3 if (!defined('BASEPATH'))
4 exit('No direct script access allowed');
10 * @author bardelot, Călin-Andrei Burloiu
11 * @see http://cakebaker.42dh.com/2007/01/11/cakephp-and-openid/
12 * & http://openidenabled.com/php-openid/
16 var $storePath = 'tmp';
17 var $sreg_enable = FALSE;
18 var $sreg_required = NULL;
19 var $sreg_optional = NULL;
20 var $sreg_policy = NULL;
21 var $pape_enable = FALSE;
22 var $pape_policy_uris = NULL;
27 function __construct()
29 $CI = & get_instance();
30 $CI->config->load('openid');
31 $this->storePath = $CI->config->item('openid_storepath');
34 $this->_do_includes();
36 log_message('debug', "OpenID Class Initialized");
39 function _do_includes()
41 set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path());
43 require_once "Auth/OpenID/Consumer.php";
44 require_once "Auth/OpenID/FileStore.php";
45 require_once "Auth/OpenID/SReg.php";
46 require_once "Auth/OpenID/AX.php";
47 require_once "Auth/OpenID/PAPE.php";
50 function set_sreg($enable, $required = NULL, $optional = NULL, $policy = NULL)
52 $this->sreg_enable = $enable;
53 $this->sreg_required = $required;
54 $this->sreg_optional = $optional;
55 $this->sreg_policy = $policy;
58 function set_pape($enable, $policy_uris = NULL)
60 $this->pape_enable = $enable;
61 $this->pape_policy_uris = $policy_uris;
64 function set_request_to($uri)
66 $this->request_to = $uri;
69 function set_trust_root($trust_root)
71 $this->trust_root = $trust_root;
74 function set_args($args)
76 $this->ext_args = $args;
79 function _set_message($error, $msg, $val = '', $sub = '%s')
81 $CI = & get_instance();
82 $CI->lang->load('openid', 'english');
83 echo str_replace($sub, $val, $CI->lang->line($msg));
91 function authenticate($openId)
93 $consumer = $this->_get_consumer();
94 $authRequest = $consumer->begin($openId);
96 // No auth request means we can't begin OpenID.
99 $this->_set_message(TRUE, 'openid_auth_error');
102 if ($this->sreg_enable)
104 $sreg_request = Auth_OpenID_SRegRequest::build(
105 $this->sreg_required, $this->sreg_optional,
110 $authRequest->addExtension($sreg_request);
114 $this->_set_message(TRUE, 'openid_sreg_failed');
122 // Create attribute request object
123 // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
124 // Usage: make($type_uri, $count=1, $required=false, $alias=null)
125 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
126 'http://axschema.org/contact/email', 1, TRUE);
127 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
128 'http://axschema.org/namePerson/first', 1, TRUE);
129 $attribute[] = Auth_OpenID_AX_AttrInfo::make(
130 'http://axschema.org/namePerson/last', 1, TRUE);
132 // Create AX fetch request
133 $ax = new Auth_OpenID_AX_FetchRequest;
135 // Add attributes to AX fetch request
136 foreach($attribute as $attr){
140 // Add AX fetch request to authentication request
141 $authRequest->addExtension($ax);
145 if ($this->pape_enable)
147 $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
151 $authRequest->addExtension($pape_request);
155 $this->_set_message(TRUE, 'openid_pape_failed');
159 if ($this->ext_args != NULL)
161 foreach ($this->ext_args as $extensionArgument)
163 if (count($extensionArgument) == 3)
165 $authRequest->addExtensionArg($extensionArgument[0],
166 $extensionArgument[1],
167 $extensionArgument[2]);
172 // Redirect the user to the OpenID server for authentication.
173 // Store the token for this authentication so we can verify the
175 // For OpenID 1, send a redirect. For OpenID 2, use a Javascript
176 // form to send a POST request to the server.
177 if ($authRequest->shouldSendRedirect())
179 $redirect_url = $authRequest->redirectURL($this->trust_root,
182 // If the redirect URL can't be built, display an error
184 if (Auth_OpenID::isFailure($redirect_url))
186 $this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message);
191 header("Location: " . $redirect_url);
196 // Generate form markup and render it.
197 $form_id = 'openid_message';
198 $form_html = $authRequest->htmlMarkup($this->trust_root,
199 $this->request_to, FALSE, array('id' => $form_id));
201 // Display an error if the form markup couldn't be generated;
202 // otherwise, render the HTML.
203 if (Auth_OpenID::isFailure($form_html))
205 $this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message);
214 function get_response()
216 $consumer = $this->_get_consumer();
217 $response = $consumer->complete($this->request_to);
222 function _get_consumer()
224 if (!file_exists($this->storePath) && !mkdir($this->storePath))
226 $this->_set_message(TRUE, 'openid_storepath_failed', $this->storePath);
229 $store = new Auth_OpenID_FileStore($this->storePath);
230 $consumer = new Auth_OpenID_Consumer($store);