ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields
Auth_OpenID_CheckIDRequest Class Reference
+ Inheritance diagram for Auth_OpenID_CheckIDRequest:
+ Collaboration diagram for Auth_OpenID_CheckIDRequest:

Public Member Functions

 Auth_OpenID_CheckIDRequest ($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
 equals ($other)
 returnToVerified ()
 idSelect ()
 trustRootValid ()
 answer ($allow, $server_url=null, $identity=null, $claimed_id=null)
 Respond to this request.
 encodeToURL ($server_url)
 getCancelURL ()

Static Public Member Functions

static make ($message, $identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null)
static fromMessage ($message, $server)

Data Fields

 $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'
 Return-to verification callback.
 $mode = "checkid_setup"
 The mode of this request.
 $immediate = false
 Whether this request is for immediate mode.
 $trust_root = null
 The trust_root value for this request.
 $namespace
 The OpenID namespace for this request.
- Data Fields inherited from Auth_OpenID_Request
 $mode = null

Detailed Description

Definition at line 709 of file Server.php.

Member Function Documentation

Auth_OpenID_CheckIDRequest::answer (   $allow,
  $server_url = null,
  $identity = null,
  $claimed_id = null 
)

Respond to this request.

Return either an Auth_OpenID_ServerResponse or Auth_OpenID_ServerError.

Parameters
bool$allowAllow this user to claim this identity, and allow the consumer to have this information?
string$server_urlDEPRECATED. Passing $op_endpoint to the Auth_OpenID_Server constructor makes this optional.

When an OpenID 1.x immediate mode request does not succeed, it gets back a URL where the request may be carried out in a not-so-immediate fashion. Pass my URL in here (the fully qualified address of this server's endpoint, i.e. http://example.com/server), and I will use it as a base for the URL for a new request.

Optional for requests where $immediate is false or $allow is true.

Parameters
string$identityThe OP-local identifier to answer with. Only for use when the relying party requested identifier selection.
string$claimed_idThe claimed identifier to answer with, for use with identifier selection in the case where the claimed identifier and the OP-local identifier differ, i.e. when the claimed_id uses delegation.

If $identity is provided but this is not, $claimed_id will default to the value of $identity. When answering requests that did not ask for identifier selection, the response $claimed_id will default to that of the request.

This parameter is new in OpenID 2.0.

Returns
mixed

Definition at line 974 of file Server.php.

References $mode, Auth_OpenID_CheckIDRequest(), Auth_OpenID_IDENTIFIER_SELECT, Auth_OpenID_mkNonce(), Auth_OpenID_OPENID_NS, and trustRootValid().

{
if (!$this->return_to) {
return new Auth_OpenID_NoReturnToError();
}
if (!$server_url) {
if ((!$this->message->isOpenID1()) &&
(!$this->server->op_endpoint)) {
return new Auth_OpenID_ServerError(null,
"server should be constructed with op_endpoint to " .
"respond to OpenID 2.0 messages.");
}
$server_url = $this->server->op_endpoint;
}
if ($allow) {
$mode = 'id_res';
} else if ($this->message->isOpenID1()) {
if ($this->immediate) {
$mode = 'id_res';
} else {
$mode = 'cancel';
}
} else {
if ($this->immediate) {
$mode = 'setup_needed';
} else {
$mode = 'cancel';
}
}
if (!$this->trustRootValid()) {
return new Auth_OpenID_UntrustedReturnURL(null,
$this->return_to,
$this->trust_root);
}
$response = new Auth_OpenID_ServerResponse($this);
if ($claimed_id &&
($this->message->isOpenID1())) {
return new Auth_OpenID_ServerError(null,
"claimed_id is new in OpenID 2.0 and not " .
"available for ".$this->namespace);
}
if ($identity && !$claimed_id) {
$claimed_id = $identity;
}
if ($allow) {
if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) {
if (!$identity) {
return new Auth_OpenID_ServerError(null,
"This request uses IdP-driven identifier selection. " .
"You must supply an identifier in the response.");
}
$response_identity = $identity;
$response_claimed_id = $claimed_id;
} else if ($this->identity) {
if ($identity &&
($this->identity != $identity)) {
$fmt = "Request was for %s, cannot reply with identity %s";
return new Auth_OpenID_ServerError(null,
sprintf($fmt, $this->identity, $identity));
}
$response_identity = $this->identity;
$response_claimed_id = $this->claimed_id;
} else {
if ($identity) {
return new Auth_OpenID_ServerError(null,
"This request specified no identity and " .
"you supplied ".$identity);
}
$response_identity = null;
}
if (($this->message->isOpenID1()) &&
($response_identity === null)) {
return new Auth_OpenID_ServerError(null,
"Request was an OpenID 1 request, so response must " .
"include an identifier.");
}
$response->fields->updateArgs(Auth_OpenID_OPENID_NS,
array('mode' => $mode,
'return_to' => $this->return_to,
'response_nonce' => Auth_OpenID_mkNonce()));
if (!$this->message->isOpenID1()) {
$response->fields->setArg(Auth_OpenID_OPENID_NS,
'op_endpoint', $server_url);
}
if ($response_identity !== null) {
$response->fields->setArg(
Auth_OpenID_OPENID_NS,
'identity',
$response_identity);
if ($this->message->isOpenID2()) {
$response->fields->setArg(
Auth_OpenID_OPENID_NS,
'claimed_id',
$response_claimed_id);
}
}
} else {
$response->fields->setArg(Auth_OpenID_OPENID_NS,
'mode', $mode);
if ($this->immediate) {
if (($this->message->isOpenID1()) &&
(!$server_url)) {
return new Auth_OpenID_ServerError(null,
'setup_url is required for $allow=false \
in OpenID 1.x immediate mode.');
}
$setup_request = new Auth_OpenID_CheckIDRequest(
$this->identity,
$this->return_to,
$this->trust_root,
false,
$this->assoc_handle,
$this->server,
$this->claimed_id);
$setup_request->message = $this->message;
$setup_url = $setup_request->encodeToURL($server_url);
if ($setup_url === null) {
return new Auth_OpenID_NoReturnToError();
}
$response->fields->setArg(Auth_OpenID_OPENID_NS,
'user_setup_url',
$setup_url);
}
}
return $response;
}

+ Here is the call graph for this function:

Auth_OpenID_CheckIDRequest::Auth_OpenID_CheckIDRequest (   $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null,
  $claimed_id = null 
)

Definition at line 766 of file Server.php.

References $immediate, $server, $trust_root, and Auth_OpenID_OPENID2_NS.

Referenced by answer(), and make().

{
$this->namespace = Auth_OpenID_OPENID2_NS;
$this->assoc_handle = $assoc_handle;
$this->identity = $identity;
if ($claimed_id === null) {
$this->claimed_id = $identity;
} else {
$this->claimed_id = $claimed_id;
}
$this->return_to = $return_to;
$this->trust_root = $trust_root;
$this->server = $server;
if ($immediate) {
$this->immediate = true;
$this->mode = "checkid_immediate";
} else {
$this->immediate = false;
$this->mode = "checkid_setup";
}
}

+ Here is the caller graph for this function:

Auth_OpenID_CheckIDRequest::encodeToURL (   $server_url)

Definition at line 1126 of file Server.php.

References $trust_root, Auth_OpenID_OPENID_NS, and Auth_OpenID_Message\updateArgs().

{
if (!$this->return_to) {
return new Auth_OpenID_NoReturnToError();
}
// Imported from the alternate reality where these classes are
// used in both the client and server code, so Requests are
// Encodable too. That's right, code imported from alternate
// realities all for the love of you, id_res/user_setup_url.
$q = array('mode' => $this->mode,
'identity' => $this->identity,
'claimed_id' => $this->claimed_id,
'return_to' => $this->return_to);
if ($this->trust_root) {
if ($this->message->isOpenID1()) {
$q['trust_root'] = $this->trust_root;
} else {
$q['realm'] = $this->trust_root;
}
}
if ($this->assoc_handle) {
$q['assoc_handle'] = $this->assoc_handle;
}
$response = new Auth_OpenID_Message(
$this->message->getOpenIDNamespace());
$response->updateArgs(Auth_OpenID_OPENID_NS, $q);
return $response->toURL($server_url);
}

+ Here is the call graph for this function:

Auth_OpenID_CheckIDRequest::equals (   $other)

Definition at line 792 of file Server.php.

{
return (
(is_a($other, 'Auth_OpenID_CheckIDRequest')) &&
($this->namespace == $other->namespace) &&
($this->assoc_handle == $other->assoc_handle) &&
($this->identity == $other->identity) &&
($this->claimed_id == $other->claimed_id) &&
($this->return_to == $other->return_to) &&
($this->trust_root == $other->trust_root));
}
static Auth_OpenID_CheckIDRequest::fromMessage (   $message,
  $server 
)
static

Definition at line 825 of file Server.php.

References $immediate, $mode, $server, $trust_root, Auth_OpenID_OPENID_NS, and make().

{
$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
$immediate = null;
if ($mode == "checkid_immediate") {
$immediate = true;
$mode = "checkid_immediate";
} else {
$immediate = false;
$mode = "checkid_setup";
}
$return_to = $message->getArg(Auth_OpenID_OPENID_NS,
'return_to');
if (($message->isOpenID1()) &&
(!$return_to)) {
$fmt = "Missing required field 'return_to' from checkid request";
return new Auth_OpenID_ServerError($message, $fmt);
}
$identity = $message->getArg(Auth_OpenID_OPENID_NS,
'identity');
$claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id');
if ($message->isOpenID1()) {
if ($identity === null) {
$s = "OpenID 1 message did not contain openid.identity";
return new Auth_OpenID_ServerError($message, $s);
}
} else {
if ($identity && !$claimed_id) {
$s = "OpenID 2.0 message contained openid.identity but not " .
"claimed_id";
return new Auth_OpenID_ServerError($message, $s);
} else if ($claimed_id && !$identity) {
$s = "OpenID 2.0 message contained openid.claimed_id " .
"but not identity";
return new Auth_OpenID_ServerError($message, $s);
}
}
// There's a case for making self.trust_root be a TrustRoot
// here. But if TrustRoot isn't currently part of the
// "public" API, I'm not sure it's worth doing.
if ($message->isOpenID1()) {
$trust_root_param = 'trust_root';
} else {
$trust_root_param = 'realm';
}
$trust_root = $message->getArg(Auth_OpenID_OPENID_NS,
$trust_root_param);
if (! $trust_root) {
$trust_root = $return_to;
}
if (! $message->isOpenID1() &&
($return_to === null) &&
($trust_root === null)) {
return new Auth_OpenID_ServerError($message,
"openid.realm required when openid.return_to absent");
}
$assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
'assoc_handle');
$obj = Auth_OpenID_CheckIDRequest::make($message,
$identity,
$return_to,
$trust_root,
$immediate,
$assoc_handle,
$server);
if (is_a($obj, 'Auth_OpenID_ServerError')) {
return $obj;
}
$obj->claimed_id = $claimed_id;
return $obj;
}

+ Here is the call graph for this function:

Auth_OpenID_CheckIDRequest::getCancelURL ( )

Definition at line 1160 of file Server.php.

References Auth_OpenID_OPENID_NS, and Auth_OpenID_Message\setArg().

{
if (!$this->return_to) {
return new Auth_OpenID_NoReturnToError();
}
if ($this->immediate) {
return new Auth_OpenID_ServerError(null,
"Cancel is not an appropriate \
response to immediate mode \
requests.");
}
$response = new Auth_OpenID_Message(
$this->message->getOpenIDNamespace());
$response->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel');
return $response->toURL($this->return_to);
}

+ Here is the call graph for this function:

Auth_OpenID_CheckIDRequest::idSelect ( )

Definition at line 908 of file Server.php.

References Auth_OpenID_IDENTIFIER_SELECT.

{
// Is the identifier to be selected by the IDP?
// So IDPs don't have to import the constant
return $this->identity == Auth_OpenID_IDENTIFIER_SELECT;
}
static Auth_OpenID_CheckIDRequest::make (   $message,
  $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null 
)
static

Definition at line 737 of file Server.php.

References $immediate, $server, $trust_root, Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_CheckIDRequest().

Referenced by fromMessage().

{
if ($server === null) {
return new Auth_OpenID_ServerError($message,
"server must not be null");
}
if ($return_to &&
!Auth_OpenID_TrustRoot::_parse($return_to)) {
return new Auth_OpenID_MalformedReturnURL($message, $return_to);
}
$r = new Auth_OpenID_CheckIDRequest($identity, $return_to,
$trust_root, $immediate,
$assoc_handle, $server);
$r->namespace = $message->getOpenIDNamespace();
$r->message = $message;
if (!$r->trustRootValid()) {
return new Auth_OpenID_UntrustedReturnURL($message,
$return_to,
$trust_root);
} else {
return $r;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_CheckIDRequest::returnToVerified ( )

Definition at line 818 of file Server.php.

References Auth_Yadis_Yadis\getHTTPFetcher().

{
$fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
return call_user_func_array($this->verifyReturnTo,
array($this->trust_root, $this->return_to, $fetcher));
}

+ Here is the call graph for this function:

Auth_OpenID_CheckIDRequest::trustRootValid ( )

Definition at line 915 of file Server.php.

References Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_TrustRoot\match().

Referenced by answer().

{
if (!$this->trust_root) {
return true;
}
$tr = Auth_OpenID_TrustRoot::_parse($this->trust_root);
if ($tr === false) {
return new Auth_OpenID_MalformedTrustRoot($this->message,
$this->trust_root);
}
if ($this->return_to !== null) {
return Auth_OpenID_TrustRoot::match($this->trust_root,
$this->return_to);
} else {
return true;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

Auth_OpenID_CheckIDRequest::$immediate = false

Whether this request is for immediate mode.

Definition at line 724 of file Server.php.

Referenced by Auth_OpenID_CheckIDRequest(), fromMessage(), and make().

Auth_OpenID_CheckIDRequest::$mode = "checkid_setup"

The mode of this request.

Definition at line 719 of file Server.php.

Referenced by answer(), and fromMessage().

Auth_OpenID_CheckIDRequest::$namespace

The OpenID namespace for this request.

deprecated since version 2.0.2

Definition at line 735 of file Server.php.

Auth_OpenID_CheckIDRequest::$trust_root = null

The trust_root value for this request.

Definition at line 729 of file Server.php.

Referenced by Auth_OpenID_CheckIDRequest(), encodeToURL(), fromMessage(), and make().

Auth_OpenID_CheckIDRequest::$verifyReturnTo = 'Auth_OpenID_verifyReturnTo'

Return-to verification callback.

Default is Auth_OpenID_verifyReturnTo from TrustRoot.php.

Definition at line 714 of file Server.php.

The documentation for this class was generated from the following file: