application/libraries/Openid.php

   1 <?php
   2
   3 if (!defined('BASEPATH'))
   4         exit('No direct script access allowed');
   5
   6 /**
   7  * OpenID Library
   8  *
   9  * @package    CodeIgniter
  10  * @author     bardelot, Călin-Andrei Burloiu
  11  * @see        http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
  12  *             & http://openidenabled.com/php-openid/
  13  */
  14 class Openid {
  15
  16         var $storePath = 'tmp';
  17
  18         var $sreg_enable = FALSE;
  19         var $sreg_required = NULL;
  20         var $sreg_optional = NULL;
  21         var $sreg_policy = NULL;
  22         var $ax_enable  = FALSE;
  23         var $ax_attributes = NULL;
  24         var $pape_enable = FALSE;
  25         var $pape_policy_uris = NULL;
  26         var $ext_args = NULL;
  27         var $request_to;
  28         var $trust_root;
  29
  30         function __construct()
  31         {
  32                 $CI = & get_instance();
  33                 $CI->config->load('openid');
  34                 $this->storePath = $CI->config->item('openid_storepath');
  35
  36                 session_start();
  37                 $this->_do_includes();
  38
  39                 log_message('debug', "OpenID Class Initialized");
  40         }
  41
  42         function _do_includes()
  43         {
  44                 set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
  45
  46                 require_once "Auth/OpenID/Consumer.php";
  47                 require_once "Auth/OpenID/FileStore.php";
  48                 require_once "Auth/OpenID/SReg.php";
  49                 require_once "Auth/OpenID/AX.php";
  50                 require_once "Auth/OpenID/PAPE.php";
  51                 require_once "Auth/extensions.php";
  52         }
  53
  54         function set_sreg($enable, $required = NULL, $optional = NULL, $policy = NULL)
  55         {
  56                 $this->sreg_enable = $enable;
  57                 $this->sreg_required = $required;
  58                 $this->sreg_optional = $optional;
  59                 $this->sreg_policy = $policy;
  60         }
  61
  62         function set_ax($enable, $ax_attributes = NULL)
  63         {
  64                 $this->ax_enable = $enable;
  65                 $this->ax_attributes = $ax_attributes;
  66         }
  67
  68         function set_pape($enable, $policy_uris = NULL)
  69         {
  70                 $this->pape_enable = $enable;
  71                 $this->pape_policy_uris = $policy_uris;
  72         }
  73
  74         function set_request_to($uri)
  75         {
  76                 $this->request_to = $uri;
  77         }
  78
  79         function set_trust_root($trust_root)
  80         {
  81                 $this->trust_root = $trust_root;
  82         }
  83
  84         function set_args($args)
  85         {
  86                 $this->ext_args = $args;
  87         }
  88
  89         function _set_message($error, $msg, $val = '', $sub = '%s')
  90         {
  91                 $CI = & get_instance();
  92                 $CI->lang->load('openid', 'english');
  93                 echo str_replace($sub, $val, $CI->lang->line($msg));
  94
  95                 if ($error)
  96                 {
  97                         exit;
  98                 }
  99         }
 100
 101         function authenticate($openId)
 102         {
 103                 $consumer = $this->_get_consumer();
 104                 $authRequest = $consumer->begin($openId);
 105
 106                 // No auth request means we can't begin OpenID.
 107                 if (!$authRequest)
 108                 {
 109                         $this->_set_message(TRUE, 'openid_auth_error');
 110                 }
 111
 112                 if ($this->sreg_enable)
 113                 {
 114                         $sreg_request = Auth_OpenID_SRegRequest::build(
 115                                         $this->sreg_required, $this->sreg_optional,
 116                                         $this->sreg_policy);
 117
 118                         if ($sreg_request)
 119                         {
 120                                 $authRequest->addExtension($sreg_request);
 121                         }
 122                         else
 123                         {
 124                                 $this->_set_message(TRUE, 'openid_sreg_failed');
 125                         }
 126                 }
 127
 128                 if ($this->ax_enable)
 129                 {
 130                         $ax_request = new Auth_OpenID_AX_FetchRequest();
 131
 132                         if ($ax_request)
 133                         {
 134                                 foreach ($this->ax_attributes as $attr)
 135                                         $ax_request->add($attr);
 136                                 $authRequest->addExtension($ax_request);
 137                         }
 138                         else
 139                         {
 140                                 $this->_set_message(TRUE, 'openid_ax_failed');
 141                         }
 142                 }
 143
 144                 if ($this->pape_enable)
 145                 {
 146                         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
 147
 148                         if ($pape_request)
 149                         {
 150                                 $authRequest->addExtension($pape_request);
 151                         }
 152                         else
 153                         {
 154                                 $this->_set_message(TRUE, 'openid_pape_failed');
 155                         }
 156                 }
 157
 158                 if ($this->ext_args != NULL)
 159                 {
 160                         foreach ($this->ext_args as $extensionArgument)
 161                         {
 162                                 if (count($extensionArgument) == 3)
 163                                 {
 164                                         $authRequest->addExtensionArg($extensionArgument[0],
 165                                                         $extensionArgument[1],
 166                                                         $extensionArgument[2]);
 167                                 }
 168                         }
 169                 }
 170
 171                 // Redirect the user to the OpenID server for authentication.
 172                 // Store the token for this authentication so we can verify the
 173                 // response.
 174                 // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
 175                 // form to send a POST request to the server.
 176                 if ($authRequest->shouldSendRedirect())
 177                 {
 178                         $redirect_url = $authRequest->redirectURL($this->trust_root,
 179                                         $this->request_to);
 180
 181                         // If the redirect URL can't be built, display an error
 182                         // message.
 183                         if (Auth_OpenID::isFailure($redirect_url))
 184                         {
 185                                 $this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message);
 186                         }
 187                         else
 188                         {
 189                                 // Send redirect.
 190                                 header("Location: " . $redirect_url);
 191                         }
 192                 }
 193                 else
 194                 {
 195                         // Generate form markup and render it.
 196                         $form_id = 'openid_message';
 197                         $form_html = $authRequest->htmlMarkup($this->trust_root,
 198                                         $this->request_to, FALSE, array('id' => $form_id));
 199
 200                         // Display an error if the form markup couldn't be generated;
 201                         // otherwise, render the HTML.
 202                         if (Auth_OpenID::isFailure($form_html))
 203                         {
 204                                 $this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message);
 205                         }
 206                         else
 207                         {
 208                                 print $form_html;
 209                         }
 210                 }
 211         }
 212
 213         function get_response()
 214         {
 215                 $consumer = $this->_get_consumer();
 216                 $response = $consumer->complete($this->request_to);
 217
 218                 return $response;
 219         }
 220
 221         function _get_consumer()
 222         {
 223                 if (!file_exists($this->storePath) && !mkdir($this->storePath))
 224                 {
 225                         $this->_set_message(TRUE, 'openid_storepath_failed', $this->storePath);
 226                 }
 227
 228                 $store = new Auth_OpenID_FileStore($this->storePath);
 229                 $consumer = new Auth_OpenID_Consumer($store,
 230                                 new Auth_Yadis_CISession());
 231
 232                 return $consumer;
 233         }
 234
 235 }