openinfra/openstackid
Code Issues Proposed changes

Added OpenId 2.0 SREG 1.0 ext support

Browse Source 
implemented http://openid.net/specs/openid-simple-registration-extension-1_0.html

Change-Id: I0b3b3c70b4eacc6ea95932f7a3ed1c522a26b1e4
This commit is contained in:
Sebastian Marcet 2017-04-10 18:38:55 -03:00
parent 9a5b7fdde3
commit 8bfc282634
9 changed files with 527 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension.php
View File

@ -11,51 +11,20 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
**/ **/
use OpenId\Extensions\OpenIdExtension;
use OpenId\OpenIdProtocol;
use OpenId\Requests\Contexts\PartialView;
use OpenId\Requests\Contexts\RequestContext;
use OpenId\Responses\Contexts\ResponseContext;
use OpenId\Requests\OpenIdRequest; use OpenId\Requests\OpenIdRequest;
use OpenId\Responses\OpenIdResponse;
use Utils\Services\IAuthService; use Utils\Services\IAuthService;
use Utils\Services\ILogService; use Utils\Services\ILogService;
use Exception;
/** /**
* Class OpenIdSREGExtension * Class OpenIdSREGExtension
* Implements @see http://openid.net/specs/openid-simple-registration-extension-1_0.html * Implements @see http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
* @package OpenId\Extensions\Implementations * @package OpenId\Extensions\Implementations
*/ */
class OpenIdSREGExtension extends OpenIdExtension class OpenIdSREGExtension extends OpenIdSREGExtension_1_0
{ {
const Prefix = 'sreg';
const NamespaceUrl = 'http://openid.net/extensions/sreg/1.1'; const NamespaceUrl = 'http://openid.net/extensions/sreg/1.1';
const NamespaceType = 'ns';
const Required = 'required';
const Optional = 'optional';
const PolicyUrl = 'policy_url';
//properties
const Nickname = 'nickname';
const Email = 'email';
const FullName = 'fullname';
const DateOfBirthday = 'dob';
const Gender = 'gender';
const Postcode = 'postcode';
const Country = 'country';
const Language = 'language';
const Timezone = 'timezone';
/**
* @var array
*/
public static $available_properties = array();
/**
* @var IAuthService
*/
private $auth_service;
/** /**
* @param $name * @param $name
@ -69,129 +38,14 @@ class OpenIdSREGExtension extends OpenIdExtension
IAuthService $auth_service, IAuthService $auth_service,
ILogService $log_service) ILogService $log_service)
{ {
parent::__construct($name, $namespace, $view_name, $description,$log_service); parent::__construct($name, $namespace, $view_name, $description, $auth_service, $log_service);
$this->auth_service = $auth_service;
self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname;
self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email;
self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName;
self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country;
self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language;
self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender;
self::$available_properties[OpenIdSREGExtension::DateOfBirthday] = OpenIdSREGExtension::DateOfBirthday;
self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode;
self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone;
}
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
try {
$simple_reg_request = new OpenIdSREGRequest($request->getMessage());
if (!$simple_reg_request->isValid()) return;
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$policy_url = $simple_reg_request->getPolicyUrl();
$attributes = array_merge($attributes, $opt_attributes);
$view_data = array('attributes' => array_keys($attributes));
if (!empty($policy_url)) {
$view_data['policy_url'] = $policy_url;
}
$partial_view = new PartialView($this->view, $view_data);
$context->addPartialView($partial_view);
} catch (Exception $ex) {
$this->log_service->error($ex);
}
} }
/** /**
* @param OpenIdRequest $request * @param OpenIdRequest $request
* @param OpenIdResponse $response * @return OpenIdSREGRequest_1_0
* @param ResponseContext $context
* @return void
*/ */
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context) protected function buildRequest(OpenIdRequest $request){
{ return new OpenIdSREGRequest($request->getMessage());
try {
$simple_reg_request = new OpenIdSREGRequest($request->getMessage());
if (!$simple_reg_request->isValid()) return;
$response->addParam(self::paramNamespace(), self::NamespaceUrl);
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
$user = $this->auth_service->getCurrentUser();
foreach ($attributes as $attr => $value) {
$context->addSignParam(self::param($attr));
if ($attr == self::Email) {
$response->addParam(self::param($attr), $user->getEmail());
}
if ($attr == self::Country) {
$response->addParam(self::param($attr), $user->getCountry());
}
if ($attr == self::Nickname || $attr == self::FullName) {
$response->addParam(self::param($attr), $user->getFullName());
}
if ($attr == self::Language) {
$response->addParam(self::param($attr), $user->getLanguage());
}
}
} catch (Exception $ex) {
$this->log_service->error($ex);
}
}
/**
* @param string $separator
* @return string
*/
public static function paramNamespace($separator = '.')
{
return OpenIdProtocol::OpenIdPrefix . $separator . OpenIdProtocol::OpenIDProtocol_NS . $separator . self::Prefix;
}
/**
* @param $param
* @param string $separator
* @return string
*/
public static function param($param, $separator = '.')
{
return OpenIdProtocol::OpenIdPrefix . $separator . self::Prefix . $separator . $param;
}
/**
* @param OpenIdRequest $request
* @return array
*/
public function getTrustedData(OpenIdRequest $request)
{
$data = array();
try {
$simple_reg_request = new OpenIdSREGRequest($request->getMessage());
if ($simple_reg_request->isValid()) {
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
foreach ($attributes as $key => $value) {
array_push($data, $key);
}
}
} catch (Exception $ex) {
$this->log_service->debug_msg($request->__toString());
$this->log_service->error($ex);
}
return $data;
} }
} }

209
app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php Normal file
View File

@ -0,0 +1,209 @@
<?php namespace OpenId\Extensions\Implementations;
use Auth\IAuthenticationExtensionService;
use Mockery\Exception;
use OpenId\Extensions\OpenIdExtension;
use OpenId\OpenIdProtocol;
use OpenId\Requests\Contexts\PartialView;
use OpenId\Requests\Contexts\RequestContext;
use OpenId\Requests\OpenIdRequest;
use OpenId\Responses\Contexts\ResponseContext;
use OpenId\Responses\OpenIdResponse;
use Utils\Services\IAuthService;
use Utils\Services\ILogService;
/**
* Copyright 2016 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class OpenIdSREGExtension_1_0
* @see http://openid.net/specs/openid-simple-registration-extension-1_0.html
* @package OpenId\Extensions\Implementations
*/
class OpenIdSREGExtension_1_0 extends OpenIdExtension
{
const Prefix = 'sreg';
const NamespaceUrl = 'http://openid.net/sreg/1.0';
const NamespaceType = 'ns';
const Required = 'required';
const Optional = 'optional';
const PolicyUrl = 'policy_url';
//properties
const Nickname = 'nickname';
const Email = 'email';
const FullName = 'fullname';
const DateOfBirthday = 'dob';
const Gender = 'gender';
const Postcode = 'postcode';
const Country = 'country';
const Language = 'language';
const Timezone = 'timezone';
/**
* @var array
*/
public static $available_properties = array();
/**
* @var IAuthenticationExtensionService
*/
protected $auth_service;
/**
* @param $name
* @param $namespace
* @param $view_name
* @param $description
* @param IAuthService $auth_service
* @param ILogService $log_service
*/
public function __construct($name, $namespace, $view_name , $description,
IAuthService $auth_service,
ILogService $log_service)
{
parent::__construct($name, $namespace, $view_name, $description,$log_service);
$this->auth_service = $auth_service;
self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname;
self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email;
self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName;
self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country;
self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language;
self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender;
self::$available_properties[OpenIdSREGExtension::DateOfBirthday] = OpenIdSREGExtension::DateOfBirthday;
self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode;
self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone;
}
/**
* @param OpenIdRequest $request
* @return OpenIdSREGRequest_1_0
*/
protected function buildRequest(OpenIdRequest $request){
return new OpenIdSREGRequest_1_0($request->getMessage());
}
public function parseRequest(OpenIdRequest $request, RequestContext $context)
{
try {
$simple_reg_request = $this->buildRequest($request);
if (!$simple_reg_request->isValid()) return;
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$policy_url = $simple_reg_request->getPolicyUrl();
$attributes = array_merge($attributes, $opt_attributes);
$view_data = array('attributes' => array_keys($attributes));
if (!empty($policy_url)) {
$view_data['policy_url'] = $policy_url;
}
$partial_view = new PartialView($this->view, $view_data);
$context->addPartialView($partial_view);
} catch (Exception $ex) {
$this->log_service->error($ex);
}
}
/**
* @param OpenIdRequest $request
* @param OpenIdResponse $response
* @param ResponseContext $context
* @return void
*/
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
try {
$simple_reg_request = $this->buildRequest($request);
if (!$simple_reg_request->isValid()) return;
$response->addParam(self::paramNamespace(), $this->getNamespace());
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
$user = $this->auth_service->getCurrentUser();
foreach ($attributes as $attr => $value) {
$context->addSignParam(self::param($attr));
if ($attr == self::Email) {
$response->addParam(self::param($attr), $user->getEmail());
}
if ($attr == self::Country) {
$response->addParam(self::param($attr), $user->getCountry());
}
if ($attr == self::Nickname || $attr == self::FullName) {
$response->addParam(self::param($attr), $user->getFullName());
}
if ($attr == self::Language) {
$response->addParam(self::param($attr), $user->getLanguage());
}
}
} catch (Exception $ex) {
$this->log_service->error($ex);
}
}
/**
* @param string $separator
* @return string
*/
public static function paramNamespace($separator = '.')
{
return OpenIdProtocol::OpenIdPrefix . $separator . OpenIdProtocol::OpenIDProtocol_NS . $separator . self::Prefix;
}
/**
* @param $param
* @param string $separator
* @return string
*/
public static function param($param, $separator = '.')
{
return OpenIdProtocol::OpenIdPrefix . $separator . self::Prefix . $separator . $param;
}
/**
* @param OpenIdRequest $request
* @return array
*/
public function getTrustedData(OpenIdRequest $request)
{
$data = array();
try {
$simple_reg_request = $this->buildRequest($request);
if ($simple_reg_request->isValid()) {
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
foreach ($attributes as $key => $value) {
array_push($data, $key);
}
}
} catch (Exception $ex) {
$this->log_service->debug_msg($request->__toString());
$this->log_service->error($ex);
}
return $data;
}
}

125
app/libs/OpenId/Extensions/Implementations/OpenIdSREGRequest.php
View File

@ -11,138 +11,29 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
**/ **/
use Exception;
use OpenId\OpenIdMessage; use OpenId\OpenIdMessage;
use OpenId\Requests\OpenIdRequest;
use OpenId\Exceptions\InvalidOpenIdMessageException;
use Utils\Http\HttpMessage;
/** /**
* Class OpenIdSREGRequest * Class OpenIdSREGRequest
* Implements @see http://openid.net/specs/openid-simple-registration-extension-1_0.html * Implements @see http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
* @package OpenId\Extensions\Implementations * @package OpenId\Extensions\Implementations
*/ */
class OpenIdSREGRequest extends OpenIdRequest class OpenIdSREGRequest extends OpenIdSREGRequest_1_0
{ { /**
/**
* @var array
*/
private $attributes;
/**
* @var array
*/
private $optional_attributes;
/**
* @var string
*/
private $policy_url;
/**
* OpenIdSREGRequest constructor. * OpenIdSREGRequest constructor.
* @param OpenIdMessage $message * @param OpenIdMessage $message
*/ */
public function __construct(OpenIdMessage $message) public function __construct(OpenIdMessage $message)
{ {
parent::__construct($message); parent::__construct($message);
$this->attributes = array();
$this->optional_attributes = array();
}
/**
* @return bool
* @throws Exception
*/
public function isValid()
{
try {
//check identifier
if (isset($this->message[OpenIdSREGExtension::paramNamespace(HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])
&& $this->message[OpenIdSREGExtension::paramNamespace(HttpMessage::PHP_REQUEST_VAR_SEPARATOR)] == OpenIdSREGExtension::NamespaceUrl
) {
/*
* All of the following request fields are OPTIONAL, though at least one of "openid.sreg.required"
* or "openid.sreg.optional" MUST be specified in the request.
* openid.sreg.required:
* Comma-separated list of field names which, if absent from the response, will prevent the Consumer f
* rom completing the registration without End User interation. The field names are those that are
* specified in the Response Format, with the "openid.sreg." prefix removed.
* openid.sreg.optional:
* Comma-separated list of field names Fields that will be used by the Consumer, but whose absence will
* not prevent the registration from completing. The field names are those that are specified in the
* Response Format, with the "openid.sreg." prefix removed.
* openid.sreg.policy_url:
* A URL which the Consumer provides to give the End User a place to read about the how the profile data
* will be used. The Identity Provider SHOULD display this URL to the End User if it is given.
*/
//check required fields
if (
!isset($this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)]) &&
!isset($this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])
)
throw new InvalidOpenIdMessageException("SREG: at least one of \"openid.sreg.required\" or \"openid.sreg.optional\" MUST be specified in the request.");
//get required attributes
if (isset($this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$attributes = $this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
$attributes = explode(",", $attributes);
foreach ($attributes as $attr) {
$attr = trim($attr);
if (!isset(OpenIdSREGExtension::$available_properties[$attr]))
continue;
$this->attributes[$attr] = $attr;
}
}
//get optional attributes
if (isset($this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$opt_attributes = $this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
$opt_attributes = explode(",", $opt_attributes);
foreach ($opt_attributes as $opt_attr) {
$opt_attr = trim($opt_attr);
if (!isset(OpenIdSREGExtension::$available_properties[$opt_attr]))
continue;
if (isset($this->attributes[$opt_attr]))
throw new InvalidOpenIdMessageException(sprintf("SREG: optional attribute %s is already set as required one!", $opt_attr));
$this->optional_attributes[$opt_attr] = $opt_attr;
}
}
//check policy url..
if (isset($this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::PolicyUrl, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$this->policy_url = $this->message[OpenIdSREGExtension::param(OpenIdSREGExtension::PolicyUrl, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
}
return true;
}
} catch (Exception $ex) {
throw $ex;
}
return false;
}
/**
* @return array
*/
public function getRequiredAttributes()
{
return $this->attributes;
}
/**
* @return array
*/
public function getOptionalAttributes()
{
return $this->optional_attributes;
} }
/** /**
* @return string * @return string
*/ */
public function getPolicyUrl() protected function getNameSpace(){
{ return OpenIdSREGExtension::NamespaceUrl;
return $this->policy_url;
} }
} }

157
app/libs/OpenId/Extensions/Implementations/OpenIdSREGRequest_1_0.php Normal file
View File

@ -0,0 +1,157 @@
<?php namespace OpenId\Extensions\Implementations;
/**
* Copyright 2017 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Exception;
use OpenId\Exceptions\InvalidOpenIdMessageException;
use OpenId\OpenIdMessage;
use OpenId\Requests\OpenIdRequest;
use Utils\Http\HttpMessage;
/**
* Class OpenIdSREGRequest_1_0
* Implements @see http://openid.net/specs/openid-simple-registration-extension-1_0.html
* @package OpenId\Extensions\Implementations
*/
class OpenIdSREGRequest_1_0 extends OpenIdRequest
{
/**
* @var array
*/
protected $attributes;
/**
* @var array
*/
protected $optional_attributes;
/**
* @var string
*/
protected $policy_url;
/**
* OpenIdSREGRequest constructor.
* @param OpenIdMessage $message
*/
public function __construct(OpenIdMessage $message)
{
parent::__construct($message);
$this->attributes = array();
$this->optional_attributes = array();
}
/**
* @return string
*/
protected function getNameSpace(){
return OpenIdSREGExtension_1_0::NamespaceUrl;
}
/**
* @return bool
* @throws Exception
*/
public function isValid()
{
try {
//check identifier
if (isset($this->message[OpenIdSREGExtension_1_0::paramNamespace(HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])
&& $this->message[OpenIdSREGExtension_1_0::paramNamespace(HttpMessage::PHP_REQUEST_VAR_SEPARATOR)] == $this->getNameSpace())
{
/*
* All of the following request fields are OPTIONAL, though at least one of "openid.sreg.required"
* or "openid.sreg.optional" MUST be specified in the request.
* openid.sreg.required:
* Comma-separated list of field names which, if absent from the response, will prevent the Consumer f
* rom completing the registration without End User interation. The field names are those that are
* specified in the Response Format, with the "openid.sreg." prefix removed.
* openid.sreg.optional:
* Comma-separated list of field names Fields that will be used by the Consumer, but whose absence will
* not prevent the registration from completing. The field names are those that are specified in the
* Response Format, with the "openid.sreg." prefix removed.
* openid.sreg.policy_url:
* A URL which the Consumer provides to give the End User a place to read about the how the profile data
* will be used. The Identity Provider SHOULD display this URL to the End User if it is given.
*/
//check required fields
if (
!isset($this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)]) &&
!isset($this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])
)
throw new InvalidOpenIdMessageException("SREG: at least one of \"openid.sreg.required\" or \"openid.sreg.optional\" MUST be specified in the request.");
//get required attributes
if (isset($this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$attributes = $this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Required, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
$attributes = explode(",", $attributes);
foreach ($attributes as $attr) {
$attr = trim($attr);
if (!isset(OpenIdSREGExtension_1_0::$available_properties[$attr]))
continue;
$this->attributes[$attr] = $attr;
}
}
//get optional attributes
if (isset($this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$opt_attributes = $this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::Optional, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
$opt_attributes = explode(",", $opt_attributes);
foreach ($opt_attributes as $opt_attr) {
$opt_attr = trim($opt_attr);
if (!isset(OpenIdSREGExtension_1_0::$available_properties[$opt_attr]))
continue;
if (isset($this->attributes[$opt_attr]))
throw new InvalidOpenIdMessageException(sprintf("SREG: optional attribute %s is already set as required one!", $opt_attr));
$this->optional_attributes[$opt_attr] = $opt_attr;
}
}
//check policy url..
if (isset($this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::PolicyUrl, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)])) {
$this->policy_url = $this->message[OpenIdSREGExtension_1_0::param(OpenIdSREGExtension_1_0::PolicyUrl, HttpMessage::PHP_REQUEST_VAR_SEPARATOR)];
}
return true;
}
} catch (Exception $ex) {
throw $ex;
}
return false;
}
/**
* @return array
*/
public function getRequiredAttributes()
{
return $this->attributes;
}
/**
* @return array
*/
public function getOptionalAttributes()
{
return $this->optional_attributes;
}
/**
* @return string
*/
public function getPolicyUrl()
{
return $this->policy_url;
}
}

1
database/migrations/2016_09_26_133648_update_server_extensions.php
View File

@ -38,7 +38,6 @@ class UpdateServerExtensions extends Migration
) )
); );
ServerExtension::create( ServerExtension::create(
array( array(
'name' => 'OAUTH2', 'name' => 'OAUTH2',

42
database/migrations/2017_04_10_213503_update_server_ext_openid_sreg_1_0.php Normal file
View File

@ -0,0 +1,42 @@
<?php
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
use OpenId\Extensions\Implementations\OpenIdSREGExtension_1_0;
use Models\OpenId\ServerExtension;
/**
* Class UpdateServerExtOpenidSreg10
*/
class UpdateServerExtOpenidSreg10 extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
ServerExtension::create(
array(
'name' => 'SREG_1_0',
'namespace' => 'http://openid.net/sreg/1.0',
'active' => true,
'extension_class' => OpenIdSREGExtension_1_0::class,
'description' => 'OpenID Simple Registration 1.0 is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange.',
'view_name' => 'extensions.sreg',
)
);
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
//
}
}

19
database/seeds/OpenIdExtensionsSeeder.php
View File

@ -5,6 +5,7 @@ use Illuminate\Database\Seeder;
use OpenId\Extensions\Implementations\OpenIdAXExtension; use OpenId\Extensions\Implementations\OpenIdAXExtension;
use OpenId\Extensions\Implementations\OpenIdSREGExtension; use OpenId\Extensions\Implementations\OpenIdSREGExtension;
use OpenId\Extensions\Implementations\OpenIdOAuth2Extension; use OpenId\Extensions\Implementations\OpenIdOAuth2Extension;
use OpenId\Extensions\Implementations\OpenIdSREGExtension_1_0;
/** /**
* Class OpenIdExtensionsSeeder * Class OpenIdExtensionsSeeder
@ -28,15 +29,25 @@ class OpenIdExtensionsSeeder extends Seeder {
ServerExtension::create( ServerExtension::create(
array( array(
'name' => 'SREG', 'name' => 'SREG_1_0',
'namespace' => 'http://openid.net/extensions/sreg/1.1', 'namespace' => 'http://openid.net/sreg/1.0',
'active' => true, 'active' => true,
'extension_class' => OpenIdSREGExtension::class, 'extension_class' => OpenIdSREGExtension_1_0::class,
'description' => 'OpenID Simple Registration is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange.', 'description' => 'OpenID Simple Registration 1.0 is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange.',
'view_name' => 'extensions.sreg', 'view_name' => 'extensions.sreg',
) )
); );
ServerExtension::create(
array(
'name' => 'SREG',
'namespace' => 'http://openid.net/extensions/sreg/1.1',
'active' => true,
'extension_class' => OpenIdSREGExtension::class,
'description' => 'OpenID Simple Registration 1.1 is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange.',
'view_name' => 'extensions.sreg',
)
);
ServerExtension::create( ServerExtension::create(
array( array(

13
database/seeds/TestSeeder.php
View File

@ -23,6 +23,7 @@ use OpenId\Extensions\Implementations\OpenIdAXExtension;
use OpenId\Extensions\Implementations\OpenIdSREGExtension; use OpenId\Extensions\Implementations\OpenIdSREGExtension;
use OpenId\Extensions\Implementations\OpenIdOAuth2Extension; use OpenId\Extensions\Implementations\OpenIdOAuth2Extension;
use Models\Group; use Models\Group;
use OpenId\Extensions\Implementations\OpenIdSREGExtension_1_0;
/** /**
* Class OAuth2ApplicationSeeder * Class OAuth2ApplicationSeeder
* This seeder is only for testing purposes * This seeder is only for testing purposes
@ -743,6 +744,18 @@ SQL;
} }
private function seedServerExtensions(){ private function seedServerExtensions(){
ServerExtension::create(
array(
'name' => 'SREG_1_0',
'namespace' => 'http://openid.net/sreg/1.0',
'active' => true,
'extension_class' => OpenIdSREGExtension_1_0::class,
'description' => 'OpenID Simple Registration 1.0 is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange.',
'view_name' => 'extensions.sreg',
)
);
ServerExtension::create( ServerExtension::create(
array( array(
'name' => 'AX', 'name' => 'AX',

76
tests/OpenIdProtocolTest.php
View File

@ -10,6 +10,7 @@ use Zend\Crypt\PublicKey\DiffieHellman;
use Illuminate\Support\Facades\Session; use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\Config; use Illuminate\Support\Facades\Config;
use Models\OpenId\OpenIdTrustedSite; use Models\OpenId\OpenIdTrustedSite;
use OpenId\Extensions\Implementations\OpenIdSREGExtension_1_0;
/** /**
* Class OpenIdProtocolTest * Class OpenIdProtocolTest
* Test Suite for OpenId Protocol * Test Suite for OpenId Protocol
@ -629,8 +630,81 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest
//extension tests //extension tests
public function testCheckSetupSREGExtension1_0()
{
public function testCheckSetupSREGExtension() //set login info
Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever);
$sreg_required_params = array('email', 'fullname');
$params = array(
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType,
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode) => OpenIdProtocol::SetupMode,
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm) => "https://www.test.com/",
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo) => "https://www.test.com/oauth2",
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity) => "http://specs.openid.net/auth/2.0/identifier_select",
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId) => "http://specs.openid.net/auth/2.0/identifier_select",
//sreg
OpenIdSREGExtension::paramNamespace() => OpenIdSREGExtension_1_0::NamespaceUrl,
OpenIdSREGExtension::param(OpenIdSREGExtension::Required) => implode(",", $sreg_required_params),
);
$response = $this->action("POST", "OpenId\OpenIdProviderController@endpoint", $params);
$this->assertResponseStatus(302);
$openid_response = $this->parseOpenIdResponse($response->getTargetUrl());
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ReturnTo)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Sig)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Sig)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Signed)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Signed)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Realm)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_OpEndpoint)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Identity)]));
$this->assertTrue(isset($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId)]));
$this->assertTrue(!empty($openid_response[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_ClaimedId)]));
//sreg
$this->assertTrue(isset($openid_response[OpenIdSREGExtension::paramNamespace()]));
$this->assertTrue($openid_response[OpenIdSREGExtension::paramNamespace()] === OpenIdSREGExtension_1_0::NamespaceUrl);
$this->assertTrue(isset($openid_response[OpenIdSREGExtension::param(OpenIdSREGExtension::FullName)]));
$full_name = $openid_response[OpenIdSREGExtension::param(OpenIdSREGExtension::FullName)];
$this->assertTrue(!empty($full_name) && $full_name === 'Sebastian Marcet');
$this->assertTrue(isset($openid_response[OpenIdSREGExtension::param(OpenIdSREGExtension::Email)]));
$email = $openid_response[OpenIdSREGExtension::param(OpenIdSREGExtension::Email)];
$this->assertTrue(!empty($email) && $email === 'sebastian@tipit.net');
//http://openid.net/specs/openid-authentication-2_0.html#check_auth
$response = $this->action("POST", "OpenId\OpenIdProviderController@endpoint",
$this->prepareCheckAuthenticationParams($openid_response));
$openid_response = $this->getOpenIdResponseLineBreak($response->getContent());
$this->assertResponseStatus(200);
$this->assertTrue($openid_response['is_valid'] === 'true');
}
public function testCheckSetupSREGExtension1_1()
{ {
//set login info //set login info