archive
/
poidsy
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
PHP OpenID consumer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 Commits
3 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
poidsy/discoverer.inc.php

discoverer.inc.php 11KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393 
  1. <?PHP

  2. 

  3. /* Poidsy 0.6 - http://chris.smith.name/projects/poidsy

  4.  * Copyright (c) 2008-2010 Chris Smith

  5.  *

  6.  * Permission is hereby granted, free of charge, to any person obtaining a copy

  7.  * of this software and associated documentation files (the "Software"), to deal

  8.  * in the Software without restriction, including without limitation the rights

  9.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10.  * copies of the Software, and to permit persons to whom the Software is

  11.  * furnished to do so, subject to the following conditions:

  12.  *

  13.  * The above copyright notice and this permission notice shall be included in

  14.  * all copies or substantial portions of the Software.

  15.  *

  16.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  22.  * SOFTWARE.

  23.  */

  24. 

  25. require_once(dirname(__FILE__) . '/logging.inc.php');

  26. 

  27. class Server {

  28. 

  29.  private $url = null;

  30.  private $version = 1;

  31.  private $services = array();

  32. 

  33.  public function __construct($url, $version) {

  34.   $this->url = $url;

  35.   $this->version = $version;

  36.  }

  37. 

  38.  public function getURL() {

  39.   return $this->url;

  40.  }

  41. 

  42.  public function getVersion() {

  43.   return $this->version;

  44.  }

  45. 

  46.  public function getServices() {

  47.   return $this->services;

  48.  }

  49. 

  50.  public function addServices($services) {

  51.   foreach ($services as $service) {

  52.    $this->services[] = $service;

  53.   }

  54.  }

  55. 

  56.  public function hasService($service) {

  57.   return array_search($service, $this->services) !== false;

  58.  }

  59. 

  60. }

  61. 

  62. class Discoverer {

  63. 

  64.  const ID_SELECT_URL = 'http://specs.openid.net/auth/2.0/identifier_select';

  65. 

  66.  private $version;        // OpenID 2 teminology   || OpenID 1 terminology

  67.                           // --------------------- || ----------------------

  68.  private $userSuppliedId; // User supplied ID      || [Same as Claimed ID]

  69.  private $claimedId;      // Claimed ID            || Claimed ID

  70.  private $endpointUrl;    // OP Endpoint URL       || Identity Provider

  71.  private $opLocalId;      // OP-local ID           || Delegate

  72. 

  73.  private $servers = array();

  74. 

  75.  public function __construct($uri, $normalise = true) {

  76.   if ($uri !== null) {

  77.    $this->discover($this->userSuppliedId = ($normalise ? $this->normalise($uri) : $uri));

  78.   }

  79.  }

  80. 

  81.  public function getEndpointUrl() {

  82.   return $this->endpointUrl;

  83.  }

  84. 

  85.  public function getUserSuppliedId() {

  86.   return $this->userSuppliedId;

  87.  }

  88. 

  89.  public function getClaimedId() {

  90.   return $this->claimedId;

  91.  }

  92. 

  93.  public function getOpLocalId() {

  94.   return $this->opLocalId;

  95.  }

  96. 

  97.  public function getVersion() {

  98.   return $this->version;

  99.  }

  100. 

  101.  public function hasServer($endpointUrl) {

  102.   return isset($this->servers[$endpointUrl]);

  103.  }

  104. 

  105.  public static function normalise($uri) {

  106.   // Strip xri:// prefix

  107.   if (substr($uri, 0, 6) == 'xri://') {

  108.    $uri = substr($uri, 6);

  109.   }

  110. 

  111.   // If the first char is a global context symbol, treat it as XRI

  112.   if (in_array($uri[0], array('=', '@', '+', '$', '!'))) {

  113.    // TODO: Implement

  114.    throw new Exception('This implementation does not currently support XRI');

  115.   }

  116. 

  117.   // Add http:// if needed

  118.   if (strpos($uri, '://') === false) {

  119.    $uri = 'http://' . $uri;

  120.   }

  121. 

  122.   $bits = @parse_url($uri);

  123. 

  124.   $result = $bits['scheme'] . '://';

  125.   if (defined('OPENID_ALLOWUSER') && isset($bits['user'])) {

  126.    $result .= $bits['user'];

  127.    if (isset($bits['pass'])) {

  128.     $result .= ':' . $bits['pass'];

  129.    }

  130.    $result .= '@';

  131.   }

  132.   $result .= preg_replace('/\.$/', '', $bits['host']);

  133. 

  134.   if (isset($bits['port']) && !empty($bits['port']) &&

  135.      (($bits['scheme'] == 'http' && $bits['port'] != '80') ||

  136.       ($bits['scheme'] == 'https' && $bits['port'] != '443') ||

  137.       ($bits['scheme'] != 'http' && $bits['scheme'] != 'https'))) {

  138.    $result .= ':' . $bits['port'];

  139.   }

  140. 

  141.   if (isset($bits['path'])) {

  142.    do {

  143.     $bits['path'] = preg_replace('#/([^/]*)/\.\./#', '/', str_replace('/./', '/', $old = $bits['path']));

  144.    } while ($old != $bits['path']);

  145.    $result .= $bits['path'];

  146.   } else {

  147.    $result .= '/';

  148.   }

  149. 

  150.   if (defined('OPENID_ALLOWQUERY') && isset($bits['query'])) {

  151.    $result .= '?' . $bits['query'];

  152.   }

  153. 

  154.   return $result;

  155.  }

  156. 

  157.  private function discover($uri) {

  158.   Logger::log('Performing discovery for %s', $uri);

  159. 

  160.   if (!$this->yadisDiscover($uri)) {

  161.    $this->htmlDiscover($uri);

  162.   }

  163.  }

  164. 

  165.  private function yadisDiscover($uri, $allowLocation = true) {

  166.   Logger::log('Attempting Yadis discovery on %s', $uri);

  167. 

  168.   if ($allowLocation) {

  169.    $this->claimedId = $uri;

  170.   }

  171. 

  172.   $ctx = stream_context_create(array(

  173.     'http' => array(

  174.       'header' => "Accept: application/xrds+xml\r\n",

  175.     )

  176.   ));

  177. 

  178.   $fh = @fopen($uri, 'r', false, $ctx);

  179. 

  180.   if (!$fh) {

  181.    Logger::log('Unable to open stream');

  182.    return false;

  183.   }

  184. 

  185.   $details = stream_get_meta_data($fh);

  186. 

  187.   $data = '';

  188.   while (!feof($fh) && strpos($data, '</head>') === false) {

  189.    $data .= fgets($fh);

  190.   }

  191. 

  192.   fclose($fh);

  193. 

  194.   foreach ($details['wrapper_data'] as $line) {

  195.    if ($allowLocation && preg_match('/^X-XRDS-Location:\s*(.*?)$/i', $line, $m)) {

  196.     // TODO: Allow relative URLs?

  197.     $this->handleRedirects($details);

  198.     return $this->yadisDiscover($m[1], false);

  199.    } else if (preg_match('#^Content-type:\s*application/xrds\+xml(;.*?)?$#i', $line)) {

  200.     $this->handleRedirects($details);

  201.     return $this->parseYadis($data);

  202.    }

  203.   }

  204. 

  205.   if (($url = $this->parseYadisHTML($data)) !== false) {

  206.    $this->handleRedirects($details);

  207.    return $this->yadisDiscover($url, false);

  208.   }

  209.  }

  210. 

  211.  private function parseYadis($data) {

  212.   $sxml = @new SimpleXMLElement($data);

  213. 

  214.   if (!$sxml) {

  215.    Logger::log('Failed to parse XRDS data as XML');

  216.    // TODO: Die somehow?

  217.    return false;

  218.   }

  219. 

  220.   // TODO: Better handling of namespaces

  221.   $found = false;

  222.   foreach ($sxml->XRD->Service as $service) {

  223.    $services = array();

  224.    $server = null;

  225. 

  226.    foreach ($service->Type as $type) {

  227.     Logger::log('Found service of type %s', $type);

  228. 

  229.     if ((String) $type == 'http://specs.openid.net/auth/2.0/server') {

  230.      $this->version = 2;

  231.      $this->endpointUrl = (String) $service->URI;

  232.      $this->claimedId = $this->opLocalId = self::ID_SELECT_URL;

  233.      Logger::log('OpenID EP found (server). End point: %s, claimed id: %s, op local id: %s', $this->endpointUrl, $this->claimedId, $this->opLocalId);

  234.      $found = true;

  235.      $this->servers[$this->endpointUrl] = $server = new Server($this->endpointUrl, $this->version);

  236.     } else if ((String) $type == 'http://specs.openid.net/auth/2.0/signon') {

  237.      $this->version = 2;

  238.      $this->endpointUrl = (String) $service->URI;

  239. 

  240.      if (isset($service->LocalID)) {

  241.       $this->opLocalId = (String) $service->LocalID;

  242.      } else {

  243.       $this->opLocalId = self::ID_SELECT_URL;

  244.       $this->claimedId = self::ID_SELECT_URL;

  245.      }

  246. 

  247.      Logger::log('OpenID EP found (signon). End point: %s, claimed id: %s, op local id: %s', $this->endpointUrl, $this->claimedId, $this->opLocalId);

  248.      $found = true;

  249.      $this->servers[$this->endpointUrl] = $server = new Server($this->endpointUrl, $this->version);

  250.     } else {

  251.      $services[] = (String) $type;

  252.     }

  253.    }

  254. 

  255.    if ($server != null) {

  256.     $server->addServices($services);

  257.    }

  258.   }

  259. 

  260.   return $found;

  261.  }

  262. 

  263.  private function parseYadisHTML($data) {

  264.   $meta = self::getMetaTags($data);

  265. 

  266.   if (isset($meta['x-xrds-location'])) {

  267.    Logger::log('Found XRDS meta tag: %s', $meta['x-xrds-location']);

  268.    // TODO: Allow relative URLs?

  269.    return $meta['x-xrds-location'];

  270.   }

  271. 

  272.   return false;

  273.  }

  274. 

  275.  private function htmlDiscover($uri) {

  276.   Logger::log('Performing HTML discovery on %s', $uri);

  277. 

  278.   $fh = @fopen($uri, 'r');

  279. 

  280.   if (!$fh) {

  281.    Logger::log('Unable to open stream');

  282.    return;

  283.   }

  284. 

  285.   $this->claimedId = $uri;

  286. 

  287.   $details = stream_get_meta_data($fh);

  288. 

  289.   $this->handleRedirects($details);

  290. 

  291.   Logger::log('Claimed identity: %s', $this->claimedId);

  292. 

  293.   $data = '';

  294.   while (!feof($fh) && strpos($data, '</head>') === false) {

  295.    $data .= fgets($fh);

  296.   }

  297. 

  298.   fclose($fh);

  299. 

  300.   $this->parseHtml($data);

  301.  }

  302. 

  303.  protected function handleRedirects($details) {

  304.   foreach ($details['wrapper_data'] as $line) {

  305.    if (preg_match('/^Location: (.*?)$/i', $line, $m)) {

  306.     if (strpos($m[1], '://') !== false) {

  307.      // Fully qualified URL

  308.      $this->claimedId = $m[1];

  309.      Logger::log('Redirection (fully qualified) to ' . $m[1]);

  310.     } else if ($m[1][0] == '/') {

  311.      // Absolute URL

  312.      $this->claimedId = preg_replace('#^(.*?://.*?)/.*$#', '\1', $this->claimedId) . $m[1];

  313.      Logger::log('Redirection (absolute) to ' . $m[1] . ': ' . $this->claimedId);

  314.     } else {

  315.      // Relative URL

  316.      $this->claimedId = preg_replace('#^(.*?://.*/).*?$#', '\1', $this->claimedId) . $m[1];

  317.      Logger::log('Redirection (relative) to ' . $m[1] . ': ' . $this->claimedId);

  318.     }

  319.    }

  320.    $this->claimedId = self::normalise($this->claimedId);

  321.   }

  322.  }

  323. 

  324.  protected static function getLinks($data) {

  325.   return self::getTags($data, 'link', 'rel', 'href', true);

  326.  }

  327. 

  328.  protected static function getMetaTags($data) {

  329.   return self::getTags($data, 'meta', 'http-equiv', 'content');

  330.  }

  331. 

  332.  protected static function getTags($data, $tag, $att1, $att2, $split = false) {

  333.   preg_match_all('#<' . $tag . '\s*(.*?)\s*/?' . '>#is', $data, $matches);

  334. 

  335.   $links = array();

  336. 

  337.   foreach ($matches[1] as $link) {

  338.    $rel = $href = null;

  339. 

  340.    if (preg_match('#' . $att1 . '\s*=\s*(?:([^"\'>\s]*)|"([^">]*)"|\'([^\'>]*)\')(?:\s|$)#is', $link, $m)) {

  341.     array_shift($m);

  342.     $rel = implode('', $m);

  343.    }

  344. 

  345.    if (preg_match('#' . $att2 . '\s*=\s*(?:([^"\'>\s]*)|"([^">]*)"|\'([^\'>]*)\')(?:\s|$)#is', $link, $m)) {

  346.     array_shift($m);

  347.     $href = implode('', $m);

  348.    }

  349. 

  350.    if ($split) {

  351.     foreach (explode(' ', strtolower($rel)) as $part) {

  352.      $links[$part] = html_entity_decode($href);

  353.     }

  354.    } else {

  355.     $links[strtolower($rel)] = html_entity_decode($href);

  356.    }

  357.   }

  358. 

  359.   return $links;

  360.  }

  361. 

  362.  public function parseHtml($data) {

  363.   $links = self::getLinks($data);

  364. 

  365.   if (isset($links['openid2.provider'])) {

  366.    $this->version = 2;

  367.    $this->endpointUrl = $links['openid2.provider'];

  368.    //$this->servers[] = new Server($this->server, 2);

  369. 

  370.    $this->claimedId = $this->userSuppliedId;

  371.    $this->opLocalId = isset($links['openid2.local_id']) ? $links['openid2.local_id'] : $this->claimedId;

  372. 

  373.    $this->servers[$this->endpointUrl] = $server = new Server($this->endpointUrl, $this->version);

  374.    Logger::log('OpenID EP found. End point: %s, claimed id: %s, op local id: %s', $this->endpointUrl, $this->claimedId, $this->opLocalId);

  375.   } else if (isset($links['openid.server'])) {

  376.    $this->version = 1;

  377.    $this->endpointUrl = $links['openid.server'];

  378.    //$this->servers[] = new Server($this->server, 2);

  379. 

  380.    $this->claimedId = $this->userSuppliedId;

  381. 

  382.    if (isset($links['openid.delegate'])) {

  383.     $this->opLocalId = $links['openid.delegate'];

  384.    }

  385. 

  386.    $this->servers[$this->endpointUrl] = $server = new Server($this->endpointUrl, $this->version);

  387.    Logger::log('OpenID EP found. End point: %s, claimed id: %s, op local id: %s', $this->endpointUrl, $this->claimedId, $this->opLocalId);

  388.   }

  389.  }

  390. 

  391. }

  392. 

  393. ?>