openinfra
/
openstackid
Code Issues Proposed changes
openstackid/app/libs/openid/requests/OpenIdAuthenticationRequest...

124 lines
4.0 KiB
PHP
Raw Blame History

<?php
namespace openid\requests;
use openid\helpers\OpenIdUriHelper;
use openid\OpenIdMessage;
use openid\OpenIdProtocol;
use openid\services\OpenIdServiceCatalog;
use utils\services\Registry;
use Exception;
use utils\services\UtilsServiceCatalog;
class OpenIdAuthenticationRequest extends OpenIdRequest
{
public function __construct(OpenIdMessage $message)
{
parent::__construct($message);
}
public static function IsOpenIdAuthenticationRequest(OpenIdMessage $message)
{
$mode = $message->getMode();
if ($mode == OpenIdProtocol::ImmediateMode || $mode == OpenIdProtocol::SetupMode) return true;
return false;
}
public function getAssocHandle()
{
return $this->getParam(OpenIdProtocol::OpenIDProtocol_AssocHandle);
}
public function isValid()
{
try{
$return_to = $this->getReturnTo();
$claimed_id = $this->getClaimedId();
$identity = $this->getIdentity();
$mode = $this->getMode();
$realm = $this->getRealm();
$valid_realm = OpenIdUriHelper::checkRealm($realm, $return_to);
$valid_id = $this->isValidIdentifier($claimed_id, $identity);
return !empty($return_to)
&& !empty($realm)
&& $valid_realm
&& !empty($claimed_id)
&& !empty($identity)
&& $valid_id
&& !empty($mode) && ($mode == OpenIdProtocol::ImmediateMode || $mode == OpenIdProtocol::SetupMode);
}
catch(Exception $ex){
$log = Registry::getInstance()->get(UtilsServiceCatalog::LogService);
$log->error($ex);
return false;
}
}
public function getReturnTo()
{
$return_to = $this->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo);
return (OpenIdUriHelper::checkReturnTo($return_to)) ? $return_to : "";
}
public function getClaimedId()
{
return $this->getParam(OpenIdProtocol::OpenIDProtocol_ClaimedId);
}
public function getIdentity()
{
return $this->getParam(OpenIdProtocol::OpenIDProtocol_Identity);
}
public function getRealm()
{
$realm = $this->getParam(OpenIdProtocol::OpenIDProtocol_Realm);
return $realm;
}
public function isIdentitySelectByOP(){
$claimed_id = $this->getClaimedId();
$identity = $this->getIdentity();
//http://specs.openid.net/auth/2.0/identifier_select
if ($claimed_id == $identity && $identity == OpenIdProtocol::IdentifierSelectType)
return true;
return false;
}
/**
* @param $claimed_id The Claimed Identifier.
* @param $identity The OP-Local Identifier.
* @return bool
*/
private function isValidIdentifier($claimed_id, $identity)
{
/*
* openid.claimed_id" and "openid.identity" SHALL be either both present or both absent.
* If neither value is present, the assertion is not about an identifier, and will contain
* other information in its payload, using extensions.
*/
$server_configuration_service = Registry::getInstance()->get(OpenIdServiceCatalog::ServerConfigurationService);
if (is_null($claimed_id) && is_null($identity))
return false;
//http://specs.openid.net/auth/2.0/identifier_select
if ($claimed_id == $identity && $identity == OpenIdProtocol::IdentifierSelectType)
return true;
if (OpenIdUriHelper::isValidUrl($claimed_id) && OpenIdUriHelper::isValidUrl($identity)) {
$identity_url_pattern = $server_configuration_service->getUserIdentityEndpointURL("@identifier");
$url_parts = explode("@", $identity_url_pattern, 2);
$base_identity_url = $url_parts[0];
if (strpos($identity, $base_identity_url) !== false)
return true;
if (strpos($claimed_id, $base_identity_url) !== false)
return true;
}
return false;
}
}
View Git Blame Copy Permalink