if (!in_array($assoc_type, - Auth_OpenID_getSupportedAssociationTypes(), true)) { - $fmt = 'Unsupported association type (%s)'; - trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR); - } - - $this->handle = $handle; - $this->secret = $secret; - $this->issued = $issued; - $this->lifetime = $lifetime; - $this->assoc_type = $assoc_type; - } - - /** - * This returns the number of seconds this association is still - * valid for, or 0 if the association is no longer valid. - * - * @return integer $seconds The number of seconds this association - * is still valid for, or 0 if the association is no longer valid. - */ - function getExpiresIn($now = null) - { - if ($now == null) { - $now = time(); - } - - return max(0, $this->issued + $this->lifetime - $now); - } - - /** - * This checks to see if two {@link Auth_OpenID_Association} - * instances represent the same association. - * - * @return bool $result true if the two instances represent the - * same association, false otherwise. - */ - function equal($other) - { - return ((gettype($this) == gettype($other)) - && ($this->handle == $other->handle) - && ($this->secret == $other->secret) - && ($this->issued == $other->issued) - && ($this->lifetime == $other->lifetime) - && ($this->assoc_type == $other->assoc_type)); - } - - /** - * Convert an association to KV form. - * - * @return string $result String in KV form suitable for - * deserialization by deserialize. - */ - function serialize() - { - $data = array( - 'version' => '2', - 'handle' => $this->handle, - 'secret' => base64_encode($this->secret), - 'issued' => strval(intval($this->issued)), - 'lifetime' => strval(intval($this->lifetime)), - 'assoc_type' => $this->assoc_type - ); - - assert(array_keys($data) == $this->assoc_keys); - - return Auth_OpenID_KVForm::fromArray($data, $strict = true); - } - - /** - * Parse an association as stored by serialize(). This is the - * inverse of serialize. - * - * @param string $assoc_s Association as serialized by serialize() - * @return Auth_OpenID_Association $result instance of this class - */ - static function deserialize($class_name, $assoc_s) - { - $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true); - $keys = array(); - $values = array(); - foreach ($pairs as $key => $value) { - if (is_array($value)) { - list($key, $value) = $value; - } - $keys[] = $key; - $values[] = $value; - } - - $class_vars = get_class_vars($class_name); - $class_assoc_keys = $class_vars['assoc_keys']; - - sort($keys); - sort($class_assoc_keys); - - if ($keys != $class_assoc_keys) { - trigger_error('Unexpected key values: ' . var_export($keys, true), - E_USER_WARNING); - return null; - } - - $version = $pairs['version']; - $handle = $pairs['handle']; - $secret = $pairs['secret']; - $issued = $pairs['issued']; - $lifetime = $pairs['lifetime']; - $assoc_type = $pairs['assoc_type']; - - if ($version != '2') { - trigger_error('Unknown version: ' . $version, E_USER_WARNING); - return null; - } - - $issued = intval($issued); - $lifetime = intval($lifetime); - $secret = base64_decode($secret); - - return new $class_name( - $handle, $secret, $issued, $lifetime, $assoc_type); - } - - /** - * Generate a signature for a sequence of (key, value) pairs - * - * @access private - * @param array $pairs The pairs to sign, in order. This is an - * array of two-tuples. - * @return string $signature The binary signature of this sequence - * of pairs - */ - function sign($pairs) - { - $kv = Auth_OpenID_KVForm::fromArray($pairs); - - /* Invalid association types should be caught at constructor */ - $callback = $this->_macs[$this->assoc_type]; - - return call_user_func_array($callback, array($this->secret, $kv)); - } - - /** - * Generate a signature for some fields in a dictionary - * - * @access private - * @param array $fields The fields to sign, in order; this is an - * array of strings. - * @param array $data Dictionary of values to sign (an array of - * string => string pairs). - * @return string $signature The signature, base64 encoded - */ - function signMessage($message) - { - if ($message->hasKey(Auth_OpenID_OPENID_NS, 'sig') || - $message->hasKey(Auth_OpenID_OPENID_NS, 'signed')) { - // Already has a sig - return null; - } - - $extant_handle = $message->getArg(Auth_OpenID_OPENID_NS, - 'assoc_handle'); - - if ($extant_handle && ($extant_handle != $this->handle)) { - // raise ValueError("Message has a different association handle") - return null; - } - - $signed_message = $message; - $signed_message->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', - $this->handle); - - $message_keys = array_keys($signed_message->toPostArgs()); - $signed_list = array(); - $signed_prefix = 'openid.'; - - foreach ($message_keys as $k) { - if (strpos($k, $signed_prefix) === 0) { - $signed_list[] = substr($k, strlen($signed_prefix)); - } - } - - $signed_list[] = 'signed'; - sort($signed_list); - - $signed_message->setArg(Auth_OpenID_OPENID_NS, 'signed', - implode(',', $signed_list)); - $sig = $this->getMessageSignature($signed_message); - $signed_message->setArg(Auth_OpenID_OPENID_NS, 'sig', $sig); - return $signed_message; - } - - /** - * Given a {@link Auth_OpenID_Message}, return the key/value pairs - * to be signed according to the signed list in the message. If - * the message lacks a signed list, return null. - * - * @access private - */ - function _makePairs($message) - { - $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); - if (!$signed || Auth_OpenID::isFailure($signed)) { - // raise ValueError('Message has no signed list: %s' % (message,)) - return null; - } - - $signed_list = explode(',', $signed); - $pairs = array(); - $data = $message->toPostArgs(); - foreach ($signed_list as $field) { - $pairs[] = array($field, Auth_OpenID::arrayGet($data, - 'openid.' . - $field, '')); - } - return $pairs; - } - - /** - * Given an {@link Auth_OpenID_Message}, return the signature for - * the signed list in the message. - * - * @access private - */ - function getMessageSignature($message) - { - $pairs = $this->_makePairs($message); - return base64_encode($this->sign($pairs)); - } - - /** - * Confirm that the signature of these fields matches the - * signature contained in the data. - * - * @access private - */ - function checkMessageSignature($message) - { - $sig = $message->getArg(Auth_OpenID_OPENID_NS, - 'sig'); - - if (!$sig || Auth_OpenID::isFailure($sig)) { - return false; - } - - $calculated_sig = $this->getMessageSignature($message); - return Auth_OpenID_Cryp