application/libraries/Openid.php

   1 <?php
   2
   3 if (!defined('BASEPATH'))
   4         exit('No direct script access allowed');
   5
   6 /**
   7  * OpenID Library
   8  *
   9  * @package    CodeIgniter
  10  * @author     bardelot, Călin-Andrei Burloiu
  11  * @see        http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
  12  *             & http://openidenabled.com/php-openid/
  13  */
  14 class Openid {
  15
  16         var $storePath = 'tmp';
  17         var $sreg_enable = FALSE;
  18         var $sreg_required = NULL;
  19         var $sreg_optional = NULL;
  20         var $sreg_policy = NULL;
  21         var $pape_enable = FALSE;
  22         var $pape_policy_uris = NULL;
  23         var $ext_args = NULL;
  24         var $request_to;
  25         var $trust_root;
  26
  27         function __construct()
  28         {
  29                 $CI = & get_instance();
  30                 $CI->config->load('openid');
  31                 $this->storePath = $CI->config->item('openid_storepath');
  32
  33                 session_start();
  34                 $this->_do_includes();
  35
  36                 log_message('debug', "OpenID Class Initialized");
  37         }
  38
  39         function _do_includes()
  40         {
  41                 set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
  42
  43                 require_once "Auth/OpenID/Consumer.php";
  44                 require_once "Auth/OpenID/FileStore.php";
  45                 require_once "Auth/OpenID/SReg.php";
  46                 require_once "Auth/OpenID/AX.php";
  47                 require_once "Auth/OpenID/PAPE.php";
  48         }
  49
  50         function set_sreg($enable, $required = NULL, $optional = NULL, $policy = NULL)
  51         {
  52                 $this->sreg_enable = $enable;
  53                 $this->sreg_required = $required;
  54                 $this->sreg_optional = $optional;
  55                 $this->sreg_policy = $policy;
  56         }
  57
  58         function set_pape($enable, $policy_uris = NULL)
  59         {
  60                 $this->pape_enable = $enable;
  61                 $this->pape_policy_uris = $policy_uris;
  62         }
  63
  64         function set_request_to($uri)
  65         {
  66                 $this->request_to = $uri;
  67         }
  68
  69         function set_trust_root($trust_root)
  70         {
  71                 $this->trust_root = $trust_root;
  72         }
  73
  74         function set_args($args)
  75         {
  76                 $this->ext_args = $args;
  77         }
  78
  79         function _set_message($error, $msg, $val = '', $sub = '%s')
  80         {
  81                 $CI = & get_instance();
  82                 $CI->lang->load('openid', 'english');
  83                 echo str_replace($sub, $val, $CI->lang->line($msg));
  84
  85                 if ($error)
  86                 {
  87                         exit;
  88                 }
  89         }
  90
  91         function authenticate($openId)
  92         {
  93                 $consumer = $this->_get_consumer();
  94                 $authRequest = $consumer->begin($openId);
  95
  96                 // No auth request means we can't begin OpenID.
  97                 if (!$authRequest)
  98                 {
  99                         $this->_set_message(TRUE, 'openid_auth_error');
 100                 }
 101
 102                 if ($this->sreg_enable)
 103                 {
 104                         $sreg_request = Auth_OpenID_SRegRequest::build(
 105                                         $this->sreg_required, $this->sreg_optional,
 106                                         $this->sreg_policy);
 107
 108                         if ($sreg_request)
 109                         {
 110                                 $authRequest->addExtension($sreg_request);
 111                         }
 112                         else
 113                         {
 114                                 $this->_set_message(TRUE, 'openid_sreg_failed');
 115                         }
 116                 }
 117
 118
 119
 120                 // *** TODO ***
 121
 122                 // Create attribute request object
 123                 // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
 124                 // Usage: make($type_uri, $count=1, $required=false, $alias=null)
 125                 $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email',2,1, 'email');
 126                 $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first',1,1, 'firstname');
 127                 $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last',1,1, 'lastname');
 128
 129                 // Create AX fetch request
 130                 $ax = new Auth_OpenID_AX_FetchRequest;
 131
 132                 // Add attributes to AX fetch request
 133                 foreach($attribute as $attr){
 134                         $ax->add($attr);
 135                 }
 136
 137                 // Add AX fetch request to authentication request
 138                 $authRequest->addExtension($ax);
 139
 140
 141
 142                 if ($this->pape_enable)
 143                 {
 144                         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
 145
 146                         if ($pape_request)
 147                         {
 148                                 $authRequest->addExtension($pape_request);
 149                         }
 150                         else
 151                         {
 152                                 $this->_set_message(TRUE, 'openid_pape_failed');
 153                         }
 154                 }
 155
 156                 if ($this->ext_args != NULL)
 157                 {
 158                         foreach ($this->ext_args as $extensionArgument)
 159                         {
 160                                 if (count($extensionArgument) == 3)
 161                                 {
 162                                         $authRequest->addExtensionArg($extensionArgument[0],
 163                                                         $extensionArgument[1],
 164                                                         $extensionArgument[2]);
 165                                 }
 166                         }
 167                 }
 168
 169                 // Redirect the user to the OpenID server for authentication.
 170                 // Store the token for this authentication so we can verify the
 171                 // response.
 172                 // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
 173                 // form to send a POST request to the server.
 174                 if ($authRequest->shouldSendRedirect())
 175                 {
 176                         $redirect_url = $authRequest->redirectURL($this->trust_root,
 177                                         $this->request_to);
 178
 179                         // If the redirect URL can't be built, display an error
 180                         // message.
 181                         if (Auth_OpenID::isFailure($redirect_url))
 182                         {
 183                                 $this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message);
 184                         }
 185                         else
 186                         {
 187                                 // Send redirect.
 188                                 header("Location: " . $redirect_url);
 189                         }
 190                 }
 191                 else
 192                 {
 193                         // Generate form markup and render it.
 194                         $form_id = 'openid_message';
 195                         $form_html = $authRequest->htmlMarkup($this->trust_root,
 196                                         $this->request_to, FALSE, array('id' => $form_id));
 197
 198                         // Display an error if the form markup couldn't be generated;
 199                         // otherwise, render the HTML.
 200                         if (Auth_OpenID::isFailure($form_html))
 201                         {
 202                                 $this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message);
 203                         }
 204                         else
 205                         {
 206                                 print $form_html;
 207                         }
 208                 }
 209         }
 210
 211         function get_response()
 212         {
 213                 $consumer = $this->_get_consumer();
 214                 $response = $consumer->complete($this->request_to);
 215
 216                 return $response;
 217         }
 218
 219         function _get_consumer()
 220         {
 221                 if (!file_exists($this->storePath) && !mkdir($this->storePath))
 222                 {
 223                         $this->_set_message(TRUE, 'openid_storepath_failed', $this->storePath);
 224                 }
 225
 226                 $store = new Auth_OpenID_FileStore($this->storePath);
 227                 $consumer = new Auth_OpenID_Consumer($store);
 228
 229                 return $consumer;
 230         }
 231
 232 }