Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
fea65200
Commit
fea65200
authored
Dec 24, 2013
by
Paul Klimov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OpenId client identiy/claimed_id separation fixed.
parent
46746cd8
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
32 additions
and
36 deletions
+32
-36
OpenId.php
extensions/yii/authclient/OpenId.php
+32
-36
No files found.
extensions/yii/authclient/OpenId.php
View file @
fea65200
...
...
@@ -19,7 +19,6 @@ use Yii;
* @property string $returnUrl authentication return URL.
* @property mixed $identity ???
* @property string $trustRoot client trust root (realm), by default [[\yii\web\Request::hostInfo]] value will be used.
* @property mixed $mode ??? This property is read-only.
*
* @author Paul Klimov <klimov.paul@gmail.com>
* @since 2.0
...
...
@@ -54,8 +53,10 @@ class OpenId extends BaseClient implements ClientInterface
* @var string authentication return URL.
*/
private
$_returnUrl
;
private
$_identity
;
private
$claimed_id
;
private
$_claimedId
;
/**
* @var string client trust root (realm), by default [[\yii\web\Request::hostInfo]] value will be used.
*/
...
...
@@ -103,7 +104,7 @@ class OpenId extends BaseClient implements ClientInterface
}
}
$this
->
_identity
=
$value
;
$this
->
claimed_i
d
=
$value
;
$this
->
_claimedI
d
=
$value
;
}
public
function
getIdentity
()
...
...
@@ -111,7 +112,7 @@ class OpenId extends BaseClient implements ClientInterface
/* We return claimed_id instead of identity,
because the developer should see the claimed identifier,
i.e. what he set as identity, not the op-local identifier (which is what we verify)*/
return
$this
->
claimed_i
d
;
return
$this
->
_claimedI
d
;
}
/**
...
...
@@ -152,11 +153,6 @@ class OpenId extends BaseClient implements ClientInterface
return
$this
->
_trustRoot
;
}
public
function
getMode
()
{
return
empty
(
$this
->
data
[
'openid_mode'
])
?
null
:
$this
->
data
[
'openid_mode'
];
}
/**
* Generates default [[returnUrl]] value.
* @return string default authentication return URL.
...
...
@@ -234,15 +230,15 @@ class OpenId extends BaseClient implements ClientInterface
if
(
$method
==
'HEAD'
)
{
$headers
=
[];
foreach
(
explode
(
"
\n
"
,
$response
)
as
$header
)
{
$pos
=
strpos
(
$header
,
':'
);
$pos
=
strpos
(
$header
,
':'
);
$name
=
strtolower
(
trim
(
substr
(
$header
,
0
,
$pos
)));
$headers
[
$name
]
=
trim
(
substr
(
$header
,
$pos
+
1
));
}
#
Updating claimed_id in case of redirections.
$effective
_u
rl
=
curl_getinfo
(
$curl
,
CURLINFO_EFFECTIVE_URL
);
if
(
$effective
_u
rl
!=
$url
)
{
$this
->
identity
=
$this
->
claimed_id
=
$effective_u
rl
;
//
Updating claimed_id in case of redirections.
$effective
U
rl
=
curl_getinfo
(
$curl
,
CURLINFO_EFFECTIVE_URL
);
if
(
$effective
U
rl
!=
$url
)
{
$this
->
_identity
=
$this
->
_claimedId
=
$effectiveU
rl
;
}
return
$headers
;
...
...
@@ -306,17 +302,17 @@ class OpenId extends BaseClient implements ClientInterface
]);
$url
=
$url
.
(
$params
?
'?'
.
$params
:
''
);
$headers
_t
mp
=
get_headers
(
$url
);
if
(
!
$headers_tmp
)
{
$headers
T
mp
=
get_headers
(
$url
);
if
(
empty
(
$headersTmp
)
)
{
return
[];
}
// Parsing headers.
$headers
=
[];
foreach
(
$headers
_t
mp
as
$header
)
{
foreach
(
$headers
T
mp
as
$header
)
{
$pos
=
strpos
(
$header
,
':'
);
$name
=
strtolower
(
trim
(
substr
(
$header
,
0
,
$pos
)));
$headers
[
$name
]
=
trim
(
substr
(
$header
,
$pos
+
1
));
$headers
[
$name
]
=
trim
(
substr
(
$header
,
$pos
+
1
));
/* Following possible redirections. The point is just to have
claimed_id change with them, because get_headers() will
...
...
@@ -325,12 +321,12 @@ class OpenId extends BaseClient implements ClientInterface
If any known provider uses them, file a bug report.*/
if
(
$name
==
'location'
)
{
if
(
strpos
(
$headers
[
$name
],
'http'
)
===
0
)
{
$this
->
identity
=
$this
->
claimed_i
d
=
$headers
[
$name
];
$this
->
_identity
=
$this
->
_claimedI
d
=
$headers
[
$name
];
}
elseif
(
$headers
[
$name
][
0
]
==
'/'
)
{
$parsed
_url
=
parse_url
(
$this
->
claimed_i
d
);
$this
->
identity
=
$this
->
claimed_id
=
$parsed_u
rl
[
'scheme'
]
.
'://'
.
$parsed
_u
rl
[
'host'
]
$parsed
Url
=
parse_url
(
$this
->
_claimedI
d
);
$this
->
_
identity
=
$this
->
_claimedId
=
$parsedU
rl
[
'scheme'
]
.
'://'
.
$parsed
U
rl
[
'host'
]
.
$headers
[
$name
];
}
}
...
...
@@ -487,7 +483,7 @@ class OpenId extends BaseClient implements ClientInterface
$server
=
$server
[
1
];
if
(
isset
(
$delegate
[
2
]))
{
$this
->
identity
=
trim
(
$delegate
[
2
]);
$this
->
_
identity
=
trim
(
$delegate
[
2
]);
}
$result
[
'url'
]
=
$server
;
...
...
@@ -508,7 +504,7 @@ class OpenId extends BaseClient implements ClientInterface
$server
=
$server
[
1
];
if
(
isset
(
$delegate
[
1
]))
{
$this
->
identity
=
$delegate
[
1
];
$this
->
_
identity
=
$delegate
[
1
];
}
$result
[
'url'
]
=
$server
;
...
...
@@ -556,7 +552,7 @@ class OpenId extends BaseClient implements ClientInterface
// We found an OpenID2 OP Endpoint
if
(
$delegate
)
{
// We have also found an OP-Local ID.
$this
->
identity
=
$delegate
;
$this
->
_
identity
=
$delegate
;
}
$result
[
'url'
]
=
$server
;
$result
[
'version'
]
=
$version
;
...
...
@@ -662,8 +658,8 @@ class OpenId extends BaseClient implements ClientInterface
/* If we have an openid.delegate that is different from our claimed id,
we need to somehow preserve the claimed id between requests.
The simplest way is to just send it along with the return_to url.*/
if
(
$this
->
identity
!=
$this
->
claimed_i
d
)
{
$returnUrl
.=
(
strpos
(
$returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$this
->
claimed_i
d
;
if
(
$this
->
_identity
!=
$this
->
_claimedI
d
)
{
$returnUrl
.=
(
strpos
(
$returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$this
->
_claimedI
d
;
}
$params
=
array_merge
(
...
...
@@ -671,7 +667,7 @@ class OpenId extends BaseClient implements ClientInterface
[
'openid.return_to'
=>
$returnUrl
,
'openid.mode'
=>
'checkid_setup'
,
'openid.identity'
=>
$this
->
identity
,
'openid.identity'
=>
$this
->
_
identity
,
'openid.trust_root'
=>
$this
->
trustRoot
,
]
);
...
...
@@ -708,21 +704,21 @@ class OpenId extends BaseClient implements ClientInterface
$params
[
'openid.identity'
]
=
$url
;
$params
[
'openid.claimed_id'
]
=
$url
;
}
else
{
$params
[
'openid.identity'
]
=
$this
->
identity
;
$params
[
'openid.claimed_id'
]
=
$this
->
claimed_i
d
;
$params
[
'openid.identity'
]
=
$this
->
_
identity
;
$params
[
'openid.claimed_id'
]
=
$this
->
_claimedI
d
;
}
return
$this
->
buildUrl
(
parse_url
(
$serverInfo
[
'url'
]),
[
'query'
=>
http_build_query
(
$params
,
''
,
'&'
)]);
}
/**
* Returns authentication URL. Usually, you want to redirect your user to it.
* @param boolean $identifierSelect whether to request OP to select identity for an user in OpenID 2
. D
oes not affect OpenID 1.
* @param boolean $identifierSelect whether to request OP to select identity for an user in OpenID 2
, d
oes not affect OpenID 1.
* @return string the authentication URL.
* @throws Exception on failure.
*/
public
function
buildAuthUrl
(
$identifierSelect
=
null
)
{
$serverInfo
=
$this
->
discover
(
$this
->
identity
);
$serverInfo
=
$this
->
discover
(
$this
->
_
identity
);
if
(
$serverInfo
[
'version'
]
==
2
)
{
if
(
$identifierSelect
!==
null
)
{
$serverInfo
[
'identifierSelect'
]
=
$identifierSelect
;
...
...
@@ -739,7 +735,7 @@ class OpenId extends BaseClient implements ClientInterface
*/
public
function
validate
()
{
$this
->
claimed_i
d
=
isset
(
$this
->
data
[
'openid_claimed_id'
])
?
$this
->
data
[
'openid_claimed_id'
]
:
$this
->
data
[
'openid_identity'
];
$this
->
_claimedI
d
=
isset
(
$this
->
data
[
'openid_claimed_id'
])
?
$this
->
data
[
'openid_claimed_id'
]
:
$this
->
data
[
'openid_identity'
];
$params
=
[
'openid.assoc_handle'
=>
$this
->
data
[
'openid_assoc_handle'
],
'openid.signed'
=>
$this
->
data
[
'openid_signed'
],
...
...
@@ -754,7 +750,7 @@ class OpenId extends BaseClient implements ClientInterface
}
elseif
(
isset
(
$this
->
data
[
'openid_claimed_id'
])
&&
$this
->
data
[
'openid_claimed_id'
]
!=
$this
->
data
[
'openid_identity'
])
{
// If it's an OpenID 1 provider, and we've got claimed_id,
// we have to append it to the returnUrl, like authUrl_v1 does.
$this
->
returnUrl
.=
(
strpos
(
$this
->
returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$this
->
claimed_i
d
;
$this
->
returnUrl
.=
(
strpos
(
$this
->
returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$this
->
_claimedI
d
;
}
if
(
$this
->
data
[
'openid_return_to'
]
!=
$this
->
returnUrl
)
{
...
...
@@ -763,7 +759,7 @@ class OpenId extends BaseClient implements ClientInterface
return
false
;
}
$serverInfo
=
$this
->
discover
(
$this
->
claimed_i
d
);
$serverInfo
=
$this
->
discover
(
$this
->
_claimedI
d
);
foreach
(
explode
(
','
,
$this
->
data
[
'openid_signed'
])
as
$item
)
{
/* Checking whether magic_quotes_gpc is turned on, because
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment