mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
c6a0bf260a
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41771 467b73ca-7a2a-4603-9d3b-597d59a354a9
541 lines
16 KiB
PHP
541 lines
16 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Simple registration request and response parsing and object
|
|
* representation.
|
|
*
|
|
* This module contains objects representing simple registration
|
|
* requests and responses that can be used with both OpenID relying
|
|
* parties and OpenID providers.
|
|
*
|
|
* 1. The relying party creates a request object and adds it to the
|
|
* {@link Auth_OpenID_AuthRequest} object before making the
|
|
* checkid request to the OpenID provider:
|
|
*
|
|
* $sreg_req = Auth_OpenID_SRegRequest::build(array('email'));
|
|
* $auth_request->addExtension($sreg_req);
|
|
*
|
|
* 2. The OpenID provider extracts the simple registration request
|
|
* from the OpenID request using {@link
|
|
* Auth_OpenID_SRegRequest::fromOpenIDRequest}, gets the user's
|
|
* approval and data, creates an {@link Auth_OpenID_SRegResponse}
|
|
* object and adds it to the id_res response:
|
|
*
|
|
* $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest(
|
|
* $checkid_request->message);
|
|
* // [ get the user's approval and data, informing the user that
|
|
* // the fields in sreg_response were requested ]
|
|
* $sreg_resp = Auth_OpenID_SRegResponse::extractResponse(
|
|
* $sreg_req, $user_data);
|
|
* $sreg_resp->toMessage($openid_response->fields);
|
|
*
|
|
* 3. The relying party uses {@link
|
|
* Auth_OpenID_SRegResponse::fromSuccessResponse} to extract the data
|
|
* from the OpenID response:
|
|
*
|
|
* $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse(
|
|
* $success_response);
|
|
*
|
|
* @package OpenID
|
|
*/
|
|
|
|
/**
|
|
* Import message and extension internals.
|
|
*/
|
|
require_once 'Auth/OpenID/Message.php';
|
|
require_once 'Auth/OpenID/Extension.php';
|
|
|
|
// The data fields that are listed in the sreg spec
|
|
global $Auth_OpenID_sreg_data_fields;
|
|
$Auth_OpenID_sreg_data_fields = array(
|
|
'fullname' => 'Full Name',
|
|
'nickname' => 'Nickname',
|
|
'dob' => 'Date of Birth',
|
|
'email' => 'E-mail Address',
|
|
'gender' => 'Gender',
|
|
'postcode' => 'Postal Code',
|
|
'country' => 'Country',
|
|
'language' => 'Language',
|
|
'timezone' => 'Time Zone');
|
|
|
|
/**
|
|
* Check to see that the given value is a valid simple registration
|
|
* data field name. Return true if so, false if not.
|
|
*/
|
|
function Auth_OpenID_checkFieldName($field_name)
|
|
{
|
|
global $Auth_OpenID_sreg_data_fields;
|
|
|
|
if (!in_array($field_name, array_keys($Auth_OpenID_sreg_data_fields))) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
// URI used in the wild for Yadis documents advertising simple
|
|
// registration support
|
|
define('Auth_OpenID_SREG_NS_URI_1_0', 'http://openid.net/sreg/1.0');
|
|
|
|
// URI in the draft specification for simple registration 1.1
|
|
// <http://openid.net/specs/openid-simple-registration-extension-1_1-01.html>
|
|
define('Auth_OpenID_SREG_NS_URI_1_1', 'http://openid.net/extensions/sreg/1.1');
|
|
|
|
// This attribute will always hold the preferred URI to use when
|
|
// adding sreg support to an XRDS file or in an OpenID namespace
|
|
// declaration.
|
|
define('Auth_OpenID_SREG_NS_URI', Auth_OpenID_SREG_NS_URI_1_1);
|
|
|
|
Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
|
|
|
|
/**
|
|
* Does the given endpoint advertise support for simple
|
|
* registration?
|
|
*
|
|
* $endpoint: The endpoint object as returned by OpenID discovery.
|
|
* returns whether an sreg type was advertised by the endpoint
|
|
*/
|
|
function Auth_OpenID_supportsSReg(&$endpoint)
|
|
{
|
|
return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
|
|
$endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
|
|
}
|
|
|
|
/**
|
|
* A base class for classes dealing with Simple Registration protocol
|
|
* messages.
|
|
*
|
|
* @package OpenID
|
|
*/
|
|
class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
|
|
/**
|
|
* Extract the simple registration namespace URI from the given
|
|
* OpenID message. Handles OpenID 1 and 2, as well as both sreg
|
|
* namespace URIs found in the wild, as well as missing namespace
|
|
* definitions (for OpenID 1)
|
|
*
|
|
* $message: The OpenID message from which to parse simple
|
|
* registration fields. This may be a request or response message.
|
|
*
|
|
* Returns the sreg namespace URI for the supplied message. The
|
|
* message may be modified to define a simple registration
|
|
* namespace.
|
|
*
|
|
* @access private
|
|
*/
|
|
function _getSRegNS(&$message)
|
|
{
|
|
$alias = null;
|
|
$found_ns_uri = null;
|
|
|
|
// See if there exists an alias for one of the two defined
|
|
// simple registration types.
|
|
foreach (array(Auth_OpenID_SREG_NS_URI_1_1,
|
|
Auth_OpenID_SREG_NS_URI_1_0) as $sreg_ns_uri) {
|
|
$alias = $message->namespaces->getAlias($sreg_ns_uri);
|
|
if ($alias !== null) {
|
|
$found_ns_uri = $sreg_ns_uri;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ($alias === null) {
|
|
// There is no alias for either of the types, so try to
|
|
// add one. We default to using the modern value (1.1)
|
|
$found_ns_uri = Auth_OpenID_SREG_NS_URI_1_1;
|
|
if ($message->namespaces->addAlias(Auth_OpenID_SREG_NS_URI_1_1,
|
|
'sreg') === null) {
|
|
// An alias for the string 'sreg' already exists, but
|
|
// it's defined for something other than simple
|
|
// registration
|
|
return null;
|
|
}
|
|
}
|
|
|
|
return $found_ns_uri;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* An object to hold the state of a simple registration request.
|
|
*
|
|
* required: A list of the required fields in this simple registration
|
|
* request
|
|
*
|
|
* optional: A list of the optional fields in this simple registration
|
|
* request
|
|
*
|
|
* @package OpenID
|
|
*/
|
|
class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
|
|
|
|
var $ns_alias = 'sreg';
|
|
|
|
/**
|
|
* Initialize an empty simple registration request.
|
|
*/
|
|
function build($required=null, $optional=null,
|
|
$policy_url=null,
|
|
$sreg_ns_uri=Auth_OpenID_SREG_NS_URI)
|
|
{
|
|
$obj = new Auth_OpenID_SRegRequest();
|
|
|
|
$obj->required = array();
|
|
$obj->optional = array();
|
|
$obj->policy_url = $policy_url;
|
|
$obj->ns_uri = $sreg_ns_uri;
|
|
|
|
if ($required) {
|
|
if (!$obj->requestFields($required, true, true)) {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
if ($optional) {
|
|
if (!$obj->requestFields($optional, false, true)) {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
return $obj;
|
|
}
|
|
|
|
/**
|
|
* Create a simple registration request that contains the fields
|
|
* that were requested in the OpenID request with the given
|
|
* arguments
|
|
*
|
|
* $message: The arguments that were given for this OpenID
|
|
* authentication request
|
|
*
|
|
* Returns the newly created simple registration request
|
|
*/
|
|
function fromOpenIDRequest($message)
|
|
{
|
|
$obj = Auth_OpenID_SRegRequest::build();
|
|
|
|
// Since we're going to mess with namespace URI mapping, don't
|
|
// mutate the object that was passed in.
|
|
$m = $message;
|
|
|
|
$obj->ns_uri = $obj->_getSRegNS($m);
|
|
$args = $m->getArgs($obj->ns_uri);
|
|
|
|
if ($args === null) {
|
|
return null;
|
|
}
|
|
|
|
$obj->parseExtensionArgs($args);
|
|
|
|
return $obj;
|
|
}
|
|
|
|
/**
|
|
* Parse the unqualified simple registration request parameters
|
|
* and add them to this object.
|
|
*
|
|
* This method is essentially the inverse of
|
|
* getExtensionArgs. This method restores the serialized simple
|
|
* registration request fields.
|
|
*
|
|
* If you are extracting arguments from a standard OpenID
|
|
* checkid_* request, you probably want to use fromOpenIDRequest,
|
|
* which will extract the sreg namespace and arguments from the
|
|
* OpenID request. This method is intended for cases where the
|
|
* OpenID server needs more control over how the arguments are
|
|
* parsed than that method provides.
|
|
*
|
|
* $args == $message->getArgs($ns_uri);
|
|
* $request->parseExtensionArgs($args);
|
|
*
|
|
* $args: The unqualified simple registration arguments
|
|
*
|
|
* strict: Whether requests with fields that are not defined in
|
|
* the simple registration specification should be tolerated (and
|
|
* ignored)
|
|
*/
|
|
function parseExtensionArgs($args, $strict=false)
|
|
{
|
|
foreach (array('required', 'optional') as $list_name) {
|
|
$required = ($list_name == 'required');
|
|
$items = Auth_OpenID::arrayGet($args, $list_name);
|
|
if ($items) {
|
|
foreach (explode(',', $items) as $field_name) {
|
|
if (!$this->requestField($field_name, $required, $strict)) {
|
|
if ($strict) {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$this->policy_url = Auth_OpenID::arrayGet($args, 'policy_url');
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* A list of all of the simple registration fields that were
|
|
* requested, whether they were required or optional.
|
|
*/
|
|
function allRequestedFields()
|
|
{
|
|
return array_merge($this->required, $this->optional);
|
|
}
|
|
|
|
/**
|
|
* Have any simple registration fields been requested?
|
|
*/
|
|
function wereFieldsRequested()
|
|
{
|
|
return count($this->allRequestedFields());
|
|
}
|
|
|
|
/**
|
|
* Was this field in the request?
|
|
*/
|
|
function contains($field_name)
|
|
{
|
|
return (in_array($field_name, $this->required) ||
|
|
in_array($field_name, $this->optional));
|
|
}
|
|
|
|
/**
|
|
* Request the specified field from the OpenID user
|
|
*
|
|
* $field_name: the unqualified simple registration field name
|
|
*
|
|
* required: whether the given field should be presented to the
|
|
* user as being a required to successfully complete the request
|
|
*
|
|
* strict: whether to raise an exception when a field is added to
|
|
* a request more than once
|
|
*/
|
|
function requestField($field_name,
|
|
$required=false, $strict=false)
|
|
{
|
|
if (!Auth_OpenID_checkFieldName($field_name)) {
|
|
return false;
|
|
}
|
|
|
|
if ($strict) {
|
|
if ($this->contains($field_name)) {
|
|
return false;
|
|
}
|
|
} else {
|
|
if (in_array($field_name, $this->required)) {
|
|
return true;
|
|
}
|
|
|
|
if (in_array($field_name, $this->optional)) {
|
|
if ($required) {
|
|
unset($this->optional[array_search($field_name,
|
|
$this->optional)]);
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($required) {
|
|
$this->required[] = $field_name;
|
|
} else {
|
|
$this->optional[] = $field_name;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Add the given list of fields to the request
|
|
*
|
|
* field_names: The simple registration data fields to request
|
|
*
|
|
* required: Whether these values should be presented to the user
|
|
* as required
|
|
*
|
|
* strict: whether to raise an exception when a field is added to
|
|
* a request more than once
|
|
*/
|
|
function requestFields($field_names, $required=false, $strict=false)
|
|
{
|
|
if (!is_array($field_names)) {
|
|
return false;
|
|
}
|
|
|
|
foreach ($field_names as $field_name) {
|
|
if (!$this->requestField($field_name, $required, $strict=$strict)) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Get a dictionary of unqualified simple registration arguments
|
|
* representing this request.
|
|
*
|
|
* This method is essentially the inverse of
|
|
* C{L{parseExtensionArgs}}. This method serializes the simple
|
|
* registration request fields.
|
|
*/
|
|
function getExtensionArgs()
|
|
{
|
|
$args = array();
|
|
|
|
if ($this->required) {
|
|
$args['required'] = implode(',', $this->required);
|
|
}
|
|
|
|
if ($this->optional) {
|
|
$args['optional'] = implode(',', $this->optional);
|
|
}
|
|
|
|
if ($this->policy_url) {
|
|
$args['policy_url'] = $this->policy_url;
|
|
}
|
|
|
|
return $args;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Represents the data returned in a simple registration response
|
|
* inside of an OpenID C{id_res} response. This object will be created
|
|
* by the OpenID server, added to the C{id_res} response object, and
|
|
* then extracted from the C{id_res} message by the Consumer.
|
|
*
|
|
* @package OpenID
|
|
*/
|
|
class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
|
|
|
|
var $ns_alias = 'sreg';
|
|
|
|
function Auth_OpenID_SRegResponse($data=null,
|
|
$sreg_ns_uri=Auth_OpenID_SREG_NS_URI)
|
|
{
|
|
if ($data === null) {
|
|
$this->data = array();
|
|
} else {
|
|
$this->data = $data;
|
|
}
|
|
|
|
$this->ns_uri = $sreg_ns_uri;
|
|
}
|
|
|
|
/**
|
|
* Take a C{L{SRegRequest}} and a dictionary of simple
|
|
* registration values and create a C{L{SRegResponse}} object
|
|
* containing that data.
|
|
*
|
|
* request: The simple registration request object
|
|
*
|
|
* data: The simple registration data for this response, as a
|
|
* dictionary from unqualified simple registration field name to
|
|
* string (unicode) value. For instance, the nickname should be
|
|
* stored under the key 'nickname'.
|
|
*/
|
|
function extractResponse($request, $data)
|
|
{
|
|
$obj = new Auth_OpenID_SRegResponse();
|
|
$obj->ns_uri = $request->ns_uri;
|
|
|
|
foreach ($request->allRequestedFields() as $field) {
|
|
$value = Auth_OpenID::arrayGet($data, $field);
|
|
if ($value !== null) {
|
|
$obj->data[$field] = $value;
|
|
}
|
|
}
|
|
|
|
return $obj;
|
|
}
|
|
|
|
/**
|
|
* Create a C{L{SRegResponse}} object from a successful OpenID
|
|
* library response
|
|
* (C{L{openid.consumer.consumer.SuccessResponse}}) response
|
|
* message
|
|
*
|
|
* success_response: A SuccessResponse from consumer.complete()
|
|
*
|
|
* signed_only: Whether to process only data that was
|
|
* signed in the id_res message from the server.
|
|
*
|
|
* Returns a simple registration response containing the data that
|
|
* was supplied with the C{id_res} response.
|
|
*/
|
|
function fromSuccessResponse(&$success_response, $signed_only=true)
|
|
{
|
|
global $Auth_OpenID_sreg_data_fields;
|
|
|
|
$obj = new Auth_OpenID_SRegResponse();
|
|
$obj->ns_uri = $obj->_getSRegNS($success_response->message);
|
|
|
|
if ($signed_only) {
|
|
$args = $success_response->getSignedNS($obj->ns_uri);
|
|
} else {
|
|
$args = $success_response->message->getArgs($obj->ns_uri);
|
|
}
|
|
|
|
if ($args === null) {
|
|
return null;
|
|
}
|
|
|
|
foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) {
|
|
if (in_array($field_name, array_keys($args))) {
|
|
$obj->data[$field_name] = $args[$field_name];
|
|
}
|
|
}
|
|
|
|
return $obj;
|
|
}
|
|
|
|
function getExtensionArgs()
|
|
{
|
|
return $this->data;
|
|
}
|
|
|
|
// Read-only dictionary interface
|
|
function get($field_name, $default=null)
|
|
{
|
|
if (!Auth_OpenID_checkFieldName($field_name)) {
|
|
return null;
|
|
}
|
|
|
|
return Auth_OpenID::arrayGet($this->data, $field_name, $default);
|
|
}
|
|
|
|
function contents()
|
|
{
|
|
return $this->data;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Convenience function for copying all the sreg data that was
|
|
* requested from a supplied set of sreg data into the response
|
|
* message. If no data were requested, no data will be sent.
|
|
*
|
|
* openid_request: The OpenID (checkid_*) request that may be
|
|
* requesting sreg data.
|
|
*
|
|
* data: The simple registration data to send. All requested fields
|
|
* that are present in this dictionary will be added to the response
|
|
* message.
|
|
*
|
|
* openid_response: The OpenID C{id_res} response to which the simple
|
|
* registration data should be added
|
|
*
|
|
* Does not return a value; updates the openid_response instead.
|
|
*/
|
|
function Auth_OpenID_sendSRegFields(&$openid_request, $data, &$openid_response)
|
|
{
|
|
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest(
|
|
$openid_request->message);
|
|
$sreg_response = Auth_OpenID_SRegResponse::extractResponse(
|
|
$sreg_request, $data);
|
|
$sreg_response->toMessage($openid_response->fields);
|
|
}
|
|
|
|
?>
|