diff options
| author | tailor <cygnus@janrain.com> | 2007-01-12 00:32:20 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-01-12 00:32:20 +0000 |
| commit | b05d16f479dbf75d958ffc3c057dfb09843531a8 (patch) | |
| tree | 34f426dd529784c8a3160570e33ef7d1c6d20cab /Auth | |
| parent | f1d90afb457e2391a0437fc65967a0018b2f2a45 (diff) | |
| download | php-openid-b05d16f479dbf75d958ffc3c057dfb09843531a8.zip php-openid-b05d16f479dbf75d958ffc3c057dfb09843531a8.tar.gz php-openid-b05d16f479dbf75d958ffc3c057dfb09843531a8.tar.bz2 | |
[project @ More discovery refactoring and fixes]
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/OpenID/Consumer.php | 26 | ||||
| -rw-r--r-- | Auth/OpenID/Discover.php | 69 |
2 files changed, 49 insertions, 46 deletions
diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index 1e2233d..99a30db 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -385,9 +385,9 @@ class Auth_OpenID_Consumer { if (in_array($response->status, array(Auth_OpenID_SUCCESS, Auth_OpenID_CANCEL))) { - if ($response->identity_url !== null) { + if ($response->claimed_id !== null) { $disco = new Services_Yadis_Discovery($this->session, - $response->identity_url, + $response->claimed_id, $this->session_key_prefix); $disco->cleanup(); } @@ -536,7 +536,7 @@ class Auth_OpenID_GenericConsumer { $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); return new Auth_OpenID_FailureResponse($endpoint, $error); } else if ($mode == 'id_res') { - if ($endpoint->identity_url === null) { + if ($endpoint->claimed_id === null) { return new Auth_OpenID_FailureResponse($endpoint, "No session state found"); } @@ -631,7 +631,7 @@ class Auth_OpenID_GenericConsumer { } //Fail if the identity field is present but not signed - if (($endpoint->identity_url !== null) && + if (($endpoint->claimed_id !== null) && (!in_array('identity', $signed_list))) { $msg = '"openid.identity" not signed'; return new Auth_OpenID_FailureResponse($endpoint, $msg); @@ -1019,7 +1019,7 @@ class Auth_OpenID_ConsumerResponse { * that the supplied URL is, indeed controlled by the requesting * agent. This has three relevant attributes: * - * identity_url - The identity URL that has been authenticated + * claimed_id - The identity URL that has been authenticated * * signed_args - The arguments in the server's response that were * signed and verified. @@ -1037,7 +1037,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { function Auth_OpenID_SuccessResponse($endpoint, $message, $signed_args=null) { $this->endpoint = $endpoint; - $this->identity_url = $endpoint->identity_url; + $this->claimed_id = $endpoint->claimed_id; $this->signed_args = $signed_args; $this->message = $message; @@ -1127,7 +1127,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { * OpenID protocol has failed. This could be locally or remotely * triggered. This has three relevant attributes: * - * identity_url - The identity URL for which authentication was + * claimed_id - The identity URL for which authentication was * attempted, if it can be determined. Otherwise, null. * * message - A message indicating why the request failed, if one is @@ -1144,9 +1144,9 @@ class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse { { $this->endpoint = $endpoint; if ($endpoint !== null) { - $this->identity_url = $endpoint->identity_url; + $this->claimed_id = $endpoint->claimed_id; } else { - $this->identity_url = null; + $this->claimed_id = null; } $this->message = $message; } @@ -1157,7 +1157,7 @@ class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse { * user cancelled the OpenID authentication request. This has two * relevant attributes: * - * identity_url - The identity URL for which authentication was + * claimed_id - The identity URL for which authentication was * attempted, if it can be determined. Otherwise, null. * * status - Auth_OpenID_SUCCESS. @@ -1170,7 +1170,7 @@ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { function Auth_OpenID_CancelResponse($endpoint) { $this->endpoint = $endpoint; - $this->identity_url = $endpoint->identity_url; + $this->claimed_id = $endpoint->claimed_id; } } @@ -1179,7 +1179,7 @@ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { * that the request was in immediate mode, and the server is unable to * authenticate the user without further interaction. * - * identity_url - The identity URL for which authentication was + * claimed_id - The identity URL for which authentication was * attempted. * * setup_url - A URL that can be used to send the user to the server @@ -1198,7 +1198,7 @@ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse { $setup_url = null) { $this->endpoint = $endpoint; - $this->identity_url = $endpoint->identity_url; + $this->claimed_id = $endpoint->claimed_id; $this->setup_url = $setup_url; } } diff --git a/Auth/OpenID/Discover.php b/Auth/OpenID/Discover.php index 4d5a5f7..752f084 100644 --- a/Auth/OpenID/Discover.php +++ b/Auth/OpenID/Discover.php @@ -190,12 +190,11 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) $tags = $service->getElements($tag_name); foreach ($tags as $tag) { + $content = $parser->content($tag); + if ($local_id === null) { - $local_id = $parser->content($tag); - } else if ($local_id != $parser->content($tag)) { - // format = 'More than one %r tag found in one service element' - // message = format % (local_id_tag,) - // raise DiscoveryFailure(message, None) + $local_id = $content; + } else if ($local_id != $content) { return false; } } @@ -217,7 +216,7 @@ function filter_MatchesAnyOpenIDType(&$service) return false; } -function Auth_OpenID_bestMatchingService($service) +function Auth_OpenID_bestMatchingService($service, $preferred_types) { // Return the index of the first matching type, or something // higher if no type matches. @@ -245,7 +244,8 @@ function Auth_OpenID_arrangeByType($service_list, $preferred_types) // comparison will prefer the one with the best matching service $prio_services = array(); foreach ($service_list as $index => $service) { - $prio_services[] = array(Auth_OpenID_bestMatchingService($service), + $prio_services[] = array(Auth_OpenID_bestMatchingService($service, + $preferred_types), $index, $service); } @@ -282,15 +282,15 @@ function Auth_OpenID_getOPOrUserServices($openid_services) } } -function Auth_OpenID_makeOpenIDEndpoints($uri, $endpoints) +function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services) { $s = array(); - if (!$endpoints) { + if (!$yadis_services) { return $s; } - foreach ($endpoints as $service) { + foreach ($yadis_services as $service) { $type_uris = $service->getTypes(); $uris = $service->getURIs(); @@ -298,7 +298,6 @@ function Auth_OpenID_makeOpenIDEndpoints($uri, $endpoints) // specified, then this is an OpenID endpoint if ($type_uris && $uris) { - foreach ($uris as $service_uri) { $openid_endpoint = new Auth_OpenID_ServiceEndpoint(); if ($openid_endpoint->parseService($uri, @@ -329,32 +328,32 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher) $response = Services_Yadis_Yadis::discover($uri, $http_response, $fetcher); + $yadis_services = array(); + $identity_url = null; + if ($response) { $identity_url = $response->uri; - $openid_services = + $yadis_services = $response->xrds->services(array('filter_MatchesAnyOpenIDType')); } - if (!$openid_services) { - + if (!$yadis_services) { if (Services_Yadis_XRDS::parseXRDS($response->body) !== null) { return @Auth_OpenID_discoverWithoutYadis($uri, $fetcher); } - $body = $response->body; - // Try to parse the response as HTML to get OpenID 1.0/1.1 // <link rel="..."> - $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML($identity_url, - $body); - // } else { - // $openid_services = Auth_OpenID_makeOpenIDEndpoints($response->uri, - // $openid_services); + $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML( + $identity_url, + $response->body); + } else { + $openid_services = Auth_OpenID_makeOpenIDEndpoints($identity_url, + $yadis_services); } $openid_services = Auth_OpenID_getOPOrUserServices($openid_services); - return array($identity_url, $openid_services, $http_response); } @@ -385,29 +384,33 @@ function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher) // Try to parse the response as HTML to get OpenID 1.0/1.1 <link // rel="..."> - $endpoint =& new Auth_OpenID_ServiceEndpoint(); - $openid_services = $endpoint->fromHTML($identity_url, $http_resp->body); + $openid_services = Auth_OpenID_ServiceEndpoint::fromHTML( + $identity_url, + $http_resp->body); return array($identity_url, $openid_services, $http_resp); } function _Auth_OpenID_discoverXRI($iname, &$fetcher) { - $services = new Services_Yadis_ProxyResolver($fetcher); - list($canonicalID, $service_list) = - $services->query($iname, + $resolver = new Services_Yadis_ProxyResolver($fetcher); + list($canonicalID, $yadis_services) = + $resolver->query($iname, Auth_OpenID_getOpenIDTypeURIs(), array('filter_MatchesAnyOpenIDType')); - for ($i = 0; $i < count($endpoints); $i++) { - $endpoints[$i]->canonicalID = $canonicalID; - $endpoints[$i]->claimed_id = $canonicalID; - } + $openid_services = Auth_OpenID_makeOpenIDEndpoints($iname, + $yadis_services); - $endpoints = Auth_OpenID_getOPOrUserServices($endpoints); + $openid_services = Auth_OpenID_getOPOrUserServices($openid_services); + + for ($i = 0; $i < count($openid_services); $i++) { + $openid_services[$i]->canonicalID = $canonicalID; + $openid_services[$i]->claimed_id = $canonicalID; + } // FIXME: returned xri should probably be in some normal form - return array($iname, $endpoints, null); + return array($iname, $openid_services, null); } function Auth_OpenID_discover($uri, &$fetcher) |