-
Notifications
You must be signed in to change notification settings - Fork 26
OpenID
Openid.php (Library) [code] <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /**
- OpenID Library
- @package CodeIgniter
- @author bardelot
- @see http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
-
& http://openidenabled.com/php-openid/
*/
class Openid{
// change me var $storePath = 'tmp';
var $sreg_enable = false; var $sreg_required = null; var $sreg_optional = null; var $sreg_policy = null;
var $pape_enable = false; var $pape_policy_uris = null;
function Openid()
{
$this->object =& get_instance();
$this->_doIncludes();
log_message('debug', "OpenID Class Initialized");
}
function _doIncludes() { set_include_path(dirname(FILE) . PATH_SEPARATOR . get_include_path());
/**
* Require the OpenID consumer code.
*/
require_once "Auth/OpenID/Consumer.php";
/**
* Require the "file store" module, which we'll need to store
* OpenID information.
*/
require_once "Auth/OpenID/FileStore.php";
/**
* Require the Simple Registration extension API.
*/
require_once "Auth/OpenID/SReg.php";
/**
* Require the PAPE extension module.
*/
require_once "Auth/OpenID/PAPE.php";
}
function set_sreg($required = null, $optional = null, $policy = null) { $this->sreg_enable = true; $this->sreg_required = $required; $this->sreg_optional = $optional; $this->sreg_policy = $policy; }
function unset_sreg() { $this->sreg_enable = false; $this->sreg_required = null; $this->sreg_optional = null; $this->sreg_policy = null; }
function set_pape($policy_uris) { $this->pape_enable = true; $this->pape_policy_uris = $policy_uris; }
function unset_pape() { $this->pape_enable = false; $this->pape_policy_uris = null; }
function authenticate($openId, $processUrl, $trustRoot, $extensionArguments = null) { $consumer = $this->_getConsumer(); $authRequest = $consumer->begin($openId);
// No auth request means we can't begin OpenID.
if (!$authRequest) {
echo 'Authentication error; not a valid OpenID.';
exit;
}
if ($this->sreg_enable)
{
$sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
if ($sreg_request)
{
$authRequest->addExtension($sreg_request);
}
else
{
echo 'SREG failed';
exit;
}
}
if ($this->pape_enable)
{
$pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
if ($pape_request)
{
$authRequest->addExtension($pape_request);
}
else
{
echo 'PAPE failed';
exit;
}
}
if ($extensionArguments != null) {
foreach ($extensionArguments as $extensionArgument) {
if (count($extensionArgument) == 3)
{
$authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
}
}
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($authRequest->shouldSendRedirect())
{
$redirect_url = $authRequest->redirectURL($trustRoot, $processUrl);
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url))
{
echo 'Could not redirect to server: ' . $redirect_url->message;
exit;
}
else
{
// Send redirect.
header("Location: ".$redirect_url);
}
}
else
{
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $authRequest->formMarkup($trustRoot, $processUrl, false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html))
{
echo 'Could not redirect to server: ' . $form_html->message;
exit;
}
else
{
$page_contents = array(
"<html><head><title>",
"OpenID transaction in progress",
"</title></head>",
"<body onload='document.getElementById(\"".$form_id."\").submit()'>",
$form_html,
"</body></html>");
print implode("\n", $page_contents);
}
}
}
function getResponse($input) { $consumer = $this->_getConsumer(); $response = $consumer->complete($input);
return $response;
}
function _getConsumer() { if (!file_exists($this->storePath) && !mkdir($this->storePath)) { echo 'Could not create the FileStore directory ' . $this->storePath . '. Please check the effective permissions.'; exit; }
$store = new Auth_OpenID_FileStore($this->storePath);
$consumer = new Auth_OpenID_Consumer($store);
return $consumer;
} } [/code]
Test.php (Controller) [code] <?php
class Test extends Controller {
function Test()
{
parent::Controller();
// uses php session
session_start();
$this->load->library('openid');
$this->load->helper('url');
//$this->output->enable_profiler(TRUE);
}
function index()
{
redirect('test/login');
}
function check()
{
$request_to = site_url('test/check');
$response = $this->openid->getResponse($request_to);
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL)
{
// This means the authentication was cancelled.
$msg = 'Verification cancelled.';
}
else if ($response->status == Auth_OpenID_FAILURE)
{
// Authentication failed; display the error message.
$msg = "OpenID authentication failed: " . $response->message;
}
else if ($response->status == Auth_OpenID_SUCCESS)
{
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
$esc_identity = htmlspecialchars($openid, ENT_QUOTES);
$success = sprintf('You have successfully verified ' .
'<a href="%s">%s</a> as your identity.',
$esc_identity, $esc_identity);
if ($response->endpoint->canonicalID) {
$success .= ' (XRI CanonicalID: '.$response->endpoint->canonicalID.') ';
}
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
if (@$sreg['email']) {
$success .= " You also returned '".$sreg['email']."' as your email.";
}
if (@$sreg['nickname']) {
$success .= " Your nickname is '".$sreg['nickname']."'.";
}
if (@$sreg['fullname']) {
$success .= " Your fullname is '".$sreg['fullname']."'.";
}
$pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
if ($pape_resp) {
if ($pape_resp->auth_policies)
{
$success .= "<p>The following PAPE policies affected the authentication:</p><ul>";
foreach ($pape_resp->auth_policies as $uri)
{
$success .= "<li><tt>$uri</tt></li>";
}
$success .= "</ul>";
}
else
{
$success .= "<p>No PAPE policies affected the authentication.</p>";
}
if ($pape_resp->auth_age)
{
$success .= "<p>The authentication age returned by the " .
"server is: <tt>".$pape_resp->auth_age."</tt></p>";
}
if ($pape_resp->nist_auth_level)
{
$success .= "<p>The NIST auth level returned by the " .
"server is: <tt>".$pape_resp->nist_auth_level."</tt></p>";
}
}
else
{
$success .= "<p>No PAPE response was sent by the provider.</p>";
}
}
if (isset($msg))
{
print "<div class=\"alert\">$msg</div>";
}
if (isset($error))
{
print "<div class=\"error\">$error</div>";
}
if (isset($success))
{
print "<div class=\"success\">$success</div>";
}
}
function policy()
{
echo 'Lorem ipsum...';
}
function login()
{
$user_id = '<changeme>.pip.verisignlabs.com';
$request_to = site_url('test/check');
$trust_root = base_url();
$args = null;
$pape_policy_uris = array(
PAPE_AUTH_MULTI_FACTOR_PHYSICAL,
PAPE_AUTH_MULTI_FACTOR,
PAPE_AUTH_PHISHING_RESISTANT
);
$this->openid->set_sreg(array('nickname'), array('fullname', 'email'), site_url('test/policy'));
$this->openid->set_pape($pape_policy_uris);
$this->openid->authenticate($user_id, $request_to, $trust_root, $args);
} } ?> [/code]