123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023 |
- <?php
- require_once "Auth/OpenID/Extension.php";
- require_once "Auth/OpenID/Message.php";
- require_once "Auth/OpenID/TrustRoot.php";
- define('Auth_OpenID_AX_NS_URI',
- 'http://openid.net/srv/ax/1.0');
- define('Auth_OpenID_AX_UNLIMITED_VALUES', 'unlimited');
- define('Auth_OpenID_AX_MINIMUM_SUPPORTED_ALIAS_LENGTH', 32);
- class Auth_OpenID_AX {
-
- static function isError($thing)
- {
- return is_a($thing, 'Auth_OpenID_AX_Error');
- }
- }
- function Auth_OpenID_AX_checkAlias($alias)
- {
- if (strpos($alias, ',') !== false) {
- return new Auth_OpenID_AX_Error(sprintf(
- "Alias %s must not contain comma", $alias));
- }
- if (strpos($alias, '.') !== false) {
- return new Auth_OpenID_AX_Error(sprintf(
- "Alias %s must not contain period", $alias));
- }
- return true;
- }
- class Auth_OpenID_AX_Error {
- function Auth_OpenID_AX_Error($message=null)
- {
- $this->message = $message;
- }
- }
- class Auth_OpenID_AX_Message extends Auth_OpenID_Extension {
-
- var $ns_alias = 'ax';
-
- var $mode = null;
- var $ns_uri = Auth_OpenID_AX_NS_URI;
-
- function _checkMode($ax_args)
- {
- $mode = Auth_OpenID::arrayGet($ax_args, 'mode');
- if ($mode != $this->mode) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "Expected mode '%s'; got '%s'",
- $this->mode, $mode));
- }
- return true;
- }
-
- function _newArgs()
- {
- return array('mode' => $this->mode);
- }
- }
- class Auth_OpenID_AX_AttrInfo {
-
- function Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
- $alias)
- {
-
- $this->required = $required;
-
- $this->count = $count;
-
- $this->type_uri = $type_uri;
-
- $this->alias = $alias;
- }
-
- static function make($type_uri, $count=1, $required=false,
- $alias=null)
- {
- if ($alias !== null) {
- $result = Auth_OpenID_AX_checkAlias($alias);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- }
- return new Auth_OpenID_AX_AttrInfo($type_uri, $count, $required,
- $alias);
- }
-
- function wantsUnlimitedValues()
- {
- return $this->count === Auth_OpenID_AX_UNLIMITED_VALUES;
- }
- }
- function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
- {
- $uris = array();
- if ($alias_list_s) {
- foreach (explode(',', $alias_list_s) as $alias) {
- $type_uri = $namespace_map->getNamespaceURI($alias);
- if ($type_uri === null) {
-
-
- return new Auth_OpenID_AX_Error(
- sprintf('No type is defined for attribute name %s',
- $alias)
- );
- } else {
- $uris[] = $type_uri;
- }
- }
- }
- return $uris;
- }
- class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
- var $mode = 'fetch_request';
- function Auth_OpenID_AX_FetchRequest($update_url=null)
- {
-
- $this->requested_attributes = array();
-
- $this->update_url = $update_url;
- }
-
- function add($attribute)
- {
- if ($this->contains($attribute->type_uri)) {
- return new Auth_OpenID_AX_Error(
- sprintf("The attribute %s has already been requested",
- $attribute->type_uri));
- }
- $this->requested_attributes[$attribute->type_uri] = $attribute;
- return true;
- }
-
- function getExtensionArgs()
- {
- $aliases = new Auth_OpenID_NamespaceMap();
- $required = array();
- $if_available = array();
- $ax_args = $this->_newArgs();
- foreach ($this->requested_attributes as $type_uri => $attribute) {
- if ($attribute->alias === null) {
- $alias = $aliases->add($type_uri);
- } else {
- $alias = $aliases->addAlias($type_uri, $attribute->alias);
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $attribute->alias, $type_uri
- ));
- }
- }
- if ($attribute->required) {
- $required[] = $alias;
- } else {
- $if_available[] = $alias;
- }
- if ($attribute->count != 1) {
- $ax_args['count.' . $alias] = strval($attribute->count);
- }
- $ax_args['type.' . $alias] = $type_uri;
- }
- if ($required) {
- $ax_args['required'] = implode(',', $required);
- }
- if ($if_available) {
- $ax_args['if_available'] = implode(',', $if_available);
- }
- return $ax_args;
- }
-
- function getRequiredAttrs()
- {
- $required = array();
- foreach ($this->requested_attributes as $type_uri => $attribute) {
- if ($attribute->required) {
- $required[] = $type_uri;
- }
- }
- return $required;
- }
-
- static function fromOpenIDRequest($request)
- {
- $m = $request->message;
- $obj = new Auth_OpenID_AX_FetchRequest();
- $ax_args = $m->getArgs($obj->ns_uri);
- $result = $obj->parseExtensionArgs($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- if ($obj->update_url) {
-
-
- $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm',
- $m->getArg(
- Auth_OpenID_OPENID_NS,
- 'return_to'));
- if (!$realm) {
- $obj = new Auth_OpenID_AX_Error(
- sprintf("Cannot validate update_url %s " .
- "against absent realm", $obj->update_url));
- } else if (!Auth_OpenID_TrustRoot::match($realm,
- $obj->update_url)) {
- $obj = new Auth_OpenID_AX_Error(
- sprintf("Update URL %s failed validation against realm %s",
- $obj->update_url, $realm));
- }
- }
- return $obj;
- }
-
- function parseExtensionArgs($ax_args)
- {
- $result = $this->_checkMode($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- $aliases = new Auth_OpenID_NamespaceMap();
- foreach ($ax_args as $key => $value) {
- if (strpos($key, 'type.') === 0) {
- $alias = substr($key, 5);
- $type_uri = $value;
- $alias = $aliases->addAlias($type_uri, $alias);
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $alias, $type_uri)
- );
- }
- $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias);
- if ($count_s) {
- $count = Auth_OpenID::intval($count_s);
- if (($count === false) &&
- ($count_s === Auth_OpenID_AX_UNLIMITED_VALUES)) {
- $count = $count_s;
- }
- } else {
- $count = 1;
- }
- if ($count === false) {
- return new Auth_OpenID_AX_Error(
- sprintf("Integer value expected for %s, got %s",
- 'count.' . $alias, $count_s));
- }
- $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count,
- false, $alias);
- if (Auth_OpenID_AX::isError($attrinfo)) {
- return $attrinfo;
- }
- $this->add($attrinfo);
- }
- }
- $required = Auth_OpenID_AX_toTypeURIs($aliases,
- Auth_OpenID::arrayGet($ax_args, 'required'));
- foreach ($required as $type_uri) {
- $attrib = $this->requested_attributes[$type_uri];
- $attrib->required = true;
- }
- $if_available = Auth_OpenID_AX_toTypeURIs($aliases,
- Auth_OpenID::arrayGet($ax_args, 'if_available'));
- $all_type_uris = array_merge($required, $if_available);
- foreach ($aliases->iterNamespaceURIs() as $type_uri) {
- if (!in_array($type_uri, $all_type_uris)) {
- return new Auth_OpenID_AX_Error(
- sprintf('Type URI %s was in the request but not ' .
- 'present in "required" or "if_available"',
- $type_uri));
- }
- }
- $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
- return true;
- }
-
- function iterAttrs()
- {
- return array_values($this->requested_attributes);
- }
- function iterTypes()
- {
- return array_keys($this->requested_attributes);
- }
-
- function contains($type_uri)
- {
- return in_array($type_uri, $this->iterTypes());
- }
- }
- class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
- function Auth_OpenID_AX_KeyValueMessage()
- {
- $this->data = array();
- }
-
- function addValue($type_uri, $value)
- {
- if (!array_key_exists($type_uri, $this->data)) {
- $this->data[$type_uri] = array();
- }
- $values =& $this->data[$type_uri];
- $values[] = $value;
- }
-
- function setValues($type_uri, &$values)
- {
- $this->data[$type_uri] =& $values;
- }
-
- function _getExtensionKVArgs($aliases)
- {
- if ($aliases === null) {
- $aliases = new Auth_OpenID_NamespaceMap();
- }
- $ax_args = array();
- foreach ($this->data as $type_uri => $values) {
- $alias = $aliases->add($type_uri);
- $ax_args['type.' . $alias] = $type_uri;
- $ax_args['count.' . $alias] = strval(count($values));
- foreach ($values as $i => $value) {
- $key = sprintf('value.%s.%d', $alias, $i + 1);
- $ax_args[$key] = $value;
- }
- }
- return $ax_args;
- }
-
- function parseExtensionArgs($ax_args)
- {
- $result = $this->_checkMode($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- $aliases = new Auth_OpenID_NamespaceMap();
- foreach ($ax_args as $key => $value) {
- if (strpos($key, 'type.') === 0) {
- $type_uri = $value;
- $alias = substr($key, 5);
- $result = Auth_OpenID_AX_checkAlias($alias);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- $alias = $aliases->addAlias($type_uri, $alias);
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $alias, $type_uri)
- );
- }
- }
- }
- foreach ($aliases->iteritems() as $pair) {
- list($type_uri, $alias) = $pair;
- if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
- $count_key = 'count.' . $alias;
- $count_s = $ax_args[$count_key];
- $count = Auth_OpenID::intval($count_s);
- if ($count === false) {
- return new Auth_OpenID_AX_Error(
- sprintf("Integer value expected for %s, got %s",
- 'count. %s' . $alias, $count_s,
- Auth_OpenID_AX_UNLIMITED_VALUES)
- );
- }
- $values = array();
- for ($i = 1; $i < $count + 1; $i++) {
- $value_key = sprintf('value.%s.%d', $alias, $i);
- if (!array_key_exists($value_key, $ax_args)) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "No value found for key %s",
- $value_key));
- }
- $value = $ax_args[$value_key];
- $values[] = $value;
- }
- } else {
- $key = 'value.' . $alias;
- if (!array_key_exists($key, $ax_args)) {
- return new Auth_OpenID_AX_Error(
- sprintf(
- "No value found for key %s",
- $key));
- }
- $value = $ax_args['value.' . $alias];
- if ($value == '') {
- $values = array();
- } else {
- $values = array($value);
- }
- }
- $this->data[$type_uri] = $values;
- }
- return true;
- }
-
- function getSingle($type_uri, $default=null)
- {
- $values = Auth_OpenID::arrayGet($this->data, $type_uri);
- if (!$values) {
- return $default;
- } else if (count($values) == 1) {
- return $values[0];
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf('More than one value present for %s',
- $type_uri)
- );
- }
- }
-
- function get($type_uri)
- {
- if (array_key_exists($type_uri, $this->data)) {
- return $this->data[$type_uri];
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf("Type URI %s not found in response",
- $type_uri)
- );
- }
- }
-
- function count($type_uri)
- {
- if (array_key_exists($type_uri, $this->data)) {
- return count($this->get($type_uri));
- } else {
- return new Auth_OpenID_AX_Error(
- sprintf("Type URI %s not found in response",
- $type_uri)
- );
- }
- }
- }
- class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
- var $mode = 'fetch_response';
- function Auth_OpenID_AX_FetchResponse($update_url=null)
- {
- $this->Auth_OpenID_AX_KeyValueMessage();
- $this->update_url = $update_url;
- }
-
- function getExtensionArgs($request=null)
- {
- $aliases = new Auth_OpenID_NamespaceMap();
- $zero_value_types = array();
- if ($request !== null) {
-
-
-
-
- foreach ($this->data as $type_uri => $unused) {
- if (!$request->contains($type_uri)) {
- return new Auth_OpenID_AX_Error(
- sprintf("Response attribute not present in request: %s",
- $type_uri)
- );
- }
- }
- foreach ($request->iterAttrs() as $attr_info) {
-
-
- if ($attr_info->alias === null) {
- $aliases->add($attr_info->type_uri);
- } else {
- $alias = $aliases->addAlias($attr_info->type_uri,
- $attr_info->alias);
- if ($alias === null) {
- return new Auth_OpenID_AX_Error(
- sprintf("Could not add alias %s for URI %s",
- $attr_info->alias, $attr_info->type_uri)
- );
- }
- }
- if (array_key_exists($attr_info->type_uri, $this->data)) {
- $values = $this->data[$attr_info->type_uri];
- } else {
- $values = array();
- $zero_value_types[] = $attr_info;
- }
- if (($attr_info->count != Auth_OpenID_AX_UNLIMITED_VALUES) &&
- ($attr_info->count < count($values))) {
- return new Auth_OpenID_AX_Error(
- sprintf("More than the number of requested values " .
- "were specified for %s",
- $attr_info->type_uri)
- );
- }
- }
- }
- $kv_args = $this->_getExtensionKVArgs($aliases);
-
-
- $ax_args = $this->_newArgs();
-
-
- foreach ($zero_value_types as $attr_info) {
- $alias = $aliases->getAlias($attr_info->type_uri);
- $kv_args['type.' . $alias] = $attr_info->type_uri;
- $kv_args['count.' . $alias] = '0';
- }
- $update_url = null;
- if ($request) {
- $update_url = $request->update_url;
- } else {
- $update_url = $this->update_url;
- }
- if ($update_url) {
- $ax_args['update_url'] = $update_url;
- }
- Auth_OpenID::update($ax_args, $kv_args);
- return $ax_args;
- }
-
- function parseExtensionArgs($ax_args)
- {
- $result = parent::parseExtensionArgs($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
- return $result;
- }
- $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url');
- return true;
- }
-
- static function fromSuccessResponse($success_response, $signed=true)
- {
- $obj = new Auth_OpenID_AX_FetchResponse();
- if ($signed) {
- $ax_args = $success_response->getSignedNS($obj->ns_uri);
- } else {
- $ax_args = $success_response->message->getArgs($obj->ns_uri);
- }
- if ($ax_args === null || Auth_OpenID::isFailure($ax_args) ||
- sizeof($ax_args) == 0) {
- return null;
- }
- $result = $obj->parseExtensionArgs($ax_args);
- if (Auth_OpenID_AX::isError($result)) {
-
- return null;
- }
- return $obj;
- }
- }
- class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
- var $mode = 'store_request';
-
- function getExtensionArgs($aliases=null)
- {
- $ax_args = $this->_newArgs();
- $kv_args = $this->_getExtensionKVArgs($aliases);
- Auth_OpenID::update($ax_args, $kv_args);
- return $ax_args;
- }
- }
- class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
- var $SUCCESS_MODE = 'store_response_success';
- var $FAILURE_MODE = 'store_response_failure';
-
- function make($succeeded=true, $error_message=null)
- {
- if (($succeeded) && ($error_message !== null)) {
- return new Auth_OpenID_AX_Error('An error message may only be '.
- 'included in a failing fetch response');
- }
- return new Auth_OpenID_AX_StoreResponse($succeeded, $error_message);
- }
- function Auth_OpenID_AX_StoreResponse($succeeded=true, $error_message=null)
- {
- if ($succeeded) {
- $this->mode = $this->SUCCESS_MODE;
- } else {
- $this->mode = $this->FAILURE_MODE;
- }
- $this->error_message = $error_message;
- }
-
- function succeeded()
- {
- return $this->mode == $this->SUCCESS_MODE;
- }
- function getExtensionArgs()
- {
- $ax_args = $this->_newArgs();
- if ((!$this->succeeded()) && $this->error_message) {
- $ax_args['error'] = $this->error_message;
- }
- return $ax_args;
- }
- }
|