ILIAS  release_4-4 Revision
Auth_OpenID_CheckIDRequest Class Reference
+ Inheritance diagram for Auth_OpenID_CheckIDRequest:
+ Collaboration diagram for Auth_OpenID_CheckIDRequest:

Public Member Functions

 Auth_OpenID_CheckIDRequest ($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
 
 equals ($other)
 
 returnToVerified ()
 
 idSelect ()
 
 trustRootValid ()
 
 answer ($allow, $server_url=null, $identity=null, $claimed_id=null)
 Respond to this request. More...
 
 encodeToURL ($server_url)
 
 getCancelURL ()
 

Static Public Member Functions

static make ($message, $identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null)
 
static fromMessage ($message, $server)
 

Data Fields

 $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'
 Return-to verification callback. More...
 
 $mode = "checkid_setup"
 The mode of this request. More...
 
 $immediate = false
 Whether this request is for immediate mode. More...
 
 $trust_root = null
 The trust_root value for this request. More...
 
 $namespace
 The OpenID namespace for this request. More...
 
- Data Fields inherited from Auth_OpenID_Request
 $mode = null
 

Detailed Description

Definition at line 709 of file Server.php.

Member Function Documentation

◆ answer()

Auth_OpenID_CheckIDRequest::answer (   $allow,
  $server_url = null,
  $identity = null,
  $claimed_id = null 
)

Respond to this request.

Return either an Auth_OpenID_ServerResponse or Auth_OpenID_ServerError.

Parameters
bool$allowAllow this user to claim this identity, and allow the consumer to have this information?
string$server_urlDEPRECATED. Passing $op_endpoint to the Auth_OpenID_Server constructor makes this optional.

When an OpenID 1.x immediate mode request does not succeed, it gets back a URL where the request may be carried out in a not-so-immediate fashion. Pass my URL in here (the fully qualified address of this server's endpoint, i.e. http://example.com/server), and I will use it as a base for the URL for a new request.

Optional for requests where $immediate is false or $allow is true.

Parameters
string$identityThe OP-local identifier to answer with. Only for use when the relying party requested identifier selection.
string$claimed_idThe claimed identifier to answer with, for use with identifier selection in the case where the claimed identifier and the OP-local identifier differ, i.e. when the claimed_id uses delegation.

If $identity is provided but this is not, $claimed_id will default to the value of $identity. When answering requests that did not ask for identifier selection, the response $claimed_id will default to that of the request.

This parameter is new in OpenID 2.0.

Returns
mixed

Definition at line 974 of file Server.php.

References Auth_OpenID_IDENTIFIER_SELECT, Auth_OpenID_mkNonce(), Auth_OpenID_OPENID_NS, and Auth_OpenID_ServerError\Auth_OpenID_ServerError().

976  {
977  if (!$this->return_to) {
978  return new Auth_OpenID_NoReturnToError();
979  }
980 
981  if (!$server_url) {
982  if ((!$this->message->isOpenID1()) &&
983  (!$this->server->op_endpoint)) {
984  return new Auth_OpenID_ServerError(null,
985  "server should be constructed with op_endpoint to " .
986  "respond to OpenID 2.0 messages.");
987  }
988 
989  $server_url = $this->server->op_endpoint;
990  }
991 
992  if ($allow) {
993  $mode = 'id_res';
994  } else if ($this->message->isOpenID1()) {
995  if ($this->immediate) {
996  $mode = 'id_res';
997  } else {
998  $mode = 'cancel';
999  }
1000  } else {
1001  if ($this->immediate) {
1002  $mode = 'setup_needed';
1003  } else {
1004  $mode = 'cancel';
1005  }
1006  }
1007 
1008  if (!$this->trustRootValid()) {
1009  return new Auth_OpenID_UntrustedReturnURL(null,
1010  $this->return_to,
1011  $this->trust_root);
1012  }
1013 
1014  $response = new Auth_OpenID_ServerResponse($this);
1015 
1016  if ($claimed_id &&
1017  ($this->message->isOpenID1())) {
1018  return new Auth_OpenID_ServerError(null,
1019  "claimed_id is new in OpenID 2.0 and not " .
1020  "available for ".$this->namespace);
1021  }
1022 
1023  if ($identity && !$claimed_id) {
1024  $claimed_id = $identity;
1025  }
1026 
1027  if ($allow) {
1028 
1029  if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) {
1030  if (!$identity) {
1031  return new Auth_OpenID_ServerError(null,
1032  "This request uses IdP-driven identifier selection. " .
1033  "You must supply an identifier in the response.");
1034  }
1035 
1036  $response_identity = $identity;
1037  $response_claimed_id = $claimed_id;
1038 
1039  } else if ($this->identity) {
1040  if ($identity &&
1041  ($this->identity != $identity)) {
1042  $fmt = "Request was for %s, cannot reply with identity %s";
1043  return new Auth_OpenID_ServerError(null,
1044  sprintf($fmt, $this->identity, $identity));
1045  }
1046 
1047  $response_identity = $this->identity;
1048  $response_claimed_id = $this->claimed_id;
1049  } else {
1050  if ($identity) {
1051  return new Auth_OpenID_ServerError(null,
1052  "This request specified no identity and " .
1053  "you supplied ".$identity);
1054  }
1055 
1056  $response_identity = null;
1057  }
1058 
1059  if (($this->message->isOpenID1()) &&
1060  ($response_identity === null)) {
1061  return new Auth_OpenID_ServerError(null,
1062  "Request was an OpenID 1 request, so response must " .
1063  "include an identifier.");
1064  }
1065 
1066  $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
1067  array('mode' => $mode,
1068  'return_to' => $this->return_to,
1069  'response_nonce' => Auth_OpenID_mkNonce()));
1070 
1071  if (!$this->message->isOpenID1()) {
1072  $response->fields->setArg(Auth_OpenID_OPENID_NS,
1073  'op_endpoint', $server_url);
1074  }
1075 
1076  if ($response_identity !== null) {
1077  $response->fields->setArg(
1079  'identity',
1080  $response_identity);
1081  if ($this->message->isOpenID2()) {
1082  $response->fields->setArg(
1084  'claimed_id',
1085  $response_claimed_id);
1086  }
1087  }
1088 
1089  } else {
1090  $response->fields->setArg(Auth_OpenID_OPENID_NS,
1091  'mode', $mode);
1092 
1093  if ($this->immediate) {
1094  if (($this->message->isOpenID1()) &&
1095  (!$server_url)) {
1096  return new Auth_OpenID_ServerError(null,
1097  'setup_url is required for $allow=false \
1098  in OpenID 1.x immediate mode.');
1099  }
1100 
1101  $setup_request = new Auth_OpenID_CheckIDRequest(
1102  $this->identity,
1103  $this->return_to,
1104  $this->trust_root,
1105  false,
1106  $this->assoc_handle,
1107  $this->server,
1108  $this->claimed_id);
1109  $setup_request->message = $this->message;
1110 
1111  $setup_url = $setup_request->encodeToURL($server_url);
1112 
1113  if ($setup_url === null) {
1114  return new Auth_OpenID_NoReturnToError();
1115  }
1116 
1117  $response->fields->setArg(Auth_OpenID_OPENID_NS,
1118  'user_setup_url',
1119  $setup_url);
1120  }
1121  }
1122 
1123  return $response;
1124  }
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
Definition: Server.php:766
$mode
The mode of this request.
Definition: Server.php:719
Auth_OpenID_mkNonce($when=null)
Definition: Nonce.php:91
const Auth_OpenID_IDENTIFIER_SELECT
Import tools needed to deal with messages.
Definition: Message.php:18
+ Here is the call graph for this function:

◆ Auth_OpenID_CheckIDRequest()

Auth_OpenID_CheckIDRequest::Auth_OpenID_CheckIDRequest (   $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null,
  $claimed_id = null 
)

Definition at line 766 of file Server.php.

References $server, and Auth_OpenID_OPENID2_NS.

770  {
771  $this->namespace = Auth_OpenID_OPENID2_NS;
772  $this->assoc_handle = $assoc_handle;
773  $this->identity = $identity;
774  if ($claimed_id === null) {
775  $this->claimed_id = $identity;
776  } else {
777  $this->claimed_id = $claimed_id;
778  }
779  $this->return_to = $return_to;
780  $this->trust_root = $trust_root;
781  $this->server = $server;
782 
783  if ($immediate) {
784  $this->immediate = true;
785  $this->mode = "checkid_immediate";
786  } else {
787  $this->immediate = false;
788  $this->mode = "checkid_setup";
789  }
790  }
$trust_root
The trust_root value for this request.
Definition: Server.php:729
const Auth_OpenID_OPENID2_NS
Definition: Message.php:35
$server
$immediate
Whether this request is for immediate mode.
Definition: Server.php:724

◆ encodeToURL()

Auth_OpenID_CheckIDRequest::encodeToURL (   $server_url)

Definition at line 1126 of file Server.php.

References Auth_OpenID_OPENID_NS, and Auth_OpenID_Message\updateArgs().

1127  {
1128  if (!$this->return_to) {
1129  return new Auth_OpenID_NoReturnToError();
1130  }
1131 
1132  // Imported from the alternate reality where these classes are
1133  // used in both the client and server code, so Requests are
1134  // Encodable too. That's right, code imported from alternate
1135  // realities all for the love of you, id_res/user_setup_url.
1136 
1137  $q = array('mode' => $this->mode,
1138  'identity' => $this->identity,
1139  'claimed_id' => $this->claimed_id,
1140  'return_to' => $this->return_to);
1141 
1142  if ($this->trust_root) {
1143  if ($this->message->isOpenID1()) {
1144  $q['trust_root'] = $this->trust_root;
1145  } else {
1146  $q['realm'] = $this->trust_root;
1147  }
1148  }
1149 
1150  if ($this->assoc_handle) {
1151  $q['assoc_handle'] = $this->assoc_handle;
1152  }
1153 
1154  $response = new Auth_OpenID_Message(
1155  $this->message->getOpenIDNamespace());
1156  $response->updateArgs(Auth_OpenID_OPENID_NS, $q);
1157  return $response->toURL($server_url);
1158  }
$trust_root
The trust_root value for this request.
Definition: Server.php:729
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
updateArgs($namespace, $updates)
Definition: Message.php:844
+ Here is the call graph for this function:

◆ equals()

Auth_OpenID_CheckIDRequest::equals (   $other)

Definition at line 792 of file Server.php.

793  {
794  return (
795  (is_a($other, 'Auth_OpenID_CheckIDRequest')) &&
796  ($this->namespace == $other->namespace) &&
797  ($this->assoc_handle == $other->assoc_handle) &&
798  ($this->identity == $other->identity) &&
799  ($this->claimed_id == $other->claimed_id) &&
800  ($this->return_to == $other->return_to) &&
801  ($this->trust_root == $other->trust_root));
802  }

◆ fromMessage()

static Auth_OpenID_CheckIDRequest::fromMessage (   $message,
  $server 
)
static

Definition at line 825 of file Server.php.

References $server, Auth_OpenID_OPENID_NS, Auth_OpenID_ServerError\Auth_OpenID_ServerError(), and make().

826  {
827  $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
828  $immediate = null;
829 
830  if ($mode == "checkid_immediate") {
831  $immediate = true;
832  $mode = "checkid_immediate";
833  } else {
834  $immediate = false;
835  $mode = "checkid_setup";
836  }
837 
838  $return_to = $message->getArg(Auth_OpenID_OPENID_NS,
839  'return_to');
840 
841  if (($message->isOpenID1()) &&
842  (!$return_to)) {
843  $fmt = "Missing required field 'return_to' from checkid request";
844  return new Auth_OpenID_ServerError($message, $fmt);
845  }
846 
847  $identity = $message->getArg(Auth_OpenID_OPENID_NS,
848  'identity');
849  $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id');
850  if ($message->isOpenID1()) {
851  if ($identity === null) {
852  $s = "OpenID 1 message did not contain openid.identity";
853  return new Auth_OpenID_ServerError($message, $s);
854  }
855  } else {
856  if ($identity && !$claimed_id) {
857  $s = "OpenID 2.0 message contained openid.identity but not " .
858  "claimed_id";
859  return new Auth_OpenID_ServerError($message, $s);
860  } else if ($claimed_id && !$identity) {
861  $s = "OpenID 2.0 message contained openid.claimed_id " .
862  "but not identity";
863  return new Auth_OpenID_ServerError($message, $s);
864  }
865  }
866 
867  // There's a case for making self.trust_root be a TrustRoot
868  // here. But if TrustRoot isn't currently part of the
869  // "public" API, I'm not sure it's worth doing.
870  if ($message->isOpenID1()) {
871  $trust_root_param = 'trust_root';
872  } else {
873  $trust_root_param = 'realm';
874  }
875  $trust_root = $message->getArg(Auth_OpenID_OPENID_NS,
876  $trust_root_param);
877  if (! $trust_root) {
878  $trust_root = $return_to;
879  }
880 
881  if (! $message->isOpenID1() &&
882  ($return_to === null) &&
883  ($trust_root === null)) {
884  return new Auth_OpenID_ServerError($message,
885  "openid.realm required when openid.return_to absent");
886  }
887 
888  $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
889  'assoc_handle');
890 
891  $obj = Auth_OpenID_CheckIDRequest::make($message,
892  $identity,
893  $return_to,
894  $trust_root,
895  $immediate,
896  $assoc_handle,
897  $server);
898 
899  if (is_a($obj, 'Auth_OpenID_ServerError')) {
900  return $obj;
901  }
902 
903  $obj->claimed_id = $claimed_id;
904 
905  return $obj;
906  }
$trust_root
The trust_root value for this request.
Definition: Server.php:729
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
static make($message, $identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null)
Definition: Server.php:737
$mode
The mode of this request.
Definition: Server.php:719
$server
$immediate
Whether this request is for immediate mode.
Definition: Server.php:724
+ Here is the call graph for this function:

◆ getCancelURL()

Auth_OpenID_CheckIDRequest::getCancelURL ( )

Definition at line 1160 of file Server.php.

References Auth_OpenID_OPENID_NS, Auth_OpenID_ServerError\Auth_OpenID_ServerError(), and Auth_OpenID_Message\setArg().

1161  {
1162  if (!$this->return_to) {
1163  return new Auth_OpenID_NoReturnToError();
1164  }
1165 
1166  if ($this->immediate) {
1167  return new Auth_OpenID_ServerError(null,
1168  "Cancel is not an appropriate \
1169  response to immediate mode \
1170  requests.");
1171  }
1172 
1173  $response = new Auth_OpenID_Message(
1174  $this->message->getOpenIDNamespace());
1175  $response->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel');
1176  return $response->toURL($this->return_to);
1177  }
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
setArg($namespace, $key, $value)
Definition: Message.php:860
+ Here is the call graph for this function:

◆ idSelect()

Auth_OpenID_CheckIDRequest::idSelect ( )

Definition at line 908 of file Server.php.

References Auth_OpenID_IDENTIFIER_SELECT.

909  {
910  // Is the identifier to be selected by the IDP?
911  // So IDPs don't have to import the constant
912  return $this->identity == Auth_OpenID_IDENTIFIER_SELECT;
913  }
const Auth_OpenID_IDENTIFIER_SELECT
Import tools needed to deal with messages.
Definition: Message.php:18

◆ make()

static Auth_OpenID_CheckIDRequest::make (   $message,
  $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null 
)
static

Definition at line 737 of file Server.php.

References $r, $server, Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_ServerError\Auth_OpenID_ServerError().

Referenced by fromMessage().

739  {
740  if ($server === null) {
741  return new Auth_OpenID_ServerError($message,
742  "server must not be null");
743  }
744 
745  if ($return_to &&
746  !Auth_OpenID_TrustRoot::_parse($return_to)) {
747  return new Auth_OpenID_MalformedReturnURL($message, $return_to);
748  }
749 
750  $r = new Auth_OpenID_CheckIDRequest($identity, $return_to,
752  $assoc_handle, $server);
753 
754  $r->namespace = $message->getOpenIDNamespace();
755  $r->message = $message;
756 
757  if (!$r->trustRootValid()) {
758  return new Auth_OpenID_UntrustedReturnURL($message,
759  $return_to,
760  $trust_root);
761  } else {
762  return $r;
763  }
764  }
$trust_root
The trust_root value for this request.
Definition: Server.php:729
static _parse($trust_root)
Parse a URL into its trust_root parts.
Definition: TrustRoot.php:94
Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
Definition: Server.php:766
$server
$immediate
Whether this request is for immediate mode.
Definition: Server.php:724
$r
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ returnToVerified()

Auth_OpenID_CheckIDRequest::returnToVerified ( )

Definition at line 818 of file Server.php.

References Auth_Yadis_Yadis\getHTTPFetcher().

819  {
821  return call_user_func_array($this->verifyReturnTo,
822  array($this->trust_root, $this->return_to, $fetcher));
823  }
static getHTTPFetcher($timeout=20)
Returns an HTTP fetcher object.
Definition: Yadis.php:253
+ Here is the call graph for this function:

◆ trustRootValid()

Auth_OpenID_CheckIDRequest::trustRootValid ( )

Definition at line 915 of file Server.php.

References Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_TrustRoot\match().

916  {
917  if (!$this->trust_root) {
918  return true;
919  }
920 
921  $tr = Auth_OpenID_TrustRoot::_parse($this->trust_root);
922  if ($tr === false) {
923  return new Auth_OpenID_MalformedTrustRoot($this->message,
924  $this->trust_root);
925  }
926 
927  if ($this->return_to !== null) {
928  return Auth_OpenID_TrustRoot::match($this->trust_root,
929  $this->return_to);
930  } else {
931  return true;
932  }
933  }
static _parse($trust_root)
Parse a URL into its trust_root parts.
Definition: TrustRoot.php:94
static match($trust_root, $url)
Does this URL match the given trust root?
Definition: TrustRoot.php:270
+ Here is the call graph for this function:

Field Documentation

◆ $immediate

Auth_OpenID_CheckIDRequest::$immediate = false

Whether this request is for immediate mode.

Definition at line 724 of file Server.php.

◆ $mode

Auth_OpenID_CheckIDRequest::$mode = "checkid_setup"

The mode of this request.

Definition at line 719 of file Server.php.

◆ $namespace

Auth_OpenID_CheckIDRequest::$namespace

The OpenID namespace for this request.

deprecated since version 2.0.2

Definition at line 735 of file Server.php.

◆ $trust_root

Auth_OpenID_CheckIDRequest::$trust_root = null

The trust_root value for this request.

Definition at line 729 of file Server.php.

◆ $verifyReturnTo

Auth_OpenID_CheckIDRequest::$verifyReturnTo = 'Auth_OpenID_verifyReturnTo'

Return-to verification callback.

Default is Auth_OpenID_verifyReturnTo from TrustRoot.php.

Definition at line 714 of file Server.php.


The documentation for this class was generated from the following file: