| Drupal | PHP Cross Reference | Content Management Systems |
1 <?php 2 3 /** 4 * @file 5 * Dummy OpenID Provider used with SimpleTest. 6 * 7 * The provider simply responds positively to all authentication requests. In 8 * addition to a Provider Endpoint (a URL used for Drupal to communicate with 9 * the provider using the OpenID Authentication protocol) the module provides 10 * URLs used by the various discovery mechanisms. 11 * 12 * When a user enters an OpenID identity, the Relying Party (in the testing 13 * scenario, this is the OpenID module) looks up the URL of the Provider 14 * Endpoint using one of several discovery mechanisms. The Relying Party then 15 * redirects the user to Provider Endpoint. The provider verifies the user's 16 * identity and redirects the user back to the Relying Party accompanied by a 17 * signed message confirming the identity. Before redirecting to a provider for 18 * the first time, the Relying Party fetches a secret MAC key from the provider 19 * by doing a direct "associate" HTTP request to the Provider Endpoint. This 20 * key is used for verifying the signed messages from the provider. 21 */ 22 23 /** 24 * Implements hook_menu(). 25 */ 26 function openid_test_menu() { 27 $items['openid-test/yadis/xrds'] = array( 28 'title' => 'XRDS service document', 29 'page callback' => 'openid_test_yadis_xrds', 30 'access callback' => TRUE, 31 'type' => MENU_CALLBACK, 32 ); 33 $items['openid-test/yadis/x-xrds-location'] = array( 34 'title' => 'Yadis discovery using X-XRDS-Location header', 35 'page callback' => 'openid_test_yadis_x_xrds_location', 36 'access callback' => TRUE, 37 'type' => MENU_CALLBACK, 38 ); 39 $items['openid-test/yadis/http-equiv'] = array( 40 'title' => 'Yadis discovery using <meta http-equiv="X-XRDS-Location" ...>', 41 'page callback' => 'openid_test_yadis_http_equiv', 42 'access callback' => TRUE, 43 'type' => MENU_CALLBACK, 44 ); 45 $items['openid-test/html/openid1'] = array( 46 'title' => 'HTML-based discovery using <link rel="openid.server" ...>', 47 'page callback' => 'openid_test_html_openid1', 48 'access callback' => TRUE, 49 'type' => MENU_CALLBACK, 50 ); 51 $items['openid-test/html/openid2'] = array( 52 'title' => 'HTML-based discovery using <link rel="openid2.provider" ...>', 53 'page callback' => 'openid_test_html_openid2', 54 'access callback' => TRUE, 55 'type' => MENU_CALLBACK, 56 ); 57 $items['openid-test/endpoint'] = array( 58 'title' => 'OpenID Provider Endpoint', 59 'page callback' => 'openid_test_endpoint', 60 'access callback' => TRUE, 61 'type' => MENU_CALLBACK, 62 ); 63 $items['openid-test/redirect'] = array( 64 'title' => 'OpenID Provider Redirection Point', 65 'page callback' => 'openid_test_redirect', 66 'access callback' => TRUE, 67 'type' => MENU_CALLBACK, 68 ); 69 $items['openid-test/redirected/%/%'] = array( 70 'title' => 'OpenID Provider Final URL', 71 'page callback' => 'openid_test_redirected_method', 72 'page arguments' => array(2, 3), 73 'access callback' => TRUE, 74 'type' => MENU_CALLBACK, 75 ); 76 return $items; 77 } 78 79 /** 80 * Implements hook_menu_site_status_alter(). 81 */ 82 function openid_test_menu_site_status_alter(&$menu_site_status, $path) { 83 // Allow access to openid endpoint and identity even in offline mode. 84 if ($menu_site_status == MENU_SITE_OFFLINE && user_is_anonymous() && in_array($path, array('openid-test/yadis/xrds', 'openid-test/endpoint'))) { 85 $menu_site_status = MENU_SITE_ONLINE; 86 } 87 } 88 89 /** 90 * Menu callback; XRDS document that references the OP Endpoint URL. 91 */ 92 function openid_test_yadis_xrds() { 93 if ($_SERVER['HTTP_ACCEPT'] == 'application/xrds+xml') { 94 // Only respond to XRI requests for one specific XRI. The is used to verify 95 // that the XRI has been properly encoded. The "+" sign in the _xrd_r query 96 // parameter is decoded to a space by PHP. 97 if (arg(3) == 'xri') { 98 if (variable_get('clean_url', 0)) { 99 if (arg(4) != '@example*résumé;%25' || $_GET['_xrd_r'] != 'application/xrds xml') { 100 drupal_not_found(); 101 } 102 } 103 else { 104 // Drupal cannot properly emulate an XRI proxy resolver using unclean 105 // URLs, so the arguments gets messed up. 106 if (arg(4) . '/' . arg(5) != '@example*résumé;%25?_xrd_r=application/xrds xml') { 107 drupal_not_found(); 108 } 109 } 110 } 111 drupal_add_http_header('Content-Type', 'application/xrds+xml'); 112 print '<?xml version="1.0" encoding="UTF-8"?>'; 113 if (!empty($_GET['doctype'])) { 114 print "\n<!DOCTYPE dct [ <!ELEMENT blue (#PCDATA)> ]>\n"; 115 } 116 print ' 117 <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0"> 118 <XRD> 119 <Status cid="' . check_plain(variable_get('openid_test_canonical_id_status', 'verified')) . '"/> 120 <ProviderID>xri://@</ProviderID> 121 <CanonicalID>http://example.com/user</CanonicalID> 122 <Service> 123 <Type>http://example.com/this-is-ignored</Type> 124 </Service> 125 <Service priority="5"> 126 <Type>http://openid.net/signon/1.0</Type> 127 <URI>http://example.com/this-is-only-openid-1.0</URI> 128 </Service> 129 <Service priority="10"> 130 <Type>http://specs.openid.net/auth/2.0/signon</Type> 131 <Type>http://openid.net/srv/ax/1.0</Type> 132 <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> 133 <LocalID>http://example.com/xrds</LocalID> 134 </Service> 135 <Service priority="15"> 136 <Type>http://specs.openid.net/auth/2.0/signon</Type> 137 <URI>http://example.com/this-has-too-low-priority</URI> 138 </Service> 139 <Service> 140 <Type>http://specs.openid.net/auth/2.0/signon</Type> 141 <URI>http://example.com/this-has-too-low-priority</URI> 142 </Service> 143 '; 144 if (arg(3) == 'server') { 145 print ' 146 <Service> 147 <Type>http://specs.openid.net/auth/2.0/server</Type> 148 <URI>http://example.com/this-has-too-low-priority</URI> 149 </Service> 150 <Service priority="20"> 151 <Type>http://specs.openid.net/auth/2.0/server</Type> 152 <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> 153 </Service>'; 154 } 155 elseif (arg(3) == 'delegate') { 156 print ' 157 <Service priority="0"> 158 <Type>http://specs.openid.net/auth/2.0/signon</Type> 159 <Type>http://openid.net/srv/ax/1.0</Type> 160 <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> 161 <openid:Delegate>http://example.com/xrds-delegate</openid:Delegate> 162 </Service>'; 163 } 164 print ' 165 </XRD> 166 </xrds:XRDS>'; 167 } 168 else { 169 return t('This is a regular HTML page. If the client sends an Accept: application/xrds+xml header when requesting this URL, an XRDS document is returned.'); 170 } 171 } 172 173 /** 174 * Menu callback; regular HTML page with an X-XRDS-Location HTTP header. 175 */ 176 function openid_test_yadis_x_xrds_location() { 177 drupal_add_http_header('X-XRDS-Location', url('openid-test/yadis/xrds', array('absolute' => TRUE))); 178 return t('This page includes an X-RDS-Location HTTP header containing the URL of an XRDS document.'); 179 } 180 181 /** 182 * Menu callback; regular HTML page with <meta> element. 183 */ 184 function openid_test_yadis_http_equiv() { 185 $element = array( 186 '#tag' => 'meta', 187 '#attributes' => array( 188 'http-equiv' => 'X-XRDS-Location', 189 'content' => url('openid-test/yadis/xrds', array('absolute' => TRUE)), 190 ), 191 ); 192 drupal_add_html_head($element, 'openid_test_yadis_http_equiv'); 193 return t('This page includes a <meta equiv=...> element containing the URL of an XRDS document.'); 194 } 195 196 /** 197 * Menu callback; regular HTML page with OpenID 1.0 <link> element. 198 */ 199 function openid_test_html_openid1() { 200 drupal_add_html_head_link(array('rel' => 'openid.server', 'href' => url('openid-test/endpoint', array('absolute' => TRUE)))); 201 drupal_add_html_head_link(array('rel' => 'openid.delegate', 'href' => 'http://example.com/html-openid1')); 202 return t('This page includes a <link rel=...> element containing the URL of an OpenID Provider Endpoint.'); 203 } 204 205 /** 206 * Menu callback; regular HTML page with OpenID 2.0 <link> element. 207 */ 208 function openid_test_html_openid2() { 209 drupal_add_html_head_link(array('rel' => 'openid2.provider', 'href' => url('openid-test/endpoint', array('absolute' => TRUE)))); 210 drupal_add_html_head_link(array('rel' => 'openid2.local_id', 'href' => 'http://example.com/html-openid2')); 211 return t('This page includes a <link rel=...> element containing the URL of an OpenID Provider Endpoint.'); 212 } 213 214 /** 215 * Menu callback; OpenID Provider Endpoint. 216 * 217 * It accepts "associate" requests directly from the Relying Party, and 218 * "checkid_setup" requests made by the user's browser based on HTTP redirects 219 * (in OpenID 1) or HTML forms (in OpenID 2) generated by the Relying Party. 220 */ 221 function openid_test_endpoint() { 222 switch ($_REQUEST['openid_mode']) { 223 case 'associate': 224 _openid_test_endpoint_associate(); 225 break; 226 case 'checkid_setup': 227 _openid_test_endpoint_authenticate(); 228 break; 229 } 230 } 231 232 /** 233 * Menu callback; redirect during Normalization/Discovery. 234 */ 235 function openid_test_redirect($count = 0) { 236 if ($count == 0) { 237 $url = variable_get('openid_test_redirect_url', ''); 238 } 239 else { 240 $url = url('openid-test/redirect/' . --$count, array('absolute' => TRUE)); 241 } 242 $http_response_code = variable_get('openid_test_redirect_http_reponse_code', 301); 243 header('Location: ' . $url, TRUE, $http_response_code); 244 exit(); 245 } 246 247 /** 248 * Menu callback; respond with appropriate callback. 249 */ 250 function openid_test_redirected_method($method1, $method2) { 251 return call_user_func('openid_test_' . $method1 . '_' . $method2); 252 } 253 254 /** 255 * OpenID endpoint; handle "associate" requests (see OpenID Authentication 2.0, 256 * section 8). 257 * 258 * The purpose of association is to send the secret MAC key to the Relying Party 259 * using Diffie-Hellman key exchange. The MAC key is used in subsequent 260 * "authenticate" requests. The "associate" request is made by the Relying Party 261 * (in the testing scenario, this is the OpenID module that communicates with 262 * the endpoint using drupal_http_request()). 263 */ 264 function _openid_test_endpoint_associate() { 265 module_load_include('inc', 'openid'); 266 267 // Use default parameters for Diffie-Helmann key exchange. 268 $mod = OPENID_DH_DEFAULT_MOD; 269 $gen = OPENID_DH_DEFAULT_GEN; 270 271 // Generate private Diffie-Helmann key. 272 $r = _openid_dh_rand($mod); 273 $private = _openid_math_add($r, 1); 274 275 // Calculate public Diffie-Helmann key. 276 $public = _openid_math_powmod($gen, $private, $mod); 277 278 // Calculate shared secret based on Relying Party's public key. 279 $cpub = _openid_dh_base64_to_long($_REQUEST['openid_dh_consumer_public']); 280 $shared = _openid_math_powmod($cpub, $private, $mod); 281 282 // Encrypt the MAC key using the shared secret. 283 $enc_mac_key = base64_encode(_openid_dh_xorsecret($shared, base64_decode(variable_get('mac_key')))); 284 285 // Generate response including our public key and the MAC key. Using our 286 // public key and its own private key, the Relying Party can calculate the 287 // shared secret, and with this it can decrypt the encrypted MAC key. 288 $response = array( 289 'ns' => 'http://specs.openid.net/auth/2.0', 290 'assoc_handle' => 'openid-test', 291 'session_type' => $_REQUEST['openid_session_type'], 292 'assoc_type' => $_REQUEST['openid_assoc_type'], 293 'expires_in' => '3600', 294 'dh_server_public' => _openid_dh_long_to_base64($public), 295 'enc_mac_key' => $enc_mac_key, 296 ); 297 298 // Respond to Relying Party in the special Key-Value Form Encoding (see OpenID 299 // Authentication 1.0, section 4.1.1). 300 drupal_add_http_header('Content-Type', 'text/plain'); 301 print _openid_create_message($response); 302 } 303 304 /** 305 * OpenID endpoint; handle "authenticate" requests. 306 * 307 * All requests result in a successful response. The request is a GET or POST 308 * made by the user's browser based on an HTML form or HTTP redirect generated 309 * by the Relying Party. The user is redirected back to the Relying Party using 310 * a URL containing a signed message in the query string confirming the user's 311 * identity. 312 */ 313 function _openid_test_endpoint_authenticate() { 314 module_load_include('inc', 'openid'); 315 316 $expected_identity = variable_get('openid_test_identity'); 317 if ($expected_identity && $_REQUEST['openid_identity'] != $expected_identity) { 318 $response = variable_get('openid_test_response', array()) + array( 319 'openid.ns' => OPENID_NS_2_0, 320 'openid.mode' => 'error', 321 'openid.error' => 'Unexpted identity', 322 ); 323 drupal_add_http_header('Content-Type', 'text/plain'); 324 header('Location: ' . url($_REQUEST['openid_return_to'], array('query' => $response, 'external' => TRUE))); 325 return; 326 } 327 328 // Generate unique identifier for this authentication. 329 $nonce = _openid_nonce(); 330 331 // Generate response containing the user's identity. 332 $response = variable_get('openid_test_response', array()) + array( 333 'openid.ns' => OPENID_NS_2_0, 334 'openid.mode' => 'id_res', 335 'openid.op_endpoint' => url('openid-test/endpoint', array('absolute' => TRUE)), 336 'openid.claimed_id' => !empty($_REQUEST['openid_claimed_id']) ? $_REQUEST['openid_claimed_id'] : '', 337 'openid.identity' => $_REQUEST['openid_identity'], 338 'openid.return_to' => $_REQUEST['openid_return_to'], 339 'openid.response_nonce' => $nonce, 340 'openid.assoc_handle' => 'openid-test', 341 ); 342 343 if (isset($response['openid.signed'])) { 344 $keys_to_sign = explode(',', $response['openid.signed']); 345 } 346 else { 347 // Unless openid.signed is explicitly defined, all keys are signed. 348 $keys_to_sign = array(); 349 foreach ($response as $key => $value) { 350 // Strip off the "openid." prefix. 351 $keys_to_sign[] = substr($key, 7); 352 } 353 $response['openid.signed'] = implode(',', $keys_to_sign); 354 } 355 356 // Sign the message using the MAC key that was exchanged during association. 357 $association = new stdClass(); 358 $association->mac_key = variable_get('mac_key'); 359 if (!isset($response['openid.sig'])) { 360 $response['openid.sig'] = _openid_signature($association, $response, $keys_to_sign); 361 } 362 363 // Put the signed message into the query string of a URL supplied by the 364 // Relying Party, and redirect the user. 365 drupal_add_http_header('Content-Type', 'text/plain'); 366 header('Location: ' . url($_REQUEST['openid_return_to'], array('query' => $response, 'external' => TRUE))); 367 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
title