diff options
Diffstat (limited to 'models/Auth/OpenID/Message.php')
| -rw-r--r-- | models/Auth/OpenID/Message.php | 920 |
1 files changed, 0 insertions, 920 deletions
diff --git a/models/Auth/OpenID/Message.php b/models/Auth/OpenID/Message.php deleted file mode 100644 index 9aa1fa468..000000000 --- a/models/Auth/OpenID/Message.php +++ /dev/null @@ -1,920 +0,0 @@ -<?php - -/** - * Extension argument processing code - * - * @package OpenID - */ - -/** - * Import tools needed to deal with messages. - */ -require_once 'Auth/OpenID.php'; -require_once 'Auth/OpenID/KVForm.php'; -require_once 'Auth/Yadis/XML.php'; -require_once 'Auth/OpenID/Consumer.php'; // For Auth_OpenID_FailureResponse - -// This doesn't REALLY belong here, but where is better? -define('Auth_OpenID_IDENTIFIER_SELECT', - "http://specs.openid.net/auth/2.0/identifier_select"); - -// URI for Simple Registration extension, the only commonly deployed -// OpenID 1.x extension, and so a special case -define('Auth_OpenID_SREG_URI', 'http://openid.net/sreg/1.0'); - -// The OpenID 1.X namespace URI -define('Auth_OpenID_OPENID1_NS', 'http://openid.net/signon/1.0'); -define('Auth_OpenID_THE_OTHER_OPENID1_NS', 'http://openid.net/signon/1.1'); - -function Auth_OpenID_isOpenID1($ns) -{ - return ($ns == Auth_OpenID_THE_OTHER_OPENID1_NS) || - ($ns == Auth_OpenID_OPENID1_NS); -} - -// The OpenID 2.0 namespace URI -define('Auth_OpenID_OPENID2_NS', 'http://specs.openid.net/auth/2.0'); - -// The namespace consisting of pairs with keys that are prefixed with -// "openid." but not in another namespace. -define('Auth_OpenID_NULL_NAMESPACE', 'Null namespace'); - -// The null namespace, when it is an allowed OpenID namespace -define('Auth_OpenID_OPENID_NS', 'OpenID namespace'); - -// The top-level namespace, excluding all pairs with keys that start -// with "openid." -define('Auth_OpenID_BARE_NS', 'Bare namespace'); - -// Sentinel for Message implementation to indicate that getArg should -// return null instead of returning a default. -define('Auth_OpenID_NO_DEFAULT', 'NO DEFAULT ALLOWED'); - -// Limit, in bytes, of identity provider and return_to URLs, including -// response payload. See OpenID 1.1 specification, Appendix D. -define('Auth_OpenID_OPENID1_URL_LIMIT', 2047); - -// All OpenID protocol fields. Used to check namespace aliases. -global $Auth_OpenID_OPENID_PROTOCOL_FIELDS; -$Auth_OpenID_OPENID_PROTOCOL_FIELDS = array( - 'ns', 'mode', 'error', 'return_to', 'contact', 'reference', - 'signed', 'assoc_type', 'session_type', 'dh_modulus', 'dh_gen', - 'dh_consumer_public', 'claimed_id', 'identity', 'realm', - 'invalidate_handle', 'op_endpoint', 'response_nonce', 'sig', - 'assoc_handle', 'trust_root', 'openid'); - -// Global namespace / alias registration map. See -// Auth_OpenID_registerNamespaceAlias. -global $Auth_OpenID_registered_aliases; -$Auth_OpenID_registered_aliases = array(); - -/** - * Registers a (namespace URI, alias) mapping in a global namespace - * alias map. Raises NamespaceAliasRegistrationError if either the - * namespace URI or alias has already been registered with a different - * value. This function is required if you want to use a namespace - * with an OpenID 1 message. - */ -function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias) -{ - global $Auth_OpenID_registered_aliases; - - if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases, - $alias) == $namespace_uri) { - return true; - } - - if (in_array($namespace_uri, - array_values($Auth_OpenID_registered_aliases))) { - return false; - } - - if (in_array($alias, array_keys($Auth_OpenID_registered_aliases))) { - return false; - } - - $Auth_OpenID_registered_aliases[$alias] = $namespace_uri; - return true; -} - -/** - * Removes a (namespace_uri, alias) registration from the global - * namespace alias map. Returns true if the removal succeeded; false - * if not (if the mapping did not exist). - */ -function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias) -{ - global $Auth_OpenID_registered_aliases; - - if (Auth_OpenID::arrayGet($Auth_OpenID_registered_aliases, - $alias) === $namespace_uri) { - unset($Auth_OpenID_registered_aliases[$alias]); - return true; - } - - return false; -} - -/** - * An Auth_OpenID_Mapping maintains a mapping from arbitrary keys to - * arbitrary values. (This is unlike an ordinary PHP array, whose - * keys may be only simple scalars.) - * - * @package OpenID - */ -class Auth_OpenID_Mapping { - /** - * Initialize a mapping. If $classic_array is specified, its keys - * and values are used to populate the mapping. - */ - function Auth_OpenID_Mapping($classic_array = null) - { - $this->keys = array(); - $this->values = array(); - - if (is_array($classic_array)) { - foreach ($classic_array as $key => $value) { - $this->set($key, $value); - } - } - } - - /** - * Returns true if $thing is an Auth_OpenID_Mapping object; false - * if not. - */ - static function isA($thing) - { - return (is_object($thing) && - strtolower(get_class($thing)) == 'auth_openid_mapping'); - } - - /** - * Returns an array of the keys in the mapping. - */ - function keys() - { - return $this->keys; - } - - /** - * Returns an array of values in the mapping. - */ - function values() - { - return $this->values; - } - - /** - * Returns an array of (key, value) pairs in the mapping. - */ - function items() - { - $temp = array(); - - for ($i = 0; $i < count($this->keys); $i++) { - $temp[] = array($this->keys[$i], - $this->values[$i]); - } - return $temp; - } - - /** - * Returns the "length" of the mapping, or the number of keys. - */ - function len() - { - return count($this->keys); - } - - /** - * Sets a key-value pair in the mapping. If the key already - * exists, its value is replaced with the new value. - */ - function set($key, $value) - { - $index = array_search($key, $this->keys); - - if ($index !== false) { - $this->values[$index] = $value; - } else { - $this->keys[] = $key; - $this->values[] = $value; - } - } - - /** - * Gets a specified value from the mapping, associated with the - * specified key. If the key does not exist in the mapping, - * $default is returned instead. - */ - function get($key, $default = null) - { - $index = array_search($key, $this->keys); - - if ($index !== false) { - return $this->values[$index]; - } else { - return $default; - } - } - - /** - * @access private - */ - function _reflow() - { - // PHP is broken yet again. Sort the arrays to remove the - // hole in the numeric indexes that make up the array. - $old_keys = $this->keys; - $old_values = $this->values; - - $this->keys = array(); - $this->values = array(); - - foreach ($old_keys as $k) { - $this->keys[] = $k; - } - - foreach ($old_values as $v) { - $this->values[] = $v; - } - } - - /** - * Deletes a key-value pair from the mapping with the specified - * key. - */ - function del($key) - { - $index = array_search($key, $this->keys); - - if ($index !== false) { - unset($this->keys[$index]); - unset($this->values[$index]); - $this->_reflow(); - return true; - } - return false; - } - - /** - * Returns true if the specified value has a key in the mapping; - * false if not. - */ - function contains($value) - { - return (array_search($value, $this->keys) !== false); - } -} - -/** - * Maintains a bijective map between namespace uris and aliases. - * - * @package OpenID - */ -class Auth_OpenID_NamespaceMap { - function Auth_OpenID_NamespaceMap() - { - $this->alias_to_namespace = new Auth_OpenID_Mapping(); - $this->namespace_to_alias = new Auth_OpenID_Mapping(); - $this->implicit_namespaces = array(); - } - - function getAlias($namespace_uri) - { - return $this->namespace_to_alias->get($namespace_uri); - } - - function getNamespaceURI($alias) - { - return $this->alias_to_namespace->get($alias); - } - - function iterNamespaceURIs() - { - // Return an iterator over the namespace URIs - return $this->namespace_to_alias->keys(); - } - - function iterAliases() - { - // Return an iterator over the aliases""" - return $this->alias_to_namespace->keys(); - } - - function iteritems() - { - return $this->namespace_to_alias->items(); - } - - function isImplicit($namespace_uri) - { - return in_array($namespace_uri, $this->implicit_namespaces); - } - - function addAlias($namespace_uri, $desired_alias, $implicit=false) - { - // Add an alias from this namespace URI to the desired alias - global $Auth_OpenID_OPENID_PROTOCOL_FIELDS; - - // Check that desired_alias is not an openid protocol field as - // per the spec. - if (in_array($desired_alias, $Auth_OpenID_OPENID_PROTOCOL_FIELDS)) { - Auth_OpenID::log("\"%s\" is not an allowed namespace alias", - $desired_alias); - return null; - } - - // Check that desired_alias does not contain a period as per - // the spec. - if (strpos($desired_alias, '.') !== false) { - Auth_OpenID::log('"%s" must not contain a dot', $desired_alias); - return null; - } - - // Check that there is not a namespace already defined for the - // desired alias - $current_namespace_uri = - $this->alias_to_namespace->get($desired_alias); - - if (($current_namespace_uri !== null) && - ($current_namespace_uri != $namespace_uri)) { - Auth_OpenID::log('Cannot map "%s" because previous mapping exists', - $namespace_uri); - return null; - } - - // Check that there is not already a (different) alias for - // this namespace URI - $alias = $this->namespace_to_alias->get($namespace_uri); - - if (($alias !== null) && ($alias != $desired_alias)) { - Auth_OpenID::log('Cannot map %s to alias %s. ' . - 'It is already mapped to alias %s', - $namespace_uri, $desired_alias, $alias); - return null; - } - - assert((Auth_OpenID_NULL_NAMESPACE === $desired_alias) || - is_string($desired_alias)); - - $this->alias_to_namespace->set($desired_alias, $namespace_uri); - $this->namespace_to_alias->set($namespace_uri, $desired_alias); - if ($implicit) { - array_push($this->implicit_namespaces, $namespace_uri); - } - - return $desired_alias; - } - - function add($namespace_uri) - { - // Add this namespace URI to the mapping, without caring what - // alias it ends up with - - // See if this namespace is already mapped to an alias - $alias = $this->namespace_to_alias->get($namespace_uri); - - if ($alias !== null) { - return $alias; - } - - // Fall back to generating a numerical alias - $i = 0; - while (1) { - $alias = 'ext' . strval($i); - if ($this->addAlias($namespace_uri, $alias) === null) { - $i += 1; - } else { - return $alias; - } - } - - // Should NEVER be reached! - return null; - } - - function contains($namespace_uri) - { - return $this->isDefined($namespace_uri); - } - - function isDefined($namespace_uri) - { - return $this->namespace_to_alias->contains($namespace_uri); - } -} - -/** - * In the implementation of this object, null represents the global - * namespace as well as a namespace with no key. - * - * @package OpenID - */ -class Auth_OpenID_Message { - - function Auth_OpenID_Message($openid_namespace = null) - { - // Create an empty Message - $this->allowed_openid_namespaces = array( - Auth_OpenID_OPENID1_NS, - Auth_OpenID_THE_OTHER_OPENID1_NS, - Auth_OpenID_OPENID2_NS); - - $this->args = new Auth_OpenID_Mapping(); - $this->namespaces = new Auth_OpenID_NamespaceMap(); - if ($openid_namespace === null) { - $this->_openid_ns_uri = null; - } else { - $implicit = Auth_OpenID_isOpenID1($openid_namespace); - $this->setOpenIDNamespace($openid_namespace, $implicit); - } - } - - function isOpenID1() - { - return Auth_OpenID_isOpenID1($this->getOpenIDNamespace()); - } - - function isOpenID2() - { - return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS; - } - - static function fromPostArgs($args) - { - // Construct a Message containing a set of POST arguments - $obj = new Auth_OpenID_Message(); - - // Partition into "openid." args and bare args - $openid_args = array(); - foreach ($args as $key => $value) { - - if (is_array($value)) { - return null; - } - - $parts = explode('.', $key, 2); - - if (count($parts) == 2) { - list($prefix, $rest) = $parts; - } else { - $prefix = null; - } - - if ($prefix != 'openid') { - $obj->args->set(array(Auth_OpenID_BARE_NS, $key), $value); - } else { - $openid_args[$rest] = $value; - } - } - - if ($obj->_fromOpenIDArgs($openid_args)) { - return $obj; - } else { - return null; - } - } - - static function fromOpenIDArgs($openid_args) - { - // Takes an array. - - // Construct a Message from a parsed KVForm message - $obj = new Auth_OpenID_Message(); - if ($obj->_fromOpenIDArgs($openid_args)) { - return $obj; - } else { - return null; - } - } - - /** - * @access private - */ - function _fromOpenIDArgs($openid_args) - { - global $Auth_OpenID_registered_aliases; - - // Takes an Auth_OpenID_Mapping instance OR an array. - - if (!Auth_OpenID_Mapping::isA($openid_args)) { - $openid_args = new Auth_OpenID_Mapping($openid_args); - } - - $ns_args = array(); - - // Resolve namespaces - foreach ($openid_args->items() as $pair) { - list($rest, $value) = $pair; - - $parts = explode('.', $rest, 2); - - if (count($parts) == 2) { - list($ns_alias, $ns_key) = $parts; - } else { - $ns_alias = Auth_OpenID_NULL_NAMESPACE; - $ns_key = $rest; - } - - if ($ns_alias == 'ns') { - if ($this->namespaces->addAlias($value, $ns_key) === null) { - return false; - } - } else if (($ns_alias == Auth_OpenID_NULL_NAMESPACE) && - ($ns_key == 'ns')) { - // null namespace - if ($this->setOpenIDNamespace($value, false) === false) { - return false; - } - } else { - $ns_args[] = array($ns_alias, $ns_key, $value); - } - } - - if (!$this->getOpenIDNamespace()) { - if ($this->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, true) === - false) { - return false; - } - } - - // Actually put the pairs into the appropriate namespaces - foreach ($ns_args as $triple) { - list($ns_alias, $ns_key, $value) = $triple; - $ns_uri = $this->namespaces->getNamespaceURI($ns_alias); - if ($ns_uri === null) { - $ns_uri = $this->_getDefaultNamespace($ns_alias); - if ($ns_uri === null) { - - $ns_uri = Auth_OpenID_OPENID_NS; - $ns_key = sprintf('%s.%s', $ns_alias, $ns_key); - } else { - $this->namespaces->addAlias($ns_uri, $ns_alias, true); - } - } - - $this->setArg($ns_uri, $ns_key, $value); - } - - return true; - } - - function _getDefaultNamespace($mystery_alias) - { - global $Auth_OpenID_registered_aliases; - if ($this->isOpenID1()) { - return @$Auth_OpenID_registered_aliases[$mystery_alias]; - } - return null; - } - - function setOpenIDNamespace($openid_ns_uri, $implicit) - { - if (!in_array($openid_ns_uri, $this->allowed_openid_namespaces)) { - Auth_OpenID::log('Invalid null namespace: "%s"', $openid_ns_uri); - return false; - } - - $succeeded = $this->namespaces->addAlias($openid_ns_uri, - Auth_OpenID_NULL_NAMESPACE, - $implicit); - if ($succeeded === false) { - return false; - } - - $this->_openid_ns_uri = $openid_ns_uri; - - return true; - } - - function getOpenIDNamespace() - { - return $this->_openid_ns_uri; - } - - static function fromKVForm($kvform_string) - { - // Create a Message from a KVForm string - return Auth_OpenID_Message::fromOpenIDArgs( - Auth_OpenID_KVForm::toArray($kvform_string)); - } - - function copy() - { - return $this; - } - - function toPostArgs() - { - // Return all arguments with openid. in front of namespaced - // arguments. - - $args = array(); - - // Add namespace definitions to the output - foreach ($this->namespaces->iteritems() as $pair) { - list($ns_uri, $alias) = $pair; - if ($this->namespaces->isImplicit($ns_uri)) { - continue; - } - if ($alias == Auth_OpenID_NULL_NAMESPACE) { - $ns_key = 'openid.ns'; - } else { - $ns_key = 'openid.ns.' . $alias; - } - $args[$ns_key] = $ns_uri; - } - - foreach ($this->args->items() as $pair) { - list($ns_parts, $value) = $pair; - list($ns_uri, $ns_key) = $ns_parts; - $key = $this->getKey($ns_uri, $ns_key); - $args[$key] = $value; - } - - return $args; - } - - function toArgs() - { - // Return all namespaced arguments, failing if any - // non-namespaced arguments exist. - $post_args = $this->toPostArgs(); - $kvargs = array(); - foreach ($post_args as $k => $v) { - if (strpos($k, 'openid.') !== 0) { - // raise ValueError( - // 'This message can only be encoded as a POST, because it ' - // 'contains arguments that are not prefixed with "openid."') - return null; - } else { - $kvargs[substr($k, 7)] = $v; - } - } - - return $kvargs; - } - - function toFormMarkup($action_url, $form_tag_attrs = null, - $submit_text = "Continue") - { - $form = "<form accept-charset=\"UTF-8\" ". - "enctype=\"application/x-www-form-urlencoded\""; - - if (!$form_tag_attrs) { - $form_tag_attrs = array(); - } - - $form_tag_attrs['action'] = $action_url; - $form_tag_attrs['method'] = 'post'; - - unset($form_tag_attrs['enctype']); - unset($form_tag_attrs['accept-charset']); - - if ($form_tag_attrs) { - foreach ($form_tag_attrs as $name => $attr) { - $form .= sprintf(" %s=\"%s\"", $name, $attr); - } - } - - $form .= ">\n"; - - foreach ($this->toPostArgs() as $name => $value) { - $form .= sprintf( - "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n", - $name, $value); - } - - $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n", - $submit_text); - - $form .= "</form>\n"; - - return $form; - } - - function toURL($base_url) - { - // Generate a GET URL with the parameters in this message - // attached as query parameters. - return Auth_OpenID::appendArgs($base_url, $this->toPostArgs()); - } - - function toKVForm() - { - // Generate a KVForm string that contains the parameters in - // this message. This will fail if the message contains - // arguments outside of the 'openid.' prefix. - return Auth_OpenID_KVForm::fromArray($this->toArgs()); - } - - function toURLEncoded() - { - // Generate an x-www-urlencoded string - $args = array(); - - foreach ($this->toPostArgs() as $k => $v) { - $args[] = array($k, $v); - } - - sort($args); - return Auth_OpenID::httpBuildQuery($args); - } - - /** - * @access private - */ - function _fixNS($namespace) - { - // Convert an input value into the internally used values of - // this object - - if ($namespace == Auth_OpenID_OPENID_NS) { - if ($this->_openid_ns_uri === null) { - return new Auth_OpenID_FailureResponse(null, - 'OpenID namespace not set'); - } else { - $namespace = $this->_openid_ns_uri; - } - } - - if (($namespace != Auth_OpenID_BARE_NS) && - (!is_string($namespace))) { - //TypeError - $err_msg = sprintf("Namespace must be Auth_OpenID_BARE_NS, ". - "Auth_OpenID_OPENID_NS or a string. got %s", - print_r($namespace, true)); - return new Auth_OpenID_FailureResponse(null, $err_msg); - } - - if (($namespace != Auth_OpenID_BARE_NS) && - (strpos($namespace, ':') === false)) { - // fmt = 'OpenID 2.0 namespace identifiers SHOULD be URIs. Got %r' - // warnings.warn(fmt % (namespace,), DeprecationWarning) - - if ($namespace == 'sreg') { - // fmt = 'Using %r instead of "sreg" as namespace' - // warnings.warn(fmt % (SREG_URI,), DeprecationWarning,) - return Auth_OpenID_SREG_URI; - } - } - - return $namespace; - } - - function hasKey($namespace, $ns_key) - { - $namespace = $this->_fixNS($namespace); - if (Auth_OpenID::isFailure($namespace)) { - // XXX log me - return false; - } else { - return $this->args->contains(array($namespace, $ns_key)); - } - } - - function getKey($namespace, $ns_key) - { - // Get the key for a particular namespaced argument - $namespace = $this->_fixNS($namespace); - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } - if ($namespace == Auth_OpenID_BARE_NS) { - return $ns_key; - } - - $ns_alias = $this->namespaces->getAlias($namespace); - - // No alias is defined, so no key can exist - if ($ns_alias === null) { - return null; - } - - if ($ns_alias == Auth_OpenID_NULL_NAMESPACE) { - $tail = $ns_key; - } else { - $tail = sprintf('%s.%s', $ns_alias, $ns_key); - } - - return 'openid.' . $tail; - } - - function getArg($namespace, $key, $default = null) - { - // Get a value for a namespaced key. - $namespace = $this->_fixNS($namespace); - - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } else { - if ((!$this->args->contains(array($namespace, $key))) && - ($default == Auth_OpenID_NO_DEFAULT)) { - $err_msg = sprintf("Namespace %s missing required field %s", - $namespace, $key); - return new Auth_OpenID_FailureResponse(null, $err_msg); - } else { - return $this->args->get(array($namespace, $key), $default); - } - } - } - - function getArgs($namespace) - { - // Get the arguments that are defined for this namespace URI - - $namespace = $this->_fixNS($namespace); - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } else { - $stuff = array(); - foreach ($this->args->items() as $pair) { - list($key, $value) = $pair; - list($pair_ns, $ns_key) = $key; - if ($pair_ns == $namespace) { - $stuff[$ns_key] = $value; - } - } - - return $stuff; - } - } - - function updateArgs($namespace, $updates) - { - // Set multiple key/value pairs in one call - - $namespace = $this->_fixNS($namespace); - - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } else { - foreach ($updates as $k => $v) { - $this->setArg($namespace, $k, $v); - } - return true; - } - } - - function setArg($namespace, $key, $value) - { - // Set a single argument in this namespace - $namespace = $this->_fixNS($namespace); - - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } else { - $this->args->set(array($namespace, $key), $value); - if ($namespace !== Auth_OpenID_BARE_NS) { - $this->namespaces->add($namespace); - } - return true; - } - } - - function delArg($namespace, $key) - { - $namespace = $this->_fixNS($namespace); - - if (Auth_OpenID::isFailure($namespace)) { - return $namespace; - } else { - return $this->args->del(array($namespace, $key)); - } - } - - function getAliasedArg($aliased_key, $default = null) - { - if ($aliased_key == 'ns') { - // Return the namespace URI for the OpenID namespace - return $this->getOpenIDNamespace(); - } - - $parts = explode('.', $aliased_key, 2); - - if (count($parts) != 2) { - $ns = null; - } else { - list($alias, $key) = $parts; - - if ($alias == 'ns') { - // Return the namespace URI for a namespace alias - // parameter. - return $this->namespaces->getNamespaceURI($key); - } else { - $ns = $this->namespaces->getNamespaceURI($alias); - } - } - - if ($ns === null) { - $key = $aliased_key; - $ns = $this->getOpenIDNamespace(); - } - - return $this->getArg($ns, $key, $default); - } -} - - |