From d9bf22a0e29c2a70049443a0ae8521a2c0492c8b Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sun, 11 Dec 2011 06:38:23 -0500 Subject: initial commit for git repository --- .../examples/server/lib/actions.php | 164 +++++++++++++++++++ .../examples/server/lib/common.php | 95 +++++++++++ .../examples/server/lib/render.php | 114 +++++++++++++ .../examples/server/lib/render/about.php | 47 ++++++ .../examples/server/lib/render/idpXrds.php | 32 ++++ .../examples/server/lib/render/idpage.php | 31 ++++ .../examples/server/lib/render/login.php | 65 ++++++++ .../examples/server/lib/render/trust.php | 56 +++++++ .../examples/server/lib/render/userXrds.php | 34 ++++ .../examples/server/lib/session.php | 178 +++++++++++++++++++++ 10 files changed, 816 insertions(+) create mode 100644 models/openid-php-openid-782224d/examples/server/lib/actions.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/common.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/about.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/idpage.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/login.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/trust.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php create mode 100644 models/openid-php-openid-782224d/examples/server/lib/session.php (limited to 'models/openid-php-openid-782224d/examples/server/lib') diff --git a/models/openid-php-openid-782224d/examples/server/lib/actions.php b/models/openid-php-openid-782224d/examples/server/lib/actions.php new file mode 100644 index 000000000..50dc19a1b --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/actions.php @@ -0,0 +1,164 @@ +decodeRequest(); + + if (!$request) { + return about_render(); + } + + setRequestInfo($request); + + if (in_array($request->mode, + array('checkid_immediate', 'checkid_setup'))) { + + if ($request->idSelect()) { + // Perform IDP-driven identifier selection + if ($request->mode == 'checkid_immediate') { + $response =& $request->answer(false); + } else { + return trust_render($request); + } + } else if ((!$request->identity) && + (!$request->idSelect())) { + // No identifier used or desired; display a page saying + // so. + return noIdentifier_render(); + } else if ($request->immediate) { + $response =& $request->answer(false, buildURL()); + } else { + if (!getLoggedInUser()) { + return login_render(); + } + return trust_render($request); + } + } else { + $response =& $server->handleRequest($request); + } + + $webresponse =& $server->encodeResponse($response); + + if ($webresponse->code != AUTH_OPENID_HTTP_OK) { + header(sprintf("HTTP/1.1 %d ", $webresponse->code), + true, $webresponse->code); + } + + foreach ($webresponse->headers as $k => $v) { + header("$k: $v"); + } + + header(header_connection_close); + print $webresponse->body; + exit(0); +} + +/** + * Log out the currently logged in user + */ +function action_logout() +{ + setLoggedInUser(null); + setRequestInfo(null); + return authCancel(null); +} + +/** + * Check the input values for a login request + */ +function login_checkInput($input) +{ + $openid_url = false; + $errors = array(); + + if (!isset($input['openid_url'])) { + $errors[] = 'Enter an OpenID URL to continue'; + } + if (count($errors) == 0) { + $openid_url = $input['openid_url']; + } + return array($errors, $openid_url); +} + +/** + * Log in a user and potentially continue the requested identity approval + */ +function action_login() +{ + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'GET': + return login_render(); + case 'POST': + $info = getRequestInfo(); + $fields = $_POST; + if (isset($fields['cancel'])) { + return authCancel($info); + } + + list ($errors, $openid_url) = login_checkInput($fields); + if (count($errors) || !$openid_url) { + $needed = $info ? $info->identity : false; + return login_render($errors, @$fields['openid_url'], $needed); + } else { + setLoggedInUser($openid_url); + return doAuth($info); + } + default: + return login_render(array('Unsupported HTTP method: $method')); + } +} + +/** + * Ask the user whether he wants to trust this site + */ +function action_trust() +{ + $info = getRequestInfo(); + $trusted = isset($_POST['trust']); + return doAuth($info, $trusted, true, @$_POST['idSelect']); +} + +function action_idpage() +{ + $identity = $_GET['user']; + return idpage_render($identity); +} + +function action_idpXrds() +{ + return idpXrds_render(); +} + +function action_userXrds() +{ + $identity = $_GET['user']; + return userXrds_render($identity); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/common.php b/models/openid-php-openid-782224d/examples/server/lib/common.php new file mode 100644 index 000000000..80d05f51a --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/common.php @@ -0,0 +1,95 @@ +getCancelURL(); + } else { + $url = getServerURL(); + } + return redirect_render($url); +} + +function doAuth($info, $trusted=null, $fail_cancels=false, + $idpSelect=null) +{ + if (!$info) { + // There is no authentication information, so bail + return authCancel(null); + } + + if ($info->idSelect()) { + if ($idpSelect) { + $req_url = idURL($idpSelect); + } else { + $trusted = false; + } + } else { + $req_url = $info->identity; + } + + $user = getLoggedInUser(); + setRequestInfo($info); + + if ((!$info->idSelect()) && ($req_url != idURL($user))) { + return login_render(array(), $req_url, $req_url); + } + + $trust_root = $info->trust_root; + + if ($trusted) { + setRequestInfo(); + $server =& getServer(); + $response =& $info->answer(true, null, $req_url); + + // Answer with some sample Simple Registration data. + $sreg_data = array( + 'fullname' => 'Example User', + 'nickname' => 'example', + 'dob' => '1970-01-01', + 'email' => 'invalid@example.com', + 'gender' => 'F', + 'postcode' => '12345', + 'country' => 'ES', + 'language' => 'eu', + 'timezone' => 'America/New_York'); + + // Add the simple registration response values to the OpenID + // response message. + $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest( + $info); + + $sreg_response = Auth_OpenID_SRegResponse::extractResponse( + $sreg_request, $sreg_data); + + $sreg_response->toMessage($response->fields); + + // Generate a response to send to the user agent. + $webresponse =& $server->encodeResponse($response); + + $new_headers = array(); + + foreach ($webresponse->headers as $k => $v) { + $new_headers[] = $k.": ".$v; + } + + return array($new_headers, $webresponse->body); + } elseif ($fail_cancels) { + return authCancel($info); + } else { + return trust_render($info); + } +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render.php b/models/openid-php-openid-782224d/examples/server/lib/render.php new file mode 100644 index 000000000..33d2aefcd --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render.php @@ -0,0 +1,114 @@ + + + + + %s +%s + + + %s +
+

%s

+ %s +
+ +'); + +define('logged_in_pat', 'You are logged in as %s (URL: %s)'); + +/** + * HTTP response line contstants + */ +define('http_bad_request', 'HTTP/1.1 400 Bad Request'); +define('http_found', 'HTTP/1.1 302 Found'); +define('http_ok', 'HTTP/1.1 200 OK'); +define('http_internal_error', 'HTTP/1.1 500 Internal Error'); + +/** + * HTTP header constants + */ +define('header_connection_close', 'Connection: close'); +define('header_content_text', 'Content-Type: text/plain; charset=us-ascii'); + +define('redirect_message', + 'Please wait; you are being redirected to <%s>'); + + +/** + * Return a string containing an anchor tag containing the given URL + * + * The URL does not need to be quoted, but if text is passed in, then + * it does. + */ +function link_render($url, $text=null) { + $esc_url = htmlspecialchars($url, ENT_QUOTES); + $text = ($text === null) ? $esc_url : $text; + return sprintf('%s', $esc_url, $text); +} + +/** + * Return an HTTP redirect response + */ +function redirect_render($redir_url) +{ + $headers = array(http_found, + header_content_text, + header_connection_close, + 'Location: ' . $redir_url, + ); + $body = sprintf(redirect_message, $redir_url); + return array($headers, $body); +} + +function navigation_render($msg, $items) +{ + $what = link_render(buildURL(), 'PHP OpenID Server'); + if ($msg) { + $what .= ' — ' . $msg; + } + if ($items) { + $s = '

' . $what . '

'; + } else { + $s = '

' . $what . '

'; + } + return sprintf('
%s
', $s); +} + +/** + * Render an HTML page + */ +function page_render($body, $user, $title, $h1=null, $login=false) +{ + $h1 = $h1 ? $h1 : $title; + + if ($user) { + $msg = sprintf(logged_in_pat, link_render(idURL($user), $user), + link_render(idURL($user))); + $nav = array('logout' => 'Log Out'); + + $navigation = navigation_render($msg, $nav); + } else { + if (!$login) { + $msg = link_render(buildURL('login'), 'Log In'); + $navigation = navigation_render($msg, array()); + } else { + $navigation = ''; + } + } + + $style = getStyle(); + $text = sprintf(page_template, $title, $style, $navigation, $h1, $body); + // No special headers here + $headers = array(); + return array($headers, $text); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/about.php b/models/openid-php-openid-782224d/examples/server/lib/render/about.php new file mode 100644 index 000000000..53e3694e9 --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/about.php @@ -0,0 +1,47 @@ + +An error occurred when processing your request: +
+%s +'); + +define('about_body', + '

+ This is an OpenID server + endpoint. This server is built on the JanRain PHP OpenID + library. Since OpenID consumer sites will need to directly contact this + server, it must be accessible over the Internet (not behind a firewall). +

+

+ To use this server, you will have to set up a URL to use as an identifier. + Insert the following markup into the <head> of the HTML + document at that URL: +

+
<link rel="openid.server" href="%s" />
+

+ Then configure this server so that you can log in with that URL. +

+'); + +/** + * Render the about page, potentially with an error message + */ +function about_render($error=false, $internal=true) +{ + $headers = array(); + $body = sprintf(about_body, buildURL()); + if ($error) { + $headers[] = $internal ? http_internal_error : http_bad_request; + $body .= sprintf(about_error_template, htmlspecialchars($error)); + } + $current_user = getLoggedInUser(); + return page_render($body, $current_user, 'OpenID Server Endpoint'); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php b/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php new file mode 100644 index 000000000..6e4ae1ce7 --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/idpXrds.php @@ -0,0 +1,32 @@ + + + + + %s + %s + + + +'); + +function idpXrds_render() +{ + $headers = array('Content-type: application/xrds+xml'); + + $body = sprintf(idp_xrds_pat, + Auth_OpenID_TYPE_2_0_IDP, + buildURL()); + + return array($headers, $body); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php b/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php new file mode 100644 index 000000000..48c2486df --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/idpage.php @@ -0,0 +1,31 @@ + + + + + + + This is the identity page for users of this server. + +'); + +function idpage_render($identity) +{ + $xrdsurl = buildURL('userXrds')."?user=".urlencode($identity); + + $headers = array( + 'X-XRDS-Location: '.$xrdsurl); + + + $body = sprintf(idpage_pat, + buildURL(), + $xrdsurl); + return array($headers, $body); +} + +?> diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/login.php b/models/openid-php-openid-782224d/examples/server/lib/render/login.php new file mode 100644 index 000000000..986a88545 --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/login.php @@ -0,0 +1,65 @@ + +

+ + Enter your username into this form to log in to this server. It + can be anything; this is just for demonstration purposes. For + example, entering USERNAME will give you the identity URL + + 

%s
+

+ +
+ + + + + + + + +
+ + +
+
+ +'); + +define('login_needed_pat', + 'You must be logged in as %s to approve this request.'); + +function login_render($errors=null, $input=null, $needed=null) +{ + $current_user = getLoggedInUser(); + if ($input === null) { + $input = $current_user; + } + if ($needed) { + $errors[] = sprintf(login_needed_pat, link_render($needed)); + } + + $esc_input = htmlspecialchars($input, ENT_QUOTES); + $login_url = buildURL('login', true); + $body = sprintf(login_form_pat, idURL('USERNAME'), $login_url, $esc_input); + if ($errors) { + $body = loginError_render($errors) . $body; + } + return page_render($body, $current_user, 'Log In', null, true); +} + +function loginError_render($errors) +{ + $text = ''; + foreach ($errors as $error) { + $text .= sprintf("
  • %s
    • \n", $error); + } + return sprintf("\n", $text); +} +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/trust.php b/models/openid-php-openid-782224d/examples/server/lib/render/trust.php new file mode 100644 index 000000000..681d4560a --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/trust.php @@ -0,0 +1,56 @@ + +
    + %s + + +
    + +'); + +define('normal_pat', + '

    Do you wish to confirm your identity ' . + '(%s) with %s?

    '); + +define('id_select_pat', + '

    You entered the server URL at the RP. +Please choose the name you wish to use. If you enter nothing, the request will be cancelled.
    +

    +'); + +define('no_id_pat', +' +You did not send an identifier with the request, +and it was not an identifier selection request. +Please return to the relying party and try again. +'); + +function trust_render($info) +{ + $current_user = getLoggedInUser(); + $lnk = link_render(idURL($current_user)); + $trust_root = htmlspecialchars($info->trust_root); + $trust_url = buildURL('trust', true); + + if ($info->idSelect()) { + $prompt = id_select_pat; + } else { + $prompt = sprintf(normal_pat, $lnk, $trust_root); + } + + $form = sprintf(trust_form_pat, $trust_url, $prompt); + + return page_render($form, $current_user, 'Trust This Site'); +} + +function noIdentifier_render() +{ + return page_render(no_id_pat, null, 'No Identifier Sent'); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php b/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php new file mode 100644 index 000000000..a9ea95ea3 --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/render/userXrds.php @@ -0,0 +1,34 @@ + + + + + %s + %s + %s + + + +'); + +function userXrds_render($identity) +{ + $headers = array('Content-type: application/xrds+xml'); + + $body = sprintf(user_xrds_pat, + Auth_OpenID_TYPE_2_0, + Auth_OpenID_TYPE_1_1, + buildURL()); + + return array($headers, $body); +} + +?> \ No newline at end of file diff --git a/models/openid-php-openid-782224d/examples/server/lib/session.php b/models/openid-php-openid-782224d/examples/server/lib/session.php new file mode 100644 index 000000000..201b6ee23 --- /dev/null +++ b/models/openid-php-openid-782224d/examples/server/lib/session.php @@ -0,0 +1,178 @@ +', $url); +} + +/** + * Get the URL of the current script + */ +function getServerURL() +{ + $path = $_SERVER['SCRIPT_NAME']; + $host = $_SERVER['HTTP_HOST']; + $port = $_SERVER['SERVER_PORT']; + $s = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? 's' : ''; + if (($s && $port == "443") || (!$s && $port == "80")) { + $p = ''; + } else { + $p = ':' . $port; + } + + return "http$s://$host$p$path"; +} + +/** + * Build a URL to a server action + */ +function buildURL($action=null, $escaped=true) +{ + $url = getServerURL(); + if ($action) { + $url .= '/' . $action; + } + return $escaped ? htmlspecialchars($url, ENT_QUOTES) : $url; +} + +/** + * Extract the current action from the request + */ +function getAction() +{ + $path_info = @$_SERVER['PATH_INFO']; + $action = ($path_info) ? substr($path_info, 1) : ''; + $function_name = 'action_' . $action; + return $function_name; +} + +/** + * Write the response to the request + */ +function writeResponse($resp) +{ + list ($headers, $body) = $resp; + array_walk($headers, 'header'); + header(header_connection_close); + print $body; +} + +/** + * Instantiate a new OpenID server object + */ +function getServer() +{ + static $server = null; + if (!isset($server)) { + $server =& new Auth_OpenID_Server(getOpenIDStore(), + buildURL()); + } + return $server; +} + +/** + * Return a hashed form of the user's password + */ +function hashPassword($password) +{ + return bin2hex(Auth_OpenID_SHA1($password)); +} + +/** + * Get the openid_url out of the cookie + * + * @return mixed $openid_url The URL that was stored in the cookie or + * false if there is none present or if the cookie is bad. + */ +function getLoggedInUser() +{ + return isset($_SESSION['openid_url']) + ? $_SESSION['openid_url'] + : false; +} + +/** + * Set the openid_url in the cookie + * + * @param mixed $identity_url The URL to set. If set to null, the + * value will be unset. + */ +function setLoggedInUser($identity_url=null) +{ + if (!isset($identity_url)) { + unset($_SESSION['openid_url']); + } else { + $_SESSION['openid_url'] = $identity_url; + } +} + +function getRequestInfo() +{ + return isset($_SESSION['request']) + ? unserialize($_SESSION['request']) + : false; +} + +function setRequestInfo($info=null) +{ + if (!isset($info)) { + unset($_SESSION['request']); + } else { + $_SESSION['request'] = serialize($info); + } +} + + +function getSreg($identity) +{ + // from config.php + global $openid_sreg; + + if (!is_array($openid_sreg)) { + return null; + } + + return $openid_sreg[$identity]; + +} + +function idURL($identity) +{ + return buildURL('idpage') . "?user=" . $identity; +} + +function idFromURL($url) +{ + if (strpos($url, 'idpage') === false) { + return null; + } + + $parsed = parse_url($url); + + $q = $parsed['query']; + + $parts = array(); + parse_str($q, $parts); + + return @$parts['user']; +} + +?> \ No newline at end of file -- cgit v1.2.3