ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Data Fields
Auth_OpenID_CheckIDRequest Class Reference
+ Inheritance diagram for Auth_OpenID_CheckIDRequest:
+ Collaboration diagram for Auth_OpenID_CheckIDRequest:

Public Member Functions

 Auth_OpenID_CheckIDRequest ($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
 
 equals ($other)
 
 returnToVerified ()
 
 idSelect ()
 
 trustRootValid ()
 
 answer ($allow, $server_url=null, $identity=null, $claimed_id=null)
 Respond to this request. More...
 
 encodeToURL ($server_url)
 
 getCancelURL ()
 

Static Public Member Functions

static make ($message, $identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null)
 
static fromMessage ($message, $server)
 

Data Fields

 $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'
 Return-to verification callback. More...
 
 $mode = "checkid_setup"
 The mode of this request. More...
 
 $immediate = false
 Whether this request is for immediate mode. More...
 
 $trust_root = null
 The trust_root value for this request. More...
 
 $namespace
 The OpenID namespace for this request. More...
 
- Data Fields inherited from Auth_OpenID_Request
 $mode = null
 

Detailed Description

Definition at line 709 of file Server.php.

Member Function Documentation

◆ answer()

Auth_OpenID_CheckIDRequest::answer (   $allow,
  $server_url = null,
  $identity = null,
  $claimed_id = null 
)

Respond to this request.

Return either an Auth_OpenID_ServerResponse or Auth_OpenID_ServerError.

Parameters
bool$allowAllow this user to claim this identity, and allow the consumer to have this information?
string$server_urlDEPRECATED. Passing $op_endpoint to the Auth_OpenID_Server constructor makes this optional.

When an OpenID 1.x immediate mode request does not succeed, it gets back a URL where the request may be carried out in a not-so-immediate fashion. Pass my URL in here (the fully qualified address of this server's endpoint, i.e. http://example.com/server), and I will use it as a base for the URL for a new request.

Optional for requests where $immediate is false or $allow is true.

Parameters
string$identityThe OP-local identifier to answer with. Only for use when the relying party requested identifier selection.
string$claimed_idThe claimed identifier to answer with, for use with identifier selection in the case where the claimed identifier and the OP-local identifier differ, i.e. when the claimed_id uses delegation.

If $identity is provided but this is not, $claimed_id will default to the value of $identity. When answering requests that did not ask for identifier selection, the response $claimed_id will default to that of the request.

This parameter is new in OpenID 2.0.

Returns
mixed

Definition at line 974 of file Server.php.

976 {
977 if (!$this->return_to) {
978 return new Auth_OpenID_NoReturnToError();
979 }
980
981 if (!$server_url) {
982 if ((!$this->message->isOpenID1()) &&
983 (!$this->server->op_endpoint)) {
984 return new Auth_OpenID_ServerError(null,
985 "server should be constructed with op_endpoint to " .
986 "respond to OpenID 2.0 messages.");
987 }
988
989 $server_url = $this->server->op_endpoint;
990 }
991
992 if ($allow) {
993 $mode = 'id_res';
994 } else if ($this->message->isOpenID1()) {
995 if ($this->immediate) {
996 $mode = 'id_res';
997 } else {
998 $mode = 'cancel';
999 }
1000 } else {
1001 if ($this->immediate) {
1002 $mode = 'setup_needed';
1003 } else {
1004 $mode = 'cancel';
1005 }
1006 }
1007
1008 if (!$this->trustRootValid()) {
1009 return new Auth_OpenID_UntrustedReturnURL(null,
1010 $this->return_to,
1011 $this->trust_root);
1012 }
1013
1014 $response = new Auth_OpenID_ServerResponse($this);
1015
1016 if ($claimed_id &&
1017 ($this->message->isOpenID1())) {
1018 return new Auth_OpenID_ServerError(null,
1019 "claimed_id is new in OpenID 2.0 and not " .
1020 "available for ".$this->namespace);
1021 }
1022
1023 if ($identity && !$claimed_id) {
1024 $claimed_id = $identity;
1025 }
1026
1027 if ($allow) {
1028
1029 if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) {
1030 if (!$identity) {
1031 return new Auth_OpenID_ServerError(null,
1032 "This request uses IdP-driven identifier selection. " .
1033 "You must supply an identifier in the response.");
1034 }
1035
1036 $response_identity = $identity;
1037 $response_claimed_id = $claimed_id;
1038
1039 } else if ($this->identity) {
1040 if ($identity &&
1041 ($this->identity != $identity)) {
1042 $fmt = "Request was for %s, cannot reply with identity %s";
1043 return new Auth_OpenID_ServerError(null,
1044 sprintf($fmt, $this->identity, $identity));
1045 }
1046
1047 $response_identity = $this->identity;
1048 $response_claimed_id = $this->claimed_id;
1049 } else {
1050 if ($identity) {
1051 return new Auth_OpenID_ServerError(null,
1052 "This request specified no identity and " .
1053 "you supplied ".$identity);
1054 }
1055
1056 $response_identity = null;
1057 }
1058
1059 if (($this->message->isOpenID1()) &&
1060 ($response_identity === null)) {
1061 return new Auth_OpenID_ServerError(null,
1062 "Request was an OpenID 1 request, so response must " .
1063 "include an identifier.");
1064 }
1065
1066 $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
1067 array('mode' => $mode,
1068 'return_to' => $this->return_to,
1069 'response_nonce' => Auth_OpenID_mkNonce()));
1070
1071 if (!$this->message->isOpenID1()) {
1072 $response->fields->setArg(Auth_OpenID_OPENID_NS,
1073 'op_endpoint', $server_url);
1074 }
1075
1076 if ($response_identity !== null) {
1077 $response->fields->setArg(
1078 Auth_OpenID_OPENID_NS,
1079 'identity',
1080 $response_identity);
1081 if ($this->message->isOpenID2()) {
1082 $response->fields->setArg(
1083 Auth_OpenID_OPENID_NS,
1084 'claimed_id',
1085 $response_claimed_id);
1086 }
1087 }
1088
1089 } else {
1090 $response->fields->setArg(Auth_OpenID_OPENID_NS,
1091 'mode', $mode);
1092
1093 if ($this->immediate) {
1094 if (($this->message->isOpenID1()) &&
1095 (!$server_url)) {
1096 return new Auth_OpenID_ServerError(null,
1097 'setup_url is required for $allow=false \
1098 in OpenID 1.x immediate mode.');
1099 }
1100
1101 $setup_request = new Auth_OpenID_CheckIDRequest(
1102 $this->identity,
1103 $this->return_to,
1104 $this->trust_root,
1105 false,
1106 $this->assoc_handle,
1107 $this->server,
1108 $this->claimed_id);
1109 $setup_request->message = $this->message;
1110
1111 $setup_url = $setup_request->encodeToURL($server_url);
1112
1113 if ($setup_url === null) {
1114 return new Auth_OpenID_NoReturnToError();
1115 }
1116
1117 $response->fields->setArg(Auth_OpenID_OPENID_NS,
1118 'user_setup_url',
1119 $setup_url);
1120 }
1121 }
1122
1123 return $response;
1124 }
Auth_OpenID_IDENTIFIER_SELECT
const Auth_OpenID_IDENTIFIER_SELECT
Import tools needed to deal with messages.
Definition: Message.php:18
Auth_OpenID_OPENID_NS
const Auth_OpenID_OPENID_NS
Definition: Message.php:42
Auth_OpenID_mkNonce
Auth_OpenID_mkNonce($when=null)
Definition: Nonce.php:91
Auth_OpenID_CheckIDRequest\$mode
$mode
The mode of this request.
Definition: Server.php:719
Auth_OpenID_CheckIDRequest\trustRootValid
trustRootValid()
Definition: Server.php:915
Auth_OpenID_CheckIDRequest\Auth_OpenID_CheckIDRequest
Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null, $claimed_id=null)
Definition: Server.php:766
Auth_OpenID_NoReturnToError
Definition: Server.php:294
Auth_OpenID_ServerError
Definition: Server.php:147
Auth_OpenID_ServerResponse
Definition: Server.php:1185
Auth_OpenID_UntrustedReturnURL
Definition: Server.php:1628

References $mode, Auth_OpenID_CheckIDRequest(), Auth_OpenID_IDENTIFIER_SELECT, Auth_OpenID_mkNonce(), Auth_OpenID_OPENID_NS, and trustRootValid().

+ Here is the call graph for this function:

◆ Auth_OpenID_CheckIDRequest()

Auth_OpenID_CheckIDRequest::Auth_OpenID_CheckIDRequest (   $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null,
  $claimed_id = null 
)

Definition at line 766 of file Server.php.

770 {
771 $this->namespace = Auth_OpenID_OPENID2_NS;
772 $this->assoc_handle = $assoc_handle;
773 $this->identity = $identity;
774 if ($claimed_id === null) {
775 $this->claimed_id = $identity;
776 } else {
777 $this->claimed_id = $claimed_id;
778 }
779 $this->return_to = $return_to;
780 $this->trust_root = $trust_root;
781 $this->server = $server;
782
783 if ($immediate) {
784 $this->immediate = true;
785 $this->mode = "checkid_immediate";
786 } else {
787 $this->immediate = false;
788 $this->mode = "checkid_setup";
789 }
790 }
Auth_OpenID_OPENID2_NS
const Auth_OpenID_OPENID2_NS
Definition: Message.php:35
Auth_OpenID_CheckIDRequest\$immediate
$immediate
Whether this request is for immediate mode.
Definition: Server.php:724
Auth_OpenID_CheckIDRequest\$trust_root
$trust_root
The trust_root value for this request.
Definition: Server.php:729
$server
$server
Definition: dummy_client.php:12

References $immediate, $server, $trust_root, and Auth_OpenID_OPENID2_NS.

Referenced by answer(), and make().

+ Here is the caller graph for this function:

◆ encodeToURL()

Auth_OpenID_CheckIDRequest::encodeToURL (   $server_url)

Definition at line 1126 of file Server.php.

1127 {
1128 if (!$this->return_to) {
1129 return new Auth_OpenID_NoReturnToError();
1130 }
1131
1132 // Imported from the alternate reality where these classes are
1133 // used in both the client and server code, so Requests are
1134 // Encodable too. That's right, code imported from alternate
1135 // realities all for the love of you, id_res/user_setup_url.
1136
1137 $q = array('mode' => $this->mode,
1138 'identity' => $this->identity,
1139 'claimed_id' => $this->claimed_id,
1140 'return_to' => $this->return_to);
1141
1142 if ($this->trust_root) {
1143 if ($this->message->isOpenID1()) {
1144 $q['trust_root'] = $this->trust_root;
1145 } else {
1146 $q['realm'] = $this->trust_root;
1147 }
1148 }
1149
1150 if ($this->assoc_handle) {
1151 $q['assoc_handle'] = $this->assoc_handle;
1152 }
1153
1154 $response = new Auth_OpenID_Message(
1155 $this->message->getOpenIDNamespace());
1156 $response->updateArgs(Auth_OpenID_OPENID_NS, $q);
1157 return $response->toURL($server_url);
1158 }
Auth_OpenID_Message
Definition: Message.php:414

References $trust_root, and Auth_OpenID_OPENID_NS.

◆ equals()

Auth_OpenID_CheckIDRequest::equals (   $other)

Definition at line 792 of file Server.php.

793 {
794 return (
795 (is_a($other, 'Auth_OpenID_CheckIDRequest')) &&
796 ($this->namespace == $other->namespace) &&
797 ($this->assoc_handle == $other->assoc_handle) &&
798 ($this->identity == $other->identity) &&
799 ($this->claimed_id == $other->claimed_id) &&
800 ($this->return_to == $other->return_to) &&
801 ($this->trust_root == $other->trust_root));
802 }

◆ fromMessage()

static Auth_OpenID_CheckIDRequest::fromMessage (   $message,
  $server 
)
static

Definition at line 825 of file Server.php.

826 {
827 $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
828 $immediate = null;
829
830 if ($mode == "checkid_immediate") {
831 $immediate = true;
832 $mode = "checkid_immediate";
833 } else {
834 $immediate = false;
835 $mode = "checkid_setup";
836 }
837
838 $return_to = $message->getArg(Auth_OpenID_OPENID_NS,
839 'return_to');
840
841 if (($message->isOpenID1()) &&
842 (!$return_to)) {
843 $fmt = "Missing required field 'return_to' from checkid request";
844 return new Auth_OpenID_ServerError($message, $fmt);
845 }
846
847 $identity = $message->getArg(Auth_OpenID_OPENID_NS,
848 'identity');
849 $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id');
850 if ($message->isOpenID1()) {
851 if ($identity === null) {
852 $s = "OpenID 1 message did not contain openid.identity";
853 return new Auth_OpenID_ServerError($message, $s);
854 }
855 } else {
856 if ($identity && !$claimed_id) {
857 $s = "OpenID 2.0 message contained openid.identity but not " .
858 "claimed_id";
859 return new Auth_OpenID_ServerError($message, $s);
860 } else if ($claimed_id && !$identity) {
861 $s = "OpenID 2.0 message contained openid.claimed_id " .
862 "but not identity";
863 return new Auth_OpenID_ServerError($message, $s);
864 }
865 }
866
867 // There's a case for making self.trust_root be a TrustRoot
868 // here. But if TrustRoot isn't currently part of the
869 // "public" API, I'm not sure it's worth doing.
870 if ($message->isOpenID1()) {
871 $trust_root_param = 'trust_root';
872 } else {
873 $trust_root_param = 'realm';
874 }
875 $trust_root = $message->getArg(Auth_OpenID_OPENID_NS,
876 $trust_root_param);
877 if (! $trust_root) {
878 $trust_root = $return_to;
879 }
880
881 if (! $message->isOpenID1() &&
882 ($return_to === null) &&
883 ($trust_root === null)) {
884 return new Auth_OpenID_ServerError($message,
885 "openid.realm required when openid.return_to absent");
886 }
887
888 $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS,
889 'assoc_handle');
890
891 $obj = Auth_OpenID_CheckIDRequest::make($message,
892 $identity,
893 $return_to,
894 $trust_root,
895 $immediate,
896 $assoc_handle,
897 $server);
898
899 if (is_a($obj, 'Auth_OpenID_ServerError')) {
900 return $obj;
901 }
902
903 $obj->claimed_id = $claimed_id;
904
905 return $obj;
906 }
Auth_OpenID_CheckIDRequest\make
static make($message, $identity, $return_to, $trust_root=null, $immediate=false, $assoc_handle=null, $server=null)
Definition: Server.php:737

References $immediate, $mode, $server, $trust_root, Auth_OpenID_OPENID_NS, and make().

+ Here is the call graph for this function:

◆ getCancelURL()

Auth_OpenID_CheckIDRequest::getCancelURL ( )

Definition at line 1160 of file Server.php.

1161 {
1162 if (!$this->return_to) {
1163 return new Auth_OpenID_NoReturnToError();
1164 }
1165
1166 if ($this->immediate) {
1167 return new Auth_OpenID_ServerError(null,
1168 "Cancel is not an appropriate \
1169 response to immediate mode \
1170 requests.");
1171 }
1172
1173 $response = new Auth_OpenID_Message(
1174 $this->message->getOpenIDNamespace());
1175 $response->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel');
1176 return $response->toURL($this->return_to);
1177 }

References Auth_OpenID_OPENID_NS.

◆ idSelect()

Auth_OpenID_CheckIDRequest::idSelect ( )

Definition at line 908 of file Server.php.

909 {
910 // Is the identifier to be selected by the IDP?
911 // So IDPs don't have to import the constant
912 return $this->identity == Auth_OpenID_IDENTIFIER_SELECT;
913 }

References Auth_OpenID_IDENTIFIER_SELECT.

◆ make()

static Auth_OpenID_CheckIDRequest::make (   $message,
  $identity,
  $return_to,
  $trust_root = null,
  $immediate = false,
  $assoc_handle = null,
  $server = null 
)
static

Definition at line 737 of file Server.php.

739 {
740 if ($server === null) {
741 return new Auth_OpenID_ServerError($message,
742 "server must not be null");
743 }
744
745 if ($return_to &&
746 !Auth_OpenID_TrustRoot::_parse($return_to)) {
747 return new Auth_OpenID_MalformedReturnURL($message, $return_to);
748 }
749
750 $r = new Auth_OpenID_CheckIDRequest($identity, $return_to,
751 $trust_root, $immediate,
752 $assoc_handle, $server);
753
754 $r->namespace = $message->getOpenIDNamespace();
755 $r->message = $message;
756
757 if (!$r->trustRootValid()) {
758 return new Auth_OpenID_UntrustedReturnURL($message,
759 $return_to,
760 $trust_root);
761 } else {
762 return $r;
763 }
764 }
Auth_OpenID_MalformedReturnURL
Definition: Server.php:312
Auth_OpenID_TrustRoot\_parse
static _parse($trust_root)
Parse a URL into its trust_root parts.
Definition: TrustRoot.php:94
$r
$r
Definition: example_031.php:79

References $immediate, $r, $server, $trust_root, Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_CheckIDRequest().

Referenced by fromMessage().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ returnToVerified()

Auth_OpenID_CheckIDRequest::returnToVerified ( )

Definition at line 818 of file Server.php.

819 {
820 $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
821 return call_user_func_array($this->verifyReturnTo,
822 array($this->trust_root, $this->return_to, $fetcher));
823 }
Auth_Yadis_Yadis\getHTTPFetcher
static getHTTPFetcher($timeout=20)
Returns an HTTP fetcher object.
Definition: Yadis.php:253

References Auth_Yadis_Yadis\getHTTPFetcher().

+ Here is the call graph for this function:

◆ trustRootValid()

Auth_OpenID_CheckIDRequest::trustRootValid ( )

Definition at line 915 of file Server.php.

916 {
917 if (!$this->trust_root) {
918 return true;
919 }
920
921 $tr = Auth_OpenID_TrustRoot::_parse($this->trust_root);
922 if ($tr === false) {
923 return new Auth_OpenID_MalformedTrustRoot($this->message,
924 $this->trust_root);
925 }
926
927 if ($this->return_to !== null) {
928 return Auth_OpenID_TrustRoot::match($this->trust_root,
929 $this->return_to);
930 } else {
931 return true;
932 }
933 }
Auth_OpenID_MalformedTrustRoot
Definition: Server.php:325
Auth_OpenID_TrustRoot\match
static match($trust_root, $url)
Does this URL match the given trust root?
Definition: TrustRoot.php:270

References Auth_OpenID_TrustRoot\_parse(), and Auth_OpenID_TrustRoot\match().

Referenced by answer().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $immediate

Auth_OpenID_CheckIDRequest::$immediate = false

Whether this request is for immediate mode.

Definition at line 724 of file Server.php.

Referenced by Auth_OpenID_CheckIDRequest(), fromMessage(), and make().

◆ $mode

Auth_OpenID_CheckIDRequest::$mode = "checkid_setup"

The mode of this request.

Definition at line 719 of file Server.php.

Referenced by answer(), and fromMessage().

◆ $namespace

Auth_OpenID_CheckIDRequest::$namespace

The OpenID namespace for this request.

deprecated since version 2.0.2

Definition at line 735 of file Server.php.

◆ $trust_root

Auth_OpenID_CheckIDRequest::$trust_root = null

The trust_root value for this request.

Definition at line 729 of file Server.php.

Referenced by Auth_OpenID_CheckIDRequest(), encodeToURL(), fromMessage(), and make().

◆ $verifyReturnTo

Auth_OpenID_CheckIDRequest::$verifyReturnTo = 'Auth_OpenID_verifyReturnTo'

Return-to verification callback.

Default is Auth_OpenID_verifyReturnTo from TrustRoot.php.

Definition at line 714 of file Server.php.

The documentation for this class was generated from the following file: