+ // Determines which SREG data are requested by the endpoint, and returns them.
+ public function GetSRegDataForRequest(User $user)
+ {
+ require_once 'Auth/OpenID/SReg.php';
+
+ // Other common SReg fields we could fill are:
+ // dob, country, language, timezone.
+ $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($this->request);
+ return Auth_OpenID_SRegResponse::extractResponse($sreg_request, array(
+ 'fullname' => $user->fullName(),
+ 'nickname' => $user->displayName(),
+ 'email' => $user->bestEmail(),
+ 'gender' => $user->isFemale() ? 'F' : 'M',
+ ));
+ }
+
+ // Handling and answering helpers ------------------------------------------
+
+ // Answers the current request, and renders the response. Appends the |sreg|
+ // data when not null.
+ public function AnswerRequest($is_authorized, $sreg_data = null)
+ {
+ // Creates the response.
+ if ($is_authorized && $this->request->idSelect()) {
+ $user = S::user();
+ $response = $this->request->answer(
+ $is_authorized, null, $user->login(), $this->GetUserUrl($user));
+ } else {
+ $response = $this->request->answer($is_authorized);
+ }
+
+ // Clobbers response, and get it back to the Relaying Party.
+ if ($sreg_data) {
+ $sreg_data->toMessage($response->fields);
+ }
+ $this->RenderResponse($response);
+ }
+
+ // Automatically handles the request without any user interaction.
+ public function HandleRequest()
+ {
+ $response = $this->server->handleRequest($this->request);
+ $this->RenderResponse($response);
+ }
+
+ // Trust management helpers ------------------------------------------------
+
+ // Returns true iff the current endpoint is currently trusted by |user|.
+ public function IsEndpointTrusted(User $user)
+ {
+ $res = XDB::query(
+ "SELECT COUNT(*)
+ FROM account_auth_openid
+ WHERE (uid = {?} OR uid IS NULL) AND url = {?}",
+ $user->id(), $this->request->trust_root);
+ return ($res->fetchOneCell() > 0);
+ }
+
+ // Updates the trust level for the given endpoint, based on the value pf
+ // |trusted| and |permanent_trust| (the latter is ignored when the former
+ // value is false). Returns true iff the current endpoint is trusted.
+ public function UpdateEndpointTrust(User $user, $trusted, $permanent_trust) {
+ $initial_trust = $this->IsEndpointTrusted($user);
+ if (!$initial_trust && $trusted && $permanent_trust) {
+ XDB::execute(
+ "INSERT IGNORE INTO account_auth_openid
+ SET uid = {?}, url = {?}",
+ $user->id(), $this->request->trust_root);
+ }
+
+ return ($initial_trust || $trusted);
+ }
+
+ // Page renderers ----------------------------------------------------------
+
+ // Renders the OpenId discovery page for |user|.
+ public function RenderDiscoveryPage($page, User $user)
+ {
+ $page->changeTpl('openid/openid.tpl');
+ $page->setTitle($user->fullName());
+ $page->addLink('openid.server openid2.provider', $this->base_url);
+ $page->addLink('openid.delegate openid2.local_id', $user->login());
+ $page->assign_by_ref('user', $user);
+
+ // Include the X-XRDS-Location header for Yadis discovery.
+ header('X-XRDS-Location: ' . $this->GetUserXrdsUrl($user));
+ }
+
+ // Renders the main XRDS page.
+ public function RenderMainXrdsPage($page)
+ {
+ pl_content_headers("application/xrds+xml");
+ $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
+ $page->assign('type2', Auth_OpenID_TYPE_2_0_IDP);
+ $page->assign('sreg', Auth_OpenID_SREG_URI);
+ $page->assign('provider', $this->base_url);
+ }
+
+ // Renders the XRDS page of |user|.
+ public function RenderUserXrdsPage($page, User $user)
+ {
+ pl_content_headers("application/xrds+xml");
+ $page->changeTpl('openid/user_xrds.tpl', NO_SKIN);
+ $page->assign('type2', Auth_OpenID_TYPE_2_0);
+ $page->assign('type1', Auth_OpenID_TYPE_1_1);
+ $page->assign('sreg', Auth_OpenID_SREG_URI);
+ $page->assign('provider', $this->base_url);
+ $page->assign('local_id', $user->login());
+ }
+
+ // Renders the OpenId response for the HTTP client.
+ public function RenderResponse($response)
+ {
+ if ($response) {
+ $web_response = $this->server->encodeResponse($response);
+ header(sprintf('%s %d', $_SERVER['SERVER_PROTOCOL'], $web_response->code),
+ true, $web_response->code);
+
+ if (is_a($response, 'Auth_OpenID_ServerError')) {
+ print "Erreur lors de l'authentification OpenId: " . $response->toString();
+ } else {
+ foreach ($web_response->headers as $key => $value) {
+ header(sprintf('%s: %s', $key, $value));
+ }
+
+ header('Connection: close');
+ print $web_response->body;
+ }
+ }
+ exit;
+ }
+
+ // URL providers -----------------------------------------------------------
+
+ // Returns the OpenId identity URL of the requested user.
+ private function GetUserUrl(User $user)
+ {
+ return $this->base_url . '/' . $user->login();
+ }
+
+ // Returns the private XRDS page of a user.
+ private function GetUserXrdsUrl(User $user)
+ {
+ return $this->base_url . '/xrds/' . $user->login();
+ }
+
+ // Returns the endpoint in the current request.
+ public function GetEndpoint()
+ {
+ return $this->request->trust_root;
+ }
+
+ // Extracts the OpenId arguments available in the current request, and
+ // builds a query string with them.
+ public function GetQueryStringForRequest()
+ {
+ foreach (Auth_OpenID::getQuery() as $key => $value) {
+ if (strpos($key, 'openid.') === 0) {
+ $args[$key] = $value;
+ }
+ }
+
+ return http_build_query($args);
+ }