📄 server.php
字号:
// There's a case for making self.trust_root be a TrustRoot // here. But if TrustRoot isn't currently part of the // "public" API, I'm not sure it's worth doing. if ($namespace == Auth_OpenID_OPENID1_NS) { $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, 'trust_root', $return_to); } else { $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, 'realm', $return_to); if (($return_to === null) && ($trust_root === null)) { return new Auth_OpenID_ServerError($message, "openid.realm required when openid.return_to absent"); } } $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $obj = Auth_OpenID_CheckIDRequest::make($message, $identity, $return_to, $trust_root, $immediate, $assoc_handle, $server); if (is_a($obj, 'Auth_OpenID_ServerError')) { return $obj; } $obj->claimed_id = $claimed_id; return $obj; } function idSelect() { // Is the identifier to be selected by the IDP? // So IDPs don't have to import the constant return $this->identity == Auth_OpenID_IDENTIFIER_SELECT; } function trustRootValid() { if (!$this->trust_root) { return true; } $tr = Auth_OpenID_TrustRoot::_parse($this->trust_root); if ($tr === false) { return new Auth_OpenID_MalformedTrustRoot(null, $this->trust_root); } if ($this->return_to !== null) { return Auth_OpenID_TrustRoot::match($this->trust_root, $this->return_to); } else { return true; } } /** * Respond to this request. Return either an * {@link Auth_OpenID_ServerResponse} or * {@link Auth_OpenID_ServerError}. * * @param bool $allow Allow this user to claim this identity, and * allow the consumer to have this information? * * @param string $server_url DEPRECATED. Passing $op_endpoint to * the {@link Auth_OpenID_Server} constructor makes this optional. * * When an OpenID 1.x immediate mode request does not succeed, it * gets back a URL where the request may be carried out in a * not-so-immediate fashion. Pass my URL in here (the fully * qualified address of this server's endpoint, i.e. * http://example.com/server), and I will use it as a base for the * URL for a new request. * * Optional for requests where {@link $immediate} is false or * $allow is true. * * @param string $identity The OP-local identifier to answer with. * Only for use when the relying party requested identifier * selection. * * @param string $claimed_id The claimed identifier to answer * with, for use with identifier selection in the case where the * claimed identifier and the OP-local identifier differ, * i.e. when the claimed_id uses delegation. * * If $identity is provided but this is not, $claimed_id will * default to the value of $identity. When answering requests * that did not ask for identifier selection, the response * $claimed_id will default to that of the request. * * This parameter is new in OpenID 2.0. * * @return mixed */ function answer($allow, $server_url = null, $identity = null, $claimed_id = null) { if (!$this->return_to) { return new Auth_OpenID_NoReturnToError(); } if (!$server_url) { if (($this->namespace != Auth_OpenID_OPENID1_NS) && (!$this->server->op_endpoint)) { return new Auth_OpenID_ServerError(null, "server should be constructed with op_endpoint to " . "respond to OpenID 2.0 messages."); } $server_url = $this->server->op_endpoint; } if ($allow) { $mode = 'id_res'; } else if ($this->namespace == Auth_OpenID_OPENID1_NS) { if ($this->immediate) { $mode = 'id_res'; } else { $mode = 'cancel'; } } else { if ($this->immediate) { $mode = 'setup_needed'; } else { $mode = 'cancel'; } } if (!$this->trustRootValid()) { return new Auth_OpenID_UntrustedReturnURL(null, $this->return_to, $this->trust_root); } $response = new Auth_OpenID_ServerResponse($this); if ($claimed_id && ($this->namespace == Auth_OpenID_OPENID1_NS)) { return new Auth_OpenID_ServerError(null, "claimed_id is new in OpenID 2.0 and not " . "available for ".$this->namespace); } if ($identity && !$claimed_id) { $claimed_id = $identity; } if ($allow) { if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) { if (!$identity) { return new Auth_OpenID_ServerError(null, "This request uses IdP-driven identifier selection. " . "You must supply an identifier in the response."); } $response_identity = $identity; $response_claimed_id = $claimed_id; } else if ($this->identity) { if ($identity && ($this->identity != $identity)) { $fmt = "Request was for %s, cannot reply with identity %s"; return new Auth_OpenID_ServerError(null, sprintf($fmt, $this->identity, $identity)); } $response_identity = $this->identity; $response_claimed_id = $this->claimed_id; } else { if ($identity) { return new Auth_OpenID_ServerError(null, "This request specified no identity and " . "you supplied ".$identity); } $response_identity = null; } if (($this->namespace == Auth_OpenID_OPENID1_NS) && ($response_identity === null)) { return new Auth_OpenID_ServerError(null, "Request was an OpenID 1 request, so response must " . "include an identifier."); } $response->fields->updateArgs(Auth_OpenID_OPENID_NS, array('mode' => $mode, 'op_endpoint' => $server_url, 'return_to' => $this->return_to, 'response_nonce' => Auth_OpenID_mkNonce())); if ($response_identity !== null) { $response->fields->setArg( Auth_OpenID_OPENID_NS, 'identity', $response_identity); if ($this->namespace == Auth_OpenID_OPENID2_NS) { $response->fields->setArg( Auth_OpenID_OPENID_NS, 'claimed_id', $response_claimed_id); } } } else { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'mode', $mode); if ($this->immediate) { if (($this->namespace == Auth_OpenID_OPENID1_NS) && (!$server_url)) { return new Auth_OpenID_ServerError(null, 'setup_url is required for $allow=false \ in OpenID 1.x immediate mode.'); } $setup_request =& new Auth_OpenID_CheckIDRequest( $this->identity, $this->return_to, $this->trust_root, false, $this->assoc_handle, $this->server); $setup_url = $setup_request->encodeToURL($server_url); if ($setup_url === null) { return new Auth_OpenID_NoReturnToError(); } $response->fields->setArg(Auth_OpenID_OPENID_NS, 'user_setup_url', $setup_url); } } return $response; } function encodeToURL($server_url) { if (!$this->return_to) { return new Auth_OpenID_NoReturnToError(); } // Imported from the alternate reality where these classes are // used in both the client and server code, so Requests are // Encodable too. That's right, code imported from alternate // realities all for the love of you, id_res/user_setup_url. $q = array('mode' => $this->mode, 'identity' => $this->identity, 'claimed_id' => $this->claimed_id, 'return_to' => $this->return_to); if ($this->trust_root) { if ($this->namespace == Auth_OpenID_OPENID1_NS) { $q['trust_root'] = $this->trust_root; } else { $q['realm'] = $this->trust_root; } } if ($this->assoc_handle) { $q['assoc_handle'] = $this->assoc_handle; } $response = new Auth_OpenID_Message($this->namespace); $response->updateArgs($this->namespace, $q); return $response->toURL($server_url); } function getCancelURL() { if (!$this->return_to) { return new Auth_OpenID_NoReturnToError(); } if ($this->immediate) { return new Auth_OpenID_ServerError(null, "Cancel is not an appropriate \ response to immediate mode \ requests."); } $response = new Auth_OpenID_Message($this->namespace); $response->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel'); return $response->toURL($this->return_to); }}/** * This class encapsulates the response to an OpenID server request. * * @package OpenID */class Auth_OpenID_ServerResponse { function Auth_OpenID_ServerResponse(&$request) { $this->request =& $request; $this->fields = new Auth_OpenID_Message($this->request->namespace); } function whichEncoding() { global $_Auth_OpenID_Request_Modes; if (in_array($this->request->mode, $_Auth_OpenID_Request_Modes)) { if ($this->fields->isOpenID2() && (strlen($this->encodeToURL()) > Auth_OpenID_OPENID1_URL_LIMIT)) { return Auth_OpenID_ENCODE_HTML_FORM; } else { return Auth_OpenID_ENCODE_URL; } } else { return Auth_OpenID_ENCODE_KVFORM; } } /* * Returns the form markup for this response. * * @return str */ function toFormMarkup() { return $this->fields->toFormMarkup( $this->fields->getArg(Auth_OpenID_OPENID_NS, 'return_to')); } /* * Returns True if this response's encoding is ENCODE_HTML_FORM. * Convenience method for server authors. * * @return bool */ function renderAsForm() { return $this->whichEncoding() == Auth_OpenID_ENCODE_HTML_FORM; } function encodeToURL() { return $this->fields->toURL($this->request->return_to); } function addExtension($extension_response) { $extension_response->toMessage($this->fields); } function needsSigning() { return $this->fields->getArg(Auth_OpenID_OPENID_NS, 'mode') == 'id_res'; } function encodeToKVForm() { return $this->fields->toKVForm(); }}/** * A web-capable response object which you can use to generate a * user-agent response. * * @package OpenID */class Auth_OpenID_WebResponse { var $code = AUTH_OPENID_HTTP_OK; var $body = ""; function Auth_OpenID_WebResponse($code = null, $headers = null, $body = null) { if ($code) { $this->code = $code; } if ($headers !== null) { $this->headers = $headers; } else { $this->headers = array(); } if ($body !== null) { $this->body = $body; } }}/** * Responsible for the signature of query data and the verification of * OpenID signature values. * * @package OpenID */class Auth_OpenID_Signatory { // = 14 * 24 * 60 * 60; # 14 days, in seconds var $SECRET_LIFETIME = 1209600; // keys have a bogus server URL in them because the filestore // really does expect that key to be a URL. This seems a little // silly for the server store, since I expect there to be only one // server URL. var $normal_key = 'http://localhost/|normal'; var $dumb_key = 'http://localhost/|dumb';⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -