application/libraries/Openid.php

   1 <?php
   2
   3 if (!defined('BASEPATH'))
   4         exit('No direct script access allowed');
   5
   6 /**
   7  * OpenID Library
   8  *
   9  * @package    CodeIgniter
  10  * @author     bardelot, Călin-Andrei Burloiu
  11  * @see        http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
  12  *             & http://openidenabled.com/php-openid/
  13  */
  14 class Openid {
  15
  16         var $storePath = 'tmp';
  17         var $sreg_enable = FALSE;
  18         var $sreg_required = NULL;
  19         var $sreg_optional = NULL;
  20         var $sreg_policy = NULL;
  21         var $pape_enable = FALSE;
  22         var $pape_policy_uris = NULL;
  23         var $ext_args = NULL;
  24         var $request_to;
  25         var $trust_root;
  26
  27         function __construct()
  28         {
  29                 $CI = & get_instance();
  30                 $CI->config->load('openid');
  31                 $this->storePath = $CI->config->item('openid_storepath');
  32
  33                 session_start();
  34                 $this->_do_includes();
  35
  36                 log_message('debug', "OpenID Class Initialized");
  37         }
  38
  39         function _do_includes()
  40         {
  41                 set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
  42
  43                 require_once "Auth/OpenID/Consumer.php";
  44                 require_once "Auth/OpenID/FileStore.php";
  45                 require_once "Auth/OpenID/SReg.php";
  46                 require_once "Auth/OpenID/AX.php";
  47                 require_once "Auth/OpenID/PAPE.php";
  48         }
  49
  50         function set_sreg($enable, $required = NULL, $optional = NULL, $policy = NULL)
  51         {
  52                 $this->sreg_enable = $enable;
  53                 $this->sreg_required = $required;
  54                 $this->sreg_optional = $optional;
  55                 $this->sreg_policy = $policy;
  56         }
  57
  58         function set_pape($enable, $policy_uris = NULL)
  59         {
  60                 $this->pape_enable = $enable;
  61                 $this->pape_policy_uris = $policy_uris;
  62         }
  63
  64         function set_request_to($uri)
  65         {
  66                 $this->request_to = $uri;
  67         }
  68
  69         function set_trust_root($trust_root)
  70         {
  71                 $this->trust_root = $trust_root;
  72         }
  73
  74         function set_args($args)
  75         {
  76                 $this->ext_args = $args;
  77         }
  78
  79         function _set_message($error, $msg, $val = '', $sub = '%s')
  80         {
  81                 $CI = & get_instance();
  82                 $CI->lang->load('openid', 'english');
  83                 echo str_replace($sub, $val, $CI->lang->line($msg));
  84
  85                 if ($error)
  86                 {
  87                         exit;
  88                 }
  89         }
  90
  91         function authenticate($openId)
  92         {
  93                 $consumer = $this->_get_consumer();
  94                 $authRequest = $consumer->begin($openId);
  95
  96                 // No auth request means we can't begin OpenID.
  97                 if (!$authRequest)
  98                 {
  99                         $this->_set_message(TRUE, 'openid_auth_error');
 100                 }
 101
 102                 if ($this->sreg_enable)
 103                 {
 104                         $sreg_request = Auth_OpenID_SRegRequest::build(
 105                                         $this->sreg_required, $this->sreg_optional,
 106                                         $this->sreg_policy);
 107
 108                         if ($sreg_request)
 109                         {
 110                                 $authRequest->addExtension($sreg_request);
 111                         }
 112                         else
 113                         {
 114                                 $this->_set_message(TRUE, 'openid_sreg_failed');
 115                         }
 116                 }
 117
 118
 119
 120                 // *** TODO ***
 121
 122                 // Create attribute request object
 123                 // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
 124                 // Usage: make($type_uri, $count=1, $required=false, $alias=null)
 125                 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
 126                                 'http://axschema.org/contact/email', 1, TRUE);
 127                 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
 128                                 'http://axschema.org/namePerson/first', 1, TRUE);
 129                 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
 130                                 'http://axschema.org/namePerson/last', 1, TRUE);
 131
 132                 // Create AX fetch request
 133                 $ax = new Auth_OpenID_AX_FetchRequest;
 134
 135                 // Add attributes to AX fetch request
 136                 foreach($attribute as $attr){
 137                         $ax->add($attr);
 138                 }
 139
 140                 // Add AX fetch request to authentication request
 141                 $authRequest->addExtension($ax);
 142
 143
 144
 145                 if ($this->pape_enable)
 146                 {
 147                         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
 148
 149                         if ($pape_request)
 150                         {
 151                                 $authRequest->addExtension($pape_request);
 152                         }
 153                         else
 154                         {
 155                                 $this->_set_message(TRUE, 'openid_pape_failed');
 156                         }
 157                 }
 158
 159                 if ($this->ext_args != NULL)
 160                 {
 161                         foreach ($this->ext_args as $extensionArgument)
 162                         {
 163                                 if (count($extensionArgument) == 3)
 164                                 {
 165                                         $authRequest->addExtensionArg($extensionArgument[0],
 166                                                         $extensionArgument[1],
 167                                                         $extensionArgument[2]);
 168                                 }
 169                         }
 170                 }
 171
 172                 // Redirect the user to the OpenID server for authentication.
 173                 // Store the token for this authentication so we can verify the
 174                 // response.
 175                 // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
 176                 // form to send a POST request to the server.
 177                 if ($authRequest->shouldSendRedirect())
 178                 {
 179                         $redirect_url = $authRequest->redirectURL($this->trust_root,
 180                                         $this->request_to);
 181
 182                         // If the redirect URL can't be built, display an error
 183                         // message.
 184                         if (Auth_OpenID::isFailure($redirect_url))
 185                         {
 186                                 $this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message);
 187                         }
 188                         else
 189                         {
 190                                 // Send redirect.
 191                                 header("Location: " . $redirect_url);
 192                         }
 193                 }
 194                 else
 195                 {
 196                         // Generate form markup and render it.
 197                         $form_id = 'openid_message';
 198                         $form_html = $authRequest->htmlMarkup($this->trust_root,
 199                                         $this->request_to, FALSE, array('id' => $form_id));
 200
 201                         // Display an error if the form markup couldn't be generated;
 202                         // otherwise, render the HTML.
 203                         if (Auth_OpenID::isFailure($form_html))
 204                         {
 205                                 $this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message);
 206                         }
 207                         else
 208                         {
 209                                 print $form_html;
 210                         }
 211                 }
 212         }
 213
 214         function get_response()
 215         {
 216                 $consumer = $this->_get_consumer();
 217                 $response = $consumer->complete($this->request_to);
 218
 219                 return $response;
 220         }
 221
 222         function _get_consumer()
 223         {
 224                 if (!file_exists($this->storePath) && !mkdir($this->storePath))
 225                 {
 226                         $this->_set_message(TRUE, 'openid_storepath_failed', $this->storePath);
 227                 }
 228
 229                 $store = new Auth_OpenID_FileStore($this->storePath);
 230                 $consumer = new Auth_OpenID_Consumer($store);
 231
 232                 return $consumer;
 233         }
 234
 235 }