Janrain OpenID extlib updated
From their tree on a4090d0b30f850044413630333341cd327cbb55a Source: https://github.com/openid/php-openid
This commit is contained in:
Mikael Nordfeldth
parent
3b6a424c9f
commit
ed3022adc1
|
|
@ -29,7 +29,7 @@
|
|||
* identity check.
|
||||
*
|
||||
* LIBRARY DESIGN
|
||||
*
|
||||
*
|
||||
* This consumer library is designed with that flow in mind. The goal
|
||||
* is to make it as easy as possible to perform the above steps
|
||||
* securely.
|
||||
|
|
@ -427,7 +427,7 @@ class Auth_OpenID_Consumer {
|
|||
$loader->fromSession($endpoint_data);
|
||||
|
||||
$message = Auth_OpenID_Message::fromPostArgs($query);
|
||||
$response = $this->consumer->complete($message, $endpoint,
|
||||
$response = $this->consumer->complete($message, $endpoint,
|
||||
$current_url);
|
||||
$this->session->del($this->_token_key);
|
||||
|
||||
|
|
@ -616,6 +616,9 @@ class Auth_OpenID_GenericConsumer {
|
|||
$this->store = $store;
|
||||
$this->negotiator = Auth_OpenID_getDefaultNegotiator();
|
||||
$this->_use_assocs = (is_null($this->store) ? false : true);
|
||||
if (get_class($this->store) == "Auth_OpenID_DumbStore") {
|
||||
$this->_use_assocs = false;
|
||||
}
|
||||
|
||||
$this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
|
||||
|
||||
|
|
@ -666,7 +669,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
'_completeInvalid');
|
||||
|
||||
return call_user_func_array(array($this, $method),
|
||||
array($message, &$endpoint, $return_to));
|
||||
array($message, $endpoint, $return_to));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1186,7 +1189,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
list($unused, $services) = call_user_func_array($this->discoverMethod,
|
||||
array(
|
||||
$claimed_id,
|
||||
&$this->fetcher,
|
||||
$this->fetcher,
|
||||
));
|
||||
|
||||
if (!$services) {
|
||||
|
|
@ -1202,7 +1205,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
/**
|
||||
* @access private
|
||||
*/
|
||||
function _verifyDiscoveryServices($claimed_id,
|
||||
function _verifyDiscoveryServices($claimed_id,
|
||||
$services, $to_match_endpoints)
|
||||
{
|
||||
// Search the services resulting from discovery to find one
|
||||
|
|
@ -1210,7 +1213,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
|
||||
foreach ($services as $endpoint) {
|
||||
foreach ($to_match_endpoints as $to_match_endpoint) {
|
||||
$result = $this->_verifyDiscoverySingle($endpoint,
|
||||
$result = $this->_verifyDiscoverySingle($endpoint,
|
||||
$to_match_endpoint);
|
||||
|
||||
if (!Auth_OpenID::isFailure($result)) {
|
||||
|
|
@ -1368,7 +1371,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
}
|
||||
}
|
||||
$ca_message = $message->copy();
|
||||
$ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode',
|
||||
$ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode',
|
||||
'check_authentication');
|
||||
return $ca_message;
|
||||
}
|
||||
|
|
@ -1606,7 +1609,7 @@ class Auth_OpenID_GenericConsumer {
|
|||
|
||||
$expires_in = Auth_OpenID::intval($expires_in_str);
|
||||
if ($expires_in === false) {
|
||||
|
||||
|
||||
$err = sprintf("Could not parse expires_in from association ".
|
||||
"response %s", print_r($assoc_response, true));
|
||||
return new Auth_OpenID_FailureResponse(null, $err);
|
||||
|
|
@ -1953,7 +1956,7 @@ class Auth_OpenID_AuthRequest {
|
|||
function htmlMarkup($realm, $return_to=null, $immediate=false,
|
||||
$form_tag_attrs=null)
|
||||
{
|
||||
$form = $this->formMarkup($realm, $return_to, $immediate,
|
||||
$form = $this->formMarkup($realm, $return_to, $immediate,
|
||||
$form_tag_attrs);
|
||||
|
||||
if (Auth_OpenID::isFailure($form)) {
|
||||
|
|
|
|||
|
|
@ -482,7 +482,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
|
|||
}
|
||||
|
||||
if ($handle = opendir($dir)) {
|
||||
while ($item = readdir($handle)) {
|
||||
while (false !== ($item = readdir($handle))) {
|
||||
if (!in_array($item, array('.', '..'))) {
|
||||
if (is_dir($dir . $item)) {
|
||||
|
||||
|
|
|
|||
|
|
@ -104,8 +104,11 @@ class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore {
|
|||
|
||||
// no handle given, receiving the latest issued
|
||||
$serverKey = $this->associationServerKey($server_url);
|
||||
$lastKey = $this->redis->lpop($serverKey);
|
||||
if (!$lastKey) { return null; }
|
||||
$lastKey = $this->redis->lindex($serverKey, -1);
|
||||
if (!$lastKey) {
|
||||
// no previous association with this server
|
||||
return null;
|
||||
}
|
||||
|
||||
// get association, return null if failed
|
||||
return $this->getAssociationFromServer($lastKey);
|
||||
|
|
@ -156,10 +159,10 @@ class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore {
|
|||
|
||||
// SETNX will set the value only of the key doesn't exist yet.
|
||||
$nonceKey = $this->nonceKey($server_url, $salt);
|
||||
$added = $this->predis->setnx($nonceKey);
|
||||
$added = $this->redis->setnx($nonceKey, "1");
|
||||
if ($added) {
|
||||
// Will set expiration
|
||||
$this->predis->expire($nonceKey, $Auth_OpenID_SKEW);
|
||||
$this->redis->expire($nonceKey, $Auth_OpenID_SKEW);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -210,7 +210,7 @@ class Auth_OpenID_TrustRoot {
|
|||
if ($parts['host'] == 'localhost') {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
$host_parts = explode('.', $parts['host']);
|
||||
if ($parts['wildcard']) {
|
||||
// Remove the empty string from the beginning of the array
|
||||
|
|
@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
|
|||
}
|
||||
|
||||
call_user_func_array($discover_function,
|
||||
array($relying_party_url, &$fetcher));
|
||||
array($relying_party_url, $fetcher));
|
||||
|
||||
$return_to_urls = array();
|
||||
$matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
|
||||
|
|
|
|||
|
|
@ -414,7 +414,7 @@ class Auth_Yadis_Discovery {
|
|||
list($yadis_url, $services) = call_user_func_array($discover_cb,
|
||||
array(
|
||||
$this->url,
|
||||
&$fetcher,
|
||||
$fetcher,
|
||||
));
|
||||
|
||||
$manager = $this->createManager($services, $yadis_url);
|
||||
|
|
|
|||
|
|
@ -90,6 +90,15 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
|
|||
$this->reset();
|
||||
|
||||
$c = curl_init();
|
||||
if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
|
||||
&& Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
|
||||
trigger_error(
|
||||
'You have disabled SSL verifcation, this is a TERRIBLE ' .
|
||||
'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
|
||||
'VERIFYPEER to false if you want to be safe again',
|
||||
E_USER_WARNING);
|
||||
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
|
||||
}
|
||||
|
||||
if ($c === false) {
|
||||
Auth_OpenID::log(
|
||||
|
|
|
|||
|
|
@ -65,29 +65,6 @@ class Auth_Yadis_ParseHTML {
|
|||
$this->_entity_replacements));
|
||||
}
|
||||
|
||||
/**
|
||||
* Replace HTML entities (amp, lt, gt, and quot) as well as
|
||||
* numeric entities (e.g. #x9f;) with their actual values and
|
||||
* return the new string.
|
||||
*
|
||||
* @access private
|
||||
* @param string $str The string in which to look for entities
|
||||
* @return string $new_str The new string entities decoded
|
||||
*/
|
||||
function replaceEntities($str)
|
||||
{
|
||||
foreach ($this->_entity_replacements as $old => $new) {
|
||||
$str = preg_replace(sprintf("/&%s;/", $old), $new, $str);
|
||||
}
|
||||
|
||||
// Replace numeric entities because html_entity_decode doesn't
|
||||
// do it for us.
|
||||
$str = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $str);
|
||||
$str = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $str);
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
||||
/**
|
||||
* Strip single and double quotes off of a string, if they are
|
||||
* present.
|
||||
|
|
@ -216,7 +193,7 @@ class Auth_Yadis_ParseHTML {
|
|||
$link_attrs = array();
|
||||
foreach ($attr_matches[0] as $index => $full_match) {
|
||||
$name = $attr_matches[1][$index];
|
||||
$value = $this->replaceEntities(
|
||||
$value = html_entity_decode(
|
||||
$this->removeQuotes($attr_matches[2][$index]));
|
||||
|
||||
$link_attrs[strtolower($name)] = $value;
|
||||
|
|
|
|||
|
|
@ -250,6 +250,10 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser {
|
|||
return false;
|
||||
}
|
||||
|
||||
if (isset($this->doc->doctype)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->xpath = new DOMXPath($this->doc);
|
||||
|
||||
if ($this->xpath) {
|
||||
|
|
@ -343,11 +347,11 @@ function Auth_Yadis_getSupportedExtensions()
|
|||
function Auth_Yadis_getXMLParser()
|
||||
{
|
||||
global $__Auth_Yadis_defaultParser;
|
||||
|
||||
|
||||
if (isset($__Auth_Yadis_defaultParser)) {
|
||||
return $__Auth_Yadis_defaultParser;
|
||||
}
|
||||
|
||||
|
||||
foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname)
|
||||
{
|
||||
if (extension_loaded($extension))
|
||||
|
|
@ -357,7 +361,7 @@ function Auth_Yadis_getXMLParser()
|
|||
return $p;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -429,7 +429,7 @@ class Auth_Yadis_XRDS {
|
|||
|
||||
foreach ($filters as $filter) {
|
||||
|
||||
if (call_user_func_array($filter, array(&$service))) {
|
||||
if (call_user_func_array($filter, array($service))) {
|
||||
$matches++;
|
||||
|
||||
if ($filter_mode == SERVICES_YADIS_MATCH_ANY) {
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
|
|||
}
|
||||
|
||||
$yadis_result = call_user_func_array($discover_func,
|
||||
array($input_url, &$fetcher));
|
||||
array($input_url, $fetcher));
|
||||
|
||||
if ($yadis_result === null) {
|
||||
return array($input_url, array());
|
||||
|
|
|
|||
Loading…
Reference in New Issue