📄 consumer.php
字号:
$session_type = $server_error->message->getArg(Auth_OpenID_OPENID_NS, 'session_type'); if (($assoc_type === null) || ($session_type === null)) { return null; } else if (!$this->negotiator->isAllowed($assoc_type, $session_type)) { return null; } else { return array($assoc_type, $session_type); } } /** * @access private */ function _negotiateAssociation($endpoint) { // Get our preferred session/association type from the negotiatior. list($assoc_type, $session_type) = $this->negotiator->getAllowedType(); $assoc = $this->_requestAssociation( $endpoint, $assoc_type, $session_type); if (Auth_OpenID::isFailure($assoc)) { return null; } if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { $why = $assoc; $supportedTypes = $this->_extractSupportedAssociationType( $why, $endpoint, $assoc_type); if ($supportedTypes !== null) { list($assoc_type, $session_type) = $supportedTypes; // Attempt to create an association from the assoc_type // and session_type that the server told us it // supported. $assoc = $this->_requestAssociation( $endpoint, $assoc_type, $session_type); if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { // Do not keep trying, since it rejected the // association type that it told us to use. // oidutil.log('Server %s refused its suggested association // 'type: session_type=%s, assoc_type=%s' // % (endpoint.server_url, session_type, // assoc_type)) return null; } else { return $assoc; } } else { return null; } } else { return $assoc; } } /** * @access private */ function _requestAssociation($endpoint, $assoc_type, $session_type) { list($assoc_session, $args) = $this->_createAssociateRequest( $endpoint, $assoc_type, $session_type); $response_message = $this->_makeKVPost($args, $endpoint->server_url); if ($response_message === null) { // oidutil.log('openid.associate request failed: %s' % (why[0],)) return null; } else if (is_a($response_message, 'Auth_OpenID_ServerErrorContainer')) { return $response_message; } return $this->_extractAssociation($response_message, $assoc_session); } /** * @access private */ function _extractAssociation(&$assoc_response, &$assoc_session) { // Extract the common fields from the response, raising an // exception if they are not found $assoc_type = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT); if ($assoc_type === null) { return new Auth_OpenID_FailureResponse(null, 'assoc_type missing from association response'); } $assoc_handle = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT); if ($assoc_handle === null) { return new Auth_OpenID_FailureResponse(null, 'assoc_handle missing from association response'); } // expires_in is a base-10 string. The Python parsing will // accept literals that have whitespace around them and will // accept negative values. Neither of these are really in-spec, // but we think it's OK to accept them. $expires_in_str = $assoc_response->getArg( Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT); if ($expires_in_str === null) { return new Auth_OpenID_FailureResponse(null, 'expires_in missing from association response'); } $expires_in = Auth_OpenID::intval($expires_in_str); if ($expires_in === false) { return null; } // OpenID 1 has funny association session behaviour. if ($assoc_response->isOpenID1()) { $session_type = $this->_getOpenID1SessionType($assoc_response); } else { $session_type = $assoc_response->getArg( Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT); if ($session_type === null) { return new Auth_OpenID_FailureResponse(null, 'session_type missing from association response'); } } // Session type mismatch if ($assoc_session->session_type != $session_type) { if ($assoc_response->isOpenID1() && ($session_type == 'no-encryption')) { // In OpenID 1, any association request can result in // a 'no-encryption' association response. Setting // assoc_session to a new no-encryption session should // make the rest of this function work properly for // that case. $assoc_session = new Auth_OpenID_PlainTextConsumerSession(); } else { // Any other mismatch, regardless of protocol version // results in the failure of the association session // altogether. return null; } } // Make sure assoc_type is valid for session_type if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) { return null; } // Delegate to the association session to extract the secret // from the response, however is appropriate for that session // type. $secret = $assoc_session->extractSecret($assoc_response); if ($secret === null) { return null; } return Auth_OpenID_Association::fromExpiresIn( $expires_in, $assoc_handle, $secret, $assoc_type); } /** * @access private */ function _createAssociateRequest($endpoint, $assoc_type, $session_type) { if (array_key_exists($session_type, $this->session_types)) { $session_type_class = $this->session_types[$session_type]; if (is_callable($session_type_class)) { $assoc_session = $session_type_class(); } else { $assoc_session = new $session_type_class(); } } else { return null; } $args = array( 'mode' => 'associate', 'assoc_type' => $assoc_type); if (!$endpoint->compatibilityMode()) { $args['ns'] = Auth_OpenID_OPENID2_NS; } // Leave out the session type if we're in compatibility mode // *and* it's no-encryption. if ((!$endpoint->compatibilityMode()) || ($assoc_session->session_type != 'no-encryption')) { $args['session_type'] = $assoc_session->session_type; } $args = array_merge($args, $assoc_session->getRequest()); $message = Auth_OpenID_Message::fromOpenIDArgs($args); return array($assoc_session, $message); } /** * Given an association response message, extract the OpenID 1.X * session type. * * This function mostly takes care of the 'no-encryption' default * behavior in OpenID 1. * * If the association type is plain-text, this function will * return 'no-encryption' * * @access private * @return $typ The association type for this message */ function _getOpenID1SessionType($assoc_response) { // If it's an OpenID 1 message, allow session_type to default // to None (which signifies "no-encryption") $session_type = $assoc_response->getArg(Auth_OpenID_OPENID1_NS, 'session_type'); // Handle the differences between no-encryption association // respones in OpenID 1 and 2: // no-encryption is not really a valid session type for OpenID // 1, but we'll accept it anyway, while issuing a warning. if ($session_type == 'no-encryption') { // oidutil.log('WARNING: OpenID server sent "no-encryption"' // 'for OpenID 1.X') } else if (($session_type == '') || ($session_type === null)) { // Missing or empty session type is the way to flag a // 'no-encryption' response. Change the session type to // 'no-encryption' so that it can be handled in the same // way as OpenID 2 'no-encryption' respones. $session_type = 'no-encryption'; } return $session_type; }}/** * This class represents an authentication request from a consumer to * an OpenID server. * * @package OpenID */class Auth_OpenID_AuthRequest { /** * Initialize an authentication request with the specified token, * association, and endpoint. * * Users of this library should not create instances of this * class. Instances of this class are created by the library when * needed. */ function Auth_OpenID_AuthRequest(&$endpoint, $assoc) { $this->assoc = $assoc; $this->endpoint =& $endpoint; $this->return_to_args = array(); $this->message = new Auth_OpenID_Message(); $this->message->setOpenIDNamespace( $endpoint->preferredNamespace()); $this->_anonymous = false; } /** * Add an extension to this checkid request. * * $extension_request: An object that implements the extension * request interface for adding arguments to an OpenID message. */ function addExtension(&$extension_request) { $extension_request->toMessage($this->message); } /** * Add an extension argument to this OpenID authentication * request. * * Use caution when adding arguments, because they will be * URL-escaped and appended to the redirect URL, which can easily * get quite long. * * @param string $namespace The namespace for the extension. For * example, the simple registration extension uses the namespace * 'sreg'. * * @param string $key The key within the extension namespace. For * example, the nickname field in the simple registration * extension's key is 'nickname'. * * @param string $value The value to provide to the server for * this argument. */ function addExtensionArg($namespace, $key, $value) { $this->message->setArg($namespace, $key, $value); } /** * Set whether this request should be made anonymously. If a * request is anonymous, the identifier will not be sent in the * request. This is only useful if you are making another kind of * request with an extension in this request. * * Anonymous requests are not allowed when the request is made * with OpenID 1. */ function setAnonymous($is_anonymous) { if ($is_anonymous && $this->message->isOpenID1()) { return false; } else { $this->_anonymous = $is_anonymous; return true; } } /** * Produce a {@link Auth_OpenID_Message} representing this * request. * * @param string $realm The URL (or URL pattern) that identifies * your web site to the user when she is authorizing it. * * @param string $return_to The URL that the OpenID provider will * send the user back to after attempting to verify her identity. * * Not specifying a return_to URL means that the user will not be * returned to the site issuing the request upon its completion. * * @param bool $immediate If true, the OpenID provider is to send * back a response immediately, useful for behind-the-scenes * authentication attempts. Otherwise the OpenID provider may * engage the user before providing a response. This is the * default case, as the user may need to provide credentials or * approve the request before a positive response can be sent. */ function getMessage($realm, $return_to=null, $immediate=false) { if ($return_to) { $return_to = Auth_OpenID::appendArgs($return_to, $this->return_to_args); } else if ($immediate) { // raise ValueError( // '"return_to" is mandatory when //using "checkid_immediate"') ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -