Changeset 26555
- Timestamp:
- Jan 9, 2014, 6:11:33 PM (10 years ago)
- Location:
- extensions/oAuth
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/oAuth/admin/template/providers.tpl
r20625 r26555 69 69 <td class="keys" {if not $CONFIG[$p].enabled}style="display:none;"{/if}> 70 70 {if $provider.require_client_id} 71 <label for="{$p}_app_id">Application ID</label>71 <label for="{$p}_app_id">Application/Client ID</label> 72 72 <input type="text" id="{$p}_app_id" name="providers[{$p}][keys][id]" value="{$CONFIG[$p].keys.id}"> 73 73 {else} … … 88 88 89 89 {if $p=='Google'} 90 <li>{'On the <b>API Access</b> tab, <b>create an OAuth 2.0 Client ID</b>'|@translate}</li> 91 <li>{'Fill out any required fields such as the application name and description'|@translate}</li> 92 <li>{'On the <b>Create Client ID</b> popup, switch to advanced settings by clicking on <b>(more options)</b>'|@translate}</li> 90 <li>{'On the <b>APIs & auth -> Credentials</b> tab, <b>Create new client ID</b>'|@translate}</li> 93 91 {else} 94 92 <li>{'Fill out any required fields such as the application name and description'|@translate}</li> … … 105 103 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Redirect Domain</b>':$SERVERNAME}</li> 106 104 {elseif $p=='Facebook'} 107 <li>{' Set the <b>%s</b> to <em>%s</em>'|@translate|sprintf:'application type':'Website with facebook authentication'}</li>108 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b> Site Url</b>, <b>App Domains</b>':$SERVERNAME}</li>105 <li>{'Go to <b>Settings->Advanced</b> and activate <em>Client OAuth Login</em>.'|translate}</li> 106 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Valid OAuth redirect URIs</b>':$SERVERNAME}</li> 109 107 {elseif $p=='LinkedIn'} 110 108 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Website URL</b>':$SERVERNAME}</li> 111 <li>{'Set the <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Application Type':'Web Application'}</li> 109 <li>{'Set <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Application Type':'Web Application'}</li> 110 <li>{'Set <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Default Scope':'r_basicprofile & r_emailaddress'}</li> 112 111 {elseif $p=='Yahoo'} 113 112 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Application URL</b>, <b>Application Domain</b>':$SERVERNAME}</li> 114 <li>{'Set the<b>%s</b> to <em>%s</em>'|@translate|sprintf:'Kind of Application':'Web-based'}</li>115 <li>{'Set the<b>%s</b> to <em>%s</em>'|@translate|sprintf:'Access Scopes':'This app will only access public...'}</li>113 <li>{'Set <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Kind of Application':'Web-based'}</li> 114 <li>{'Set <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Access Scopes':'This app will only access public...'}</li> 116 115 <li>{'Once the application is registered update the permissions : set <b>Contacts</b> as <em>Read</em> and <b>Social Directory</b> as <em>Read Public</em>'|@translate}</li> 117 116 {elseif $p=='Twitter'} 118 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Application Website</b>, <b>Application Callback URL</b>':$SERVERNAME}</li> 119 <li>{'Set the <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Default Access Type':'Read only'}</li> 117 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Website</b>, <b>Callback URL</b>':$SERVERNAME}</li> 120 118 {elseif $p=='Tumblr'} 121 119 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Application Website</b>, <b>Default Callback URL</b>':$SERVERNAME}</li> 122 120 {elseif $p=='Instagram'} 123 121 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Website</b>':$SERVERNAME}</li> 122 {elseif $p=='Google'} 123 <li>{'Set <b>%s</b> to <em>%s</em>'|@translate|sprintf:'Application Type':'Web Application'}</li> 124 <li>{'Put your website domain in the %s fields. It should match with the current hostname: <em>%s</em>'|@translate|sprintf:'<b>Authorized Javascript origins </b>':$SERVERNAME}</li> 124 125 {/if} 125 126 -
extensions/oAuth/include/hybridauth/Hybrid/Auth.php
r20293 r26555 15 15 class Hybrid_Auth 16 16 { 17 public static $version = "2.1. 1-dev";17 public static $version = "2.1.2"; 18 18 19 19 public static $config = array(); … … 250 250 $params = Hybrid_Auth::storage()->get( "hauth_session.$providerId.id_provider_params" ); 251 251 252 Hybrid_Logger::debug( "Hybrid_Auth::setup( $providerId ), no params given. Trying to get the s tored for this provider.", $params );252 Hybrid_Logger::debug( "Hybrid_Auth::setup( $providerId ), no params given. Trying to get the sotred for this provider.", $params ); 253 253 } 254 254 … … 387 387 388 388 // use port if non default 389 $url .= 390 isset( $_SERVER['SERVER_PORT'] ) 391 &&( ($protocol === 'http://' && $_SERVER['SERVER_PORT'] != 80) || ($protocol === 'https://' && $_SERVER['SERVER_PORT'] != 443) ) 392 ? ':' . $_SERVER['SERVER_PORT'] 393 : ''; 389 if( isset( $_SERVER['SERVER_PORT'] ) && strpos( $url, ':'.$_SERVER['SERVER_PORT'] ) === FALSE ) { 390 $url .= ($protocol === 'http://' && $_SERVER['SERVER_PORT'] != 80 && !isset( $_SERVER['HTTP_X_FORWARDED_PROTO'])) 391 || ($protocol === 'https://' && $_SERVER['SERVER_PORT'] != 443 && !isset( $_SERVER['HTTP_X_FORWARDED_PROTO'])) 392 ? ':' . $_SERVER['SERVER_PORT'] 393 : ''; 394 } 394 395 395 396 if( $request_uri ){ -
extensions/oAuth/include/hybridauth/Hybrid/Endpoint.php
r20293 r26555 198 198 199 199 $storage = new Hybrid_Storage(); 200 200 201 201 // Check if Hybrid_Auth session already exist 202 202 if ( ! $storage->config( "CONFIG" ) ) { 203 203 header( "HTTP/1.0 404 Not Found" ); 204 die( "You cannot access this page directly. 2" );204 die( "You cannot access this page directly." ); 205 205 } 206 206 -
extensions/oAuth/include/hybridauth/Hybrid/Provider_Adapter.php
r20293 r26555 140 140 // move on 141 141 Hybrid_Logger::debug( "Hybrid_Provider_Adapter::login( {$this->id} ), redirect the user to login_start URL." ); 142 142 143 143 Hybrid_Auth::redirect( $this->params["login_start"] ); 144 144 } -
extensions/oAuth/include/hybridauth/Hybrid/Providers/Facebook.php
r20293 r26555 31 31 require_once Hybrid_Auth::$config["path_libraries"] . "Facebook/facebook.php"; 32 32 } 33 34 if ( isset ( Hybrid_Auth::$config["proxy"] ) ) { 35 BaseFacebook::$CURL_OPTS[CURLOPT_PROXY] = Hybrid_Auth::$config["proxy"]; 36 } 33 37 34 38 $this->api = new Facebook( ARRAY( 'appId' => $this->config["keys"]["id"], 'secret' => $this->config["keys"]["secret"] ) ); … … 128 132 $this->user->profile->firstName = (array_key_exists('first_name',$data))?$data['first_name']:""; 129 133 $this->user->profile->lastName = (array_key_exists('last_name',$data))?$data['last_name']:""; 130 $this->user->profile->photoURL = "https://graph.facebook.com/" . $this->user->profile->identifier . "/picture? type=square";134 $this->user->profile->photoURL = "https://graph.facebook.com/" . $this->user->profile->identifier . "/picture?width=150&height=150"; 131 135 $this->user->profile->profileURL = (array_key_exists('link',$data))?$data['link']:""; 132 136 $this->user->profile->webSiteURL = (array_key_exists('website',$data))?$data['website']:""; … … 172 176 $uc->displayName = (array_key_exists("name",$item))?$item["name"]:""; 173 177 $uc->profileURL = "https://www.facebook.com/profile.php?id=" . $uc->identifier; 174 $uc->photoURL = "https://graph.facebook.com/" . $uc->identifier . "/picture? type=square";178 $uc->photoURL = "https://graph.facebook.com/" . $uc->identifier . "/picture?width=150&height=150"; 175 179 176 180 $contacts[] = $uc; -
extensions/oAuth/include/hybridauth/Hybrid/Providers/Instagram.php
r20293 r26555 34 34 35 35 if ( $data->meta->code != 200 ){ 36 throw new Exception( "User profile request failed! {$this->providerId} returned an invalid eresponse.", 6 );36 throw new Exception( "User profile request failed! {$this->providerId} returned an invalid response.", 6 ); 37 37 } 38 38 -
extensions/oAuth/include/hybridauth/Hybrid/Providers/Twitter.php
r20293 r26555 18 18 parent::initialize(); 19 19 20 // Provider api end-points 21 $this->api->api_base_url = "https://api.twitter.com/1 /";20 // Provider api end-points 21 $this->api->api_base_url = "https://api.twitter.com/1.1/"; 22 22 $this->api->authorize_url = "https://api.twitter.com/oauth/authenticate"; 23 23 $this->api->request_token_url = "https://api.twitter.com/oauth/request_token"; 24 24 $this->api->access_token_url = "https://api.twitter.com/oauth/access_token"; 25 25 26 if ( isset( $this->config['api_version'] ) && $this->config['api_version'] ){ 27 $this->api->api_base_url = "https://api.twitter.com/{$this->config['api_version']}/"; 28 } 29 30 if ( isset( $this->config['authorize'] ) && $this->config['authorize'] ){ 31 $this->api->authorize_url = "https://api.twitter.com/oauth/authorize"; 32 } 33 26 34 $this->api->curl_auth_header = false; 27 35 } 36 37 /** 38 * begin login step 39 */ 40 function loginBegin() 41 { 42 $tokens = $this->api->requestToken( $this->endpoint ); 43 44 // request tokens as recived from provider 45 $this->request_tokens_raw = $tokens; 46 47 // check the last HTTP status code returned 48 if ( $this->api->http_code != 200 ){ 49 throw new Exception( "Authentification failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus( $this->api->http_code ), 5 ); 50 } 51 52 if ( ! isset( $tokens["oauth_token"] ) ){ 53 throw new Exception( "Authentification failed! {$this->providerId} returned an invalid oauth token.", 5 ); 54 } 55 56 $this->token( "request_token" , $tokens["oauth_token"] ); 57 $this->token( "request_token_secret", $tokens["oauth_token_secret"] ); 58 59 // redirect the user to the provider authentication url with force_login 60 if ( isset( $this->config['force_login'] ) && $this->config['force_login'] ){ 61 Hybrid_Auth::redirect( $this->api->authorizeUrl( $tokens, array( 'force_login' => true ) ) ); 62 } 63 64 // else, redirect the user to the provider authentication url 65 Hybrid_Auth::redirect( $this->api->authorizeUrl( $tokens ) ); 66 } 28 67 29 68 /** -
extensions/oAuth/include/hybridauth/Hybrid/Storage.php
r20369 r26555 28 28 29 29 if( $value ){ 30 $_SESSION["HA::CONFIG"][$key] = serialize( $value);30 $_SESSION["HA::CONFIG"][$key] = serialize( $value ); 31 31 } 32 32 elseif( isset( $_SESSION["HA::CONFIG"][$key] ) ){ 33 return unserialize( $_SESSION["HA::CONFIG"][$key]);33 return unserialize( $_SESSION["HA::CONFIG"][$key] ); 34 34 } 35 35 … … 42 42 43 43 if( isset( $_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key] ) ){ 44 return unserialize( $_SESSION["HA::STORE"][$key]);44 return unserialize( $_SESSION["HA::STORE"][$key] ); 45 45 } 46 46 … … 52 52 $key = strtolower( $key ); 53 53 54 $_SESSION["HA::STORE"][$key] = serialize( $value);54 $_SESSION["HA::STORE"][$key] = serialize( $value ); 55 55 } 56 56 … … 65 65 66 66 if( isset( $_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key] ) ){ 67 unset( $_SESSION["HA::STORE"][$key] ); 67 $f = $_SESSION['HA::STORE']; 68 unset($f[$key]); 69 $_SESSION["HA::STORE"] = $f; 68 70 } 69 71 } … … 74 76 75 77 if( isset( $_SESSION["HA::STORE"] ) && count( $_SESSION["HA::STORE"] ) ) { 76 foreach( $_SESSION["HA::STORE"] as $k => $v ){ 78 $f = $_SESSION['HA::STORE']; 79 foreach( $f as $k => $v ){ 77 80 if( strstr( $k, $key ) ){ 78 unset( $ _SESSION["HA::STORE"][ $k ] );81 unset( $f[ $k ] ); 79 82 } 80 83 } 84 $_SESSION["HA::STORE"] = $f; 85 81 86 } 82 87 } … … 85 90 { 86 91 if( isset( $_SESSION["HA::STORE"] ) ){ 87 return $_SESSION["HA::STORE"];92 return serialize( $_SESSION["HA::STORE"] ); 88 93 } 89 94 … … 93 98 function restoreSessionData( $sessiondata = NULL ) 94 99 { 95 $_SESSION["HA::STORE"] = $sessiondata;100 $_SESSION["HA::STORE"] = unserialize( $sessiondata ); 96 101 } 97 102 } -
extensions/oAuth/include/hybridauth/Hybrid/thirdparty/LinkedIn/LinkedIn.php
r20293 r26555 124 124 const _URL_AUTH = 'https://www.linkedin.com/uas/oauth/authenticate?oauth_token='; 125 125 // const _URL_REQUEST = 'https://api.linkedin.com/uas/oauth/requestToken'; 126 const _URL_REQUEST = 'https://api.linkedin.com/uas/oauth/requestToken?scope=r_basicprofile+r_emailaddress ';126 const _URL_REQUEST = 'https://api.linkedin.com/uas/oauth/requestToken?scope=r_basicprofile+r_emailaddress+rw_nus'; 127 127 const _URL_REVOKE = 'https://api.linkedin.com/uas/oauth/invalidateToken'; 128 128 -
extensions/oAuth/include/hybridauth/Hybrid/thirdparty/OpenID/LightOpenID.php
r20293 r26555 1 1 <?php 2 // http://gitorious.org/lightopenid 3 // updated 29/12/2012 2 // https://github.com/iignatov/LightOpenID 4 3 5 4 /** 6 * This class provides a simple interface for OpenID (1.1 and 2.0)authentication.7 * Supports Yadis discovery.8 * The authentication process is stateless/dumb.5 * This class provides a simple interface for OpenID 1.1/2.0 authentication. 6 * 7 * It requires PHP >= 5.1.2 with cURL or HTTP/HTTPS stream wrappers enabled. 9 8 * 10 * Usage: 11 * Sign-on with OpenID is a two step process: 12 * Step one is authentication with the provider: 13 * <code> 14 * $openid = new LightOpenID('my-host.example.org'); 15 * $openid->identity = 'ID supplied by user'; 16 * header('Location: ' . $openid->authUrl()); 17 * </code> 18 * The provider then sends various parameters via GET, one of them is openid_mode. 19 * Step two is verification: 20 * <code> 21 * $openid = new LightOpenID('my-host.example.org'); 22 * if ($openid->mode) { 23 * echo $openid->validate() ? 'Logged in.' : 'Failed'; 24 * } 25 * </code> 26 * 27 * Change the 'my-host.example.org' to your domain name. Do NOT use $_SERVER['HTTP_HOST'] 28 * for that, unless you know what you are doing. 29 * 30 * Optionally, you can set $returnUrl and $realm (or $trustRoot, which is an alias). 31 * The default values for those are: 32 * $openid->realm = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; 33 * $openid->returnUrl = $openid->realm . $_SERVER['REQUEST_URI']; 34 * If you don't know their meaning, refer to any openid tutorial, or specification. Or just guess. 35 * 36 * AX and SREG extensions are supported. 37 * To use them, specify $openid->required and/or $openid->optional before calling $openid->authUrl(). 38 * These are arrays, with values being AX schema paths (the 'path' part of the URL). 39 * For example: 40 * $openid->required = array('namePerson/friendly', 'contact/email'); 41 * $openid->optional = array('namePerson/first'); 42 * If the server supports only SREG or OpenID 1.1, these are automaticaly 43 * mapped to SREG names, so that user doesn't have to know anything about the server. 44 * 45 * To get the values, use $openid->getAttributes(). 46 * 47 * 48 * The library requires PHP >= 5.1.2 with curl or http/https stream wrappers enabled. 9 * @version v1.1.2 2013-01-15 10 * @link http://gitorious.org/lightopenid Official Repo 11 * @link http://github.com/iignatov/LightOpenID GitHub Clone 49 12 * @author Mewp 50 13 * @copyright Copyright (c) 2010, Mewp 51 * @license http://www.opensource.org/licenses/mit-license.php MIT 14 * @license http://www.opensource.org/licenses/mit-license.php MIT License 52 15 */ 53 16 class LightOpenID … … 59 22 , $capath = null 60 23 , $cainfo = null 61 , $data; 24 , $data 25 , $oauth = array(); 62 26 private $identity, $claimed_id; 63 27 protected $server, $version, $trustRoot, $aliases, $identifier_select = false 64 , $ax = false, $sreg = false, $setup_url = null, $headers = array(); 28 , $ax = false, $sreg = false, $setup_url = null, $headers = array(), $proxy = null 29 , $xrds_override_pattern = null, $xrds_override_replacement = null; 65 30 static protected $ax_to_sreg = array( 66 31 'namePerson/friendly' => 'nickname', … … 75 40 ); 76 41 77 function __construct($host )42 function __construct($host, $proxy = null) 78 43 { 79 44 $this->trustRoot = (strpos($host, '://') ? $host : 'http://' . $host); … … 88 53 $this->trustRoot = substr($this->trustRoot, 0, $host_end); 89 54 } 55 56 $this->set_proxy($proxy); 90 57 91 58 $uri = rtrim(preg_replace('#((?<=\?)|&)openid\.[^&]+#', '', $_SERVER['REQUEST_URI']), '?'); … … 118 85 case 'realm': 119 86 $this->trustRoot = trim($value); 87 break; 88 case 'xrdsOverride': 89 if (is_array($value)) { 90 list($pattern, $replacement) = $value; 91 $this->xrds_override_pattern = $pattern; 92 $this->xrds_override_replacement = $replacement; 93 } else { 94 trigger_error('Invalid value specified for "xrdsOverride".', E_USER_ERROR); 95 } 96 break; 120 97 } 121 98 } … … 136 113 } 137 114 } 115 116 function set_proxy($proxy) 117 { 118 if (!empty($proxy)) { 119 // When the proxy is a string - try to parse it. 120 if (!is_array($proxy)) { 121 $proxy = parse_url($proxy); 122 } 123 124 // Check if $proxy is valid after the parsing. 125 if ($proxy && !empty($proxy['host'])) { 126 // Make sure that a valid port number is specified. 127 if (array_key_exists('port', $proxy)) { 128 if (!is_int($proxy['port'])) { 129 $proxy['port'] = is_numeric($proxy['port']) ? intval($proxy['port']) : 0; 130 } 131 132 if ($proxy['port'] <= 0) { 133 throw new ErrorException('The specified proxy port number is invalid.'); 134 } 135 } 136 137 $this->proxy = $proxy; 138 } 139 } 140 } 138 141 139 142 /** … … 167 170 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 168 171 curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*')); 172 173 if (!empty($this->proxy)) { 174 curl_setopt($curl, CURLOPT_PROXY, $this->proxy['host']); 175 176 if (!empty($this->proxy['port'])) { 177 curl_setopt($curl, CURLOPT_PROXYPORT, $this->proxy['port']); 178 } 179 180 if (!empty($this->proxy['user'])) { 181 curl_setopt($curl, CURLOPT_PROXYUSERPWD, $this->proxy['user'] . ':' . $this->proxy['pass']); 182 } 183 } 169 184 170 185 if($this->verify_peer !== null) { … … 285 300 ); 286 301 $url = $url . ($params ? '?' . $params : ''); 302 if (!empty($this->proxy)) { 303 $opts['http']['proxy'] = $this->proxy_url(); 304 } 287 305 break; 288 306 case 'POST': … … 297 315 ), 298 316 ); 317 if (!empty($this->proxy)) { 318 $opts['http']['proxy'] = $this->proxy_url(); 319 } 299 320 break; 300 321 case 'HEAD': 301 # We want to send a HEAD request, 302 # but since get_headers doesn't accept $context parameter, 303 # we have to change the defaults. 322 // We want to send a HEAD request, but since get_headers() doesn't 323 // accept $context parameter, we have to change the defaults. 304 324 $default = stream_context_get_options(stream_context_get_default()); 305 stream_context_get_default( 306 array( 307 'http' => array( 308 'method' => 'HEAD', 309 'header' => 'Accept: application/xrds+xml, */*', 310 'ignore_errors' => true, 311 ), 'ssl' => array( 312 'CN_match' => parse_url($url, PHP_URL_HOST), 313 ), 325 326 // PHP does not reset all options. Instead, it just sets the options 327 // available in the passed array, therefore set the defaults manually. 328 $default += array( 329 'http' => array(), 330 'ssl' => array() 331 ); 332 $default['http'] += array( 333 'method' => 'GET', 334 'header' => '', 335 'ignore_errors' => false 336 ); 337 $default['ssl'] += array( 338 'CN_match' => '' 339 ); 340 341 $opts = array( 342 'http' => array( 343 'method' => 'HEAD', 344 'header' => 'Accept: application/xrds+xml, */*', 345 'ignore_errors' => true, 346 ), 347 'ssl' => array( 348 'CN_match' => parse_url($url, PHP_URL_HOST) 314 349 ) 315 350 ); 316 317 $url = $url . ($params ? '?' . $params : ''); 318 $headers = get_headers ($url); 319 if(!$headers) { 320 return array(); 321 } 322 323 if(intval(substr($headers[0], strlen('HTTP/1.1 '))) == 405) { 324 # The server doesn't support HEAD, so let's emulate it with 325 # a GET. 326 $args = func_get_args(); 327 $args[1] = 'GET'; 328 call_user_func_array(array($this, 'request_streams'), $args); 329 return $this->headers; 330 } 331 332 $headers = $this->parse_header_array($headers, $update_claimed_id); 333 334 # And restore them. 351 352 // Enable validation of the SSL certificates. 353 if ($this->verify_peer) { 354 $default['ssl'] += array( 355 'verify_peer' => false, 356 'capath' => '', 357 'cafile' => '' 358 ); 359 $opts['ssl'] += array( 360 'verify_peer' => true, 361 'capath' => $this->capath, 362 'cafile' => $this->cainfo 363 ); 364 } 365 366 // Change the stream context options. 367 stream_context_get_default($opts); 368 369 $headers = get_headers($url . ($params ? '?' . $params : '')); 370 371 // Restore the stream context options. 335 372 stream_context_get_default($default); 373 374 if (!empty($headers)) { 375 if (intval(substr($headers[0], strlen('HTTP/1.1 '))) == 405) { 376 // The server doesn't support HEAD - emulate it with a GET. 377 $args = func_get_args(); 378 $args[1] = 'GET'; 379 call_user_func_array(array($this, 'request_streams'), $args); 380 $headers = $this->headers; 381 } else { 382 $headers = $this->parse_header_array($headers, $update_claimed_id); 383 } 384 } else { 385 $headers = array(); 386 } 387 336 388 return $headers; 337 389 } 338 390 339 if ($this->verify_peer) {391 if ($this->verify_peer) { 340 392 $opts['ssl'] += array( 341 393 'verify_peer' => true, 342 394 'capath' => $this->capath, 343 'cafile' => $this->cainfo ,395 'cafile' => $this->cainfo 344 396 ); 345 397 } … … 364 416 } 365 417 return $this->request_streams($url, $method, $params, $update_claimed_id); 418 } 419 420 protected function proxy_url() 421 { 422 $result = ''; 423 424 if (!empty($this->proxy)) { 425 $result = $this->proxy['host']; 426 427 if (!empty($this->proxy['port'])) { 428 $result = $result . ':' . $this->proxy['port']; 429 } 430 431 if (!empty($this->proxy['user'])) { 432 $result = $this->proxy['user'] . ':' . $this->proxy['pass'] . '@' . $result; 433 } 434 435 $result = 'http://' . $result; 436 } 437 438 return $result; 366 439 } 367 440 … … 419 492 # A flag to disable yadis discovery in case of failure in headers. 420 493 $yadis = true; 494 495 # Allows optional regex replacement of the URL, e.g. to use Google Apps 496 # as an OpenID provider without setting up XRDS on the domain hosting. 497 if (!is_null($this->xrds_override_pattern) && !is_null($this->xrds_override_replacement)) { 498 $url = preg_replace($this->xrds_override_pattern, $this->xrds_override_replacement, $url); 499 } 421 500 422 501 # We'll jump a maximum of 5 times, to avoid endless redirections. … … 639 718 'openid.realm' => $this->trustRoot, 640 719 ); 720 641 721 if ($this->ax) { 642 722 $params += $this->axParams(); 643 723 } 724 644 725 if ($this->sreg) { 645 726 $params += $this->sregParams(); 646 727 } 728 647 729 if (!$this->ax && !$this->sreg) { 648 730 # If OP doesn't advertise either SREG, nor AX, let's send them both 649 731 # in worst case we don't get anything in return. 650 732 $params += $this->axParams() + $this->sregParams(); 733 } 734 735 if (!empty($this->oauth) && is_array($this->oauth)) { 736 $params['openid.ns.oauth'] = 'http://specs.openid.net/extensions/oauth/1.0'; 737 $params['openid.oauth.consumer'] = str_replace(array('http://', 'https://'), '', $this->trustRoot); 738 $params['openid.oauth.scope'] = implode(' ', $this->oauth); 651 739 } 652 740 … … 749 837 protected function getAxAttributes() 750 838 { 751 $alias = null; 752 if (isset($this->data['openid_ns_ax']) 753 && $this->data['openid_ns_ax'] != 'http://openid.net/srv/ax/1.0' 754 ) { # It's the most likely case, so we'll check it before 755 $alias = 'ax'; 839 $result = array(); 840 841 if ($alias = $this->getNamespaceAlias('http://openid.net/srv/ax/1.0', 'ax')) { 842 $prefix = 'openid_' . $alias; 843 $length = strlen('http://axschema.org/'); 844 845 foreach (explode(',', $this->data['openid_signed']) as $key) { 846 $keyMatch = $alias . '.type.'; 847 848 if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) { 849 continue; 850 } 851 852 $key = substr($key, strlen($keyMatch)); 853 $idv = $prefix . '_value_' . $key; 854 $idc = $prefix . '_count_' . $key; 855 $key = substr($this->getItem($prefix . '_type_' . $key), $length); 856 857 if (!empty($key)) { 858 if (($count = intval($this->getItem($idc))) > 0) { 859 $value = array(); 860 861 for ($i = 1; $i <= $count; $i++) { 862 $value[] = $this->getItem($idv . '_' . $i); 863 } 864 865 $value = ($count == 1) ? reset($value) : $value; 866 } else { 867 $value = $this->getItem($idv); 868 } 869 870 if (!is_null($value)) { 871 $result[$key] = $value; 872 } 873 } 874 } 756 875 } else { 757 # 'ax' prefix is either undefined, or points to another extension, 758 # so we search for another prefix 759 foreach ($this->data as $key => $val) { 760 if (substr($key, 0, strlen('openid_ns_')) == 'openid_ns_' 761 && $val == 'http://openid.net/srv/ax/1.0' 762 ) { 763 $alias = substr($key, strlen('openid_ns_')); 764 break; 765 } 766 } 767 } 768 if (!$alias) { 769 # An alias for AX schema has not been found, 770 # so there is no AX data in the OP's response 771 return array(); 772 } 773 774 $attributes = array(); 775 foreach (explode(',', $this->data['openid_signed']) as $key) { 776 $keyMatch = $alias . '.value.'; 777 if (substr($key, 0, strlen($keyMatch)) != $keyMatch) { 778 continue; 779 } 780 $key = substr($key, strlen($keyMatch)); 781 if (!isset($this->data['openid_' . $alias . '_type_' . $key])) { 782 # OP is breaking the spec by returning a field without 783 # associated ns. This shouldn't happen, but it's better 784 # to check, than cause an E_NOTICE. 785 continue; 786 } 787 $value = $this->data['openid_' . $alias . '_value_' . $key]; 788 $key = substr($this->data['openid_' . $alias . '_type_' . $key], 789 strlen('http://axschema.org/')); 790 791 $attributes[$key] = $value; 792 } 793 return $attributes; 876 // No alias for the AX schema has been found, 877 // so there is no AX data in the OP's response. 878 } 879 880 return $result; 794 881 } 795 882 … … 800 887 foreach (explode(',', $this->data['openid_signed']) as $key) { 801 888 $keyMatch = 'sreg.'; 802 if (s ubstr($key, 0, strlen($keyMatch)) != $keyMatch) {889 if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) { 803 890 continue; 804 891 } … … 832 919 return $this->getSregAttributes(); 833 920 } 921 922 /** 923 * Gets an OAuth request token if the OpenID+OAuth hybrid protocol has been used. 924 * 925 * In order to use the OpenID+OAuth hybrid protocol, you need to add at least one 926 * scope to the $openid->oauth array before you get the call to getAuthUrl(), e.g.: 927 * $openid->oauth[] = 'https://www.googleapis.com/auth/plus.me'; 928 * 929 * Furthermore the registered consumer name must fit the OpenID realm. 930 * To register an OpenID consumer at Google use: https://www.google.com/accounts/ManageDomains 931 * 932 * @return string|bool OAuth request token on success, FALSE if no token was provided. 933 */ 934 function getOAuthRequestToken() 935 { 936 $alias = $this->getNamespaceAlias('http://specs.openid.net/extensions/oauth/1.0'); 937 938 return !empty($alias) ? $this->data['openid_' . $alias . '_request_token'] : false; 939 } 940 941 /** 942 * Gets the alias for the specified namespace, if it's present. 943 * 944 * @param string $namespace The namespace for which an alias is needed. 945 * @param string $hint Common alias of this namespace, used for optimization. 946 * @return string|null The namespace alias if found, otherwise - NULL. 947 */ 948 private function getNamespaceAlias($namespace, $hint = null) 949 { 950 $result = null; 951 952 if (empty($hint) || $this->getItem('openid_ns_' . $hint) != $namespace) { 953 // The common alias is either undefined or points to 954 // some other extension - search for another alias.. 955 $prefix = 'openid_ns_'; 956 $length = strlen($prefix); 957 958 foreach ($this->data as $key => $val) { 959 if (strncmp($key, $prefix, $length) === 0 && $val === $namespace) { 960 $result = trim(substr($key, $length)); 961 break; 962 } 963 } 964 } else { 965 $result = $hint; 966 } 967 968 return $result; 969 } 970 971 /** 972 * Gets an item from the $data array by the specified id. 973 * 974 * @param string $id The id of the desired item. 975 * @return string|null The item if found, otherwise - NULL. 976 */ 977 private function getItem($id) 978 { 979 return isset($this->data[$id]) ? $this->data[$id] : null; 980 } 834 981 } -
extensions/oAuth/include/providers_stats.inc.php
r23808 r26555 15 15 'callback' => true, 16 16 'require_client_id' => true, 17 'new_app_link' => 'https://c ode.google.com/apis/console',17 'new_app_link' => 'https://cloud.google.com/console/project', 18 18 'scope' => 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email', 19 19 ), … … 44 44 'provider_name' => 'Windows Live', 45 45 'require_client_id' => true, 46 'new_app_link' => 'https:// manage.dev.live.com/ApplicationOverview.aspx',46 'new_app_link' => 'https://account.live.com/developers/applications/index', 47 47 ), 48 48 'Yahoo' => array(
Note: See TracChangeset
for help on using the changeset viewer.