Commit bb37b7b5 by Paul Klimov

OpenId attribute validation and extraction updated.

parent d21c59bc
...@@ -203,21 +203,9 @@ class AuthAction extends Action ...@@ -203,21 +203,9 @@ class AuthAction extends Action
switch ($_REQUEST['openid_mode']) { switch ($_REQUEST['openid_mode']) {
case 'id_res': case 'id_res':
if ($client->validate()) { if ($client->validate()) {
$attributes = [
'id' => $client->getClaimedId()
];
$rawAttributes = $client->fetchAttributes();
foreach ($client->requiredAttributes as $openIdAttributeName) {
if (isset($rawAttributes[$openIdAttributeName])) {
$attributes[$openIdAttributeName] = $rawAttributes[$openIdAttributeName];
} else {
throw new Exception('Unable to complete the authentication because the required data was not received.');
}
}
$client->setUserAttributes($attributes);
return $this->authSuccess($client); return $this->authSuccess($client);
} else { } else {
throw new Exception('Unable to complete the authentication because the required data was not received.'); throw new HttpException(400, 'Unable to complete the authentication because the required data was not received.');
} }
break; break;
case 'cancel': case 'cancel':
......
...@@ -382,13 +382,18 @@ class OpenId extends BaseClient implements ClientInterface ...@@ -382,13 +382,18 @@ class OpenId extends BaseClient implements ClientInterface
} }
/** /**
* Helper function used to scan for <meta>/<link> tags and extract information * Scans content for <meta>/<link> tags and extract information from them.
* from them * @param string $content HTML content to be be parsed.
*/ * @param string $tag name of the source tag.
protected function extractHtmlTagValue($content, $tag, $attrName, $attrValue, $valueName) * @param string $matchAttributeName name of the source tag attribute, which should contain $matchAttributeValue
* @param string $matchAttributeValue required value of $matchAttributeName
* @param string $valueAttributeName name of the source tag attribute, which should contain searched value.
* @return string|boolean searched value, "false" on failure.
*/
protected function extractHtmlTagValue($content, $tag, $matchAttributeName, $matchAttributeValue, $valueAttributeName)
{ {
preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1); preg_match_all("#<{$tag}[^>]*$matchAttributeName=['\"].*?$matchAttributeValue.*?['\"][^>]*$valueAttributeName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1);
preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2); preg_match_all("#<{$tag}[^>]*$valueAttributeName=['\"](.+?)['\"][^>]*$matchAttributeName=['\"].*?$matchAttributeValue.*?['\"][^>]*/?>#i", $content, $matches2);
$result = array_merge($matches1[1], $matches2[1]); $result = array_merge($matches1[1], $matches2[1]);
return empty($result) ? false : $result[0]; return empty($result) ? false : $result[0];
} }
...@@ -728,9 +733,10 @@ class OpenId extends BaseClient implements ClientInterface ...@@ -728,9 +733,10 @@ class OpenId extends BaseClient implements ClientInterface
/** /**
* Performs OpenID verification with the OP. * Performs OpenID verification with the OP.
* @param boolean $validateRequiredAttributes whether to validate required attributes.
* @return boolean whether the verification was successful. * @return boolean whether the verification was successful.
*/ */
public function validate() public function validate($validateRequiredAttributes = true)
{ {
$claimedId = $this->getClaimedId(); $claimedId = $this->getClaimedId();
if (empty($claimedId)) { if (empty($claimedId)) {
...@@ -769,7 +775,32 @@ class OpenId extends BaseClient implements ClientInterface ...@@ -769,7 +775,32 @@ class OpenId extends BaseClient implements ClientInterface
$response = $this->sendRequest($serverInfo['url'], 'POST', $params); $response = $this->sendRequest($serverInfo['url'], 'POST', $params);
return preg_match('/is_valid\s*:\s*true/i', $response); if (preg_match('/is_valid\s*:\s*true/i', $response)) {
if ($validateRequiredAttributes) {
return $this->validateRequiredAttributes();
} else {
return true;
}
} else {
return false;
}
}
/**
* Checks if all required attributes are present in the server response.
* @return boolean whether all required attributes are present.
*/
protected function validateRequiredAttributes()
{
if (!empty($this->requiredAttributes)) {
$attributes = $this->fetchAttributes();
foreach ($this->requiredAttributes as $openIdAttributeName) {
if (!isset($attributes[$openIdAttributeName])) {
return false;
}
}
}
return true;
} }
/** /**
...@@ -856,4 +887,12 @@ class OpenId extends BaseClient implements ClientInterface ...@@ -856,4 +887,12 @@ class OpenId extends BaseClient implements ClientInterface
} }
return $this->fetchSregAttributes(); return $this->fetchSregAttributes();
} }
/**
* @inheritdoc
*/
protected function initUserAttributes()
{
return array_merge(['id' => $this->getClaimedId()], $this->fetchAttributes());
}
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment