dolibarr  7.0.0-beta
openid.class.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2013 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <http://www.gnu.org/licenses/>.
16  */
17 
28 {
29  var $openid_url_identity;
30  var $URLs = array();
31  var $error = array();
32  var $fields = array(
33  'required' => array(),
34  'optional' => array(),
35  );
36 
40  function __construct()
41  {
42  if (!function_exists('curl_exec'))
43  {
44  die('Error: Class SimpleOpenID requires curl extension to work');
45  }
46  }
47 
54  function SetOpenIDServer($a)
55  {
56  $this->URLs['openid_server'] = $a;
57  }
58 
65  function SetTrustRoot($a)
66  {
67  $this->URLs['trust_root'] = $a;
68  }
69 
76  function SetCancelURL($a)
77  {
78  $this->URLs['cancel'] = $a;
79  }
80 
87  function SetApprovedURL($a)
88  {
89  $this->URLs['approved'] = $a;
90  }
91 
98  function SetRequiredFields($a)
99  {
100  if (is_array($a)){
101  $this->fields['required'] = $a;
102  }else{
103  $this->fields['required'][] = $a;
104  }
105  }
106 
113  function SetOptionalFields($a)
114  {
115  if (is_array($a)){
116  $this->fields['optional'] = $a;
117  }else{
118  $this->fields['optional'][] = $a;
119  }
120  }
121 
128  function SetIdentity($a)
129  { // Set Identity URL
130  if ((stripos($a, 'http://') === false)
131  && (stripos($a, 'https://') === false)){
132  $a = 'http://'.$a;
133  }
134  /*
135  $u = parse_url(trim($a));
136  if (!isset($u['path'])){
137  $u['path'] = '/';
138  }else if(substr($u['path'],-1,1) == '/'){
139  $u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
140  }
141  if (isset($u['query'])){ // If there is a query string, then use identity as is
142  $identity = $a;
143  }else{
144  $identity = $u['scheme'] . '://' . $u['host'] . $u['path'];
145  }
146  //*/
147  $this->openid_url_identity = $a;
148  }
149 
155  function GetIdentity()
156  { // Get Identity
157  return $this->openid_url_identity;
158  }
159 
165  function GetError()
166  {
167  $e = $this->error;
168  return array('code'=>$e[0],'description'=>$e[1]);
169  }
170 
178  function ErrorStore($code, $desc = null)
179  {
180  $errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server TAG on Identity page.';
181  if ($desc == null){
182  $desc = $errs[$code];
183  }
184  $this->error = array($code,$desc);
185  }
186 
192  function IsError()
193  {
194  if (count($this->error) > 0)
195  {
196  return true;
197  }
198  else
199  {
200  return false;
201  }
202  }
203 
210  function splitResponse($response)
211  {
212  $r = array();
213  $response = explode("\n", $response);
214  foreach($response as $line) {
215  $line = trim($line);
216  if ($line != "") {
217  list($key, $value) = explode(":", $line, 2);
218  $r[trim($key)] = trim($value);
219  }
220  }
221  return $r;
222  }
223 
230  function OpenID_Standarize($openid_identity = null)
231  {
232  if ($openid_identity === null)
233  $openid_identity = $this->openid_url_identity;
234 
235  $u = parse_url(strtolower(trim($openid_identity)));
236 
237  if (!isset($u['path']) || ($u['path'] == '/')) {
238  $u['path'] = '';
239  }
240  if(substr($u['path'],-1,1) == '/'){
241  $u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
242  }
243  if (isset($u['query'])){ // If there is a query string, then use identity as is
244  return $u['host'] . $u['path'] . '?' . $u['query'];
245  }else{
246  return $u['host'] . $u['path'];
247  }
248  }
249 
256  function array2url($arr)
257  { // converts associated array to URL Query String
258  if (!is_array($arr)){
259  return false;
260  }
261  $query = '';
262  foreach($arr as $key => $value){
263  $query .= $key . "=" . $value . "&";
264  }
265  return $query;
266  }
267 
276  function FSOCK_Request($url, $method="GET", $params = "")
277  {
278  $fp = fsockopen("ssl://www.myopenid.com", 443, $errno, $errstr, 3); // Connection timeout is 3 seconds
279  if (!$fp) {
280  $this->ErrorStore('OPENID_SOCKETERROR', $errstr);
281  return false;
282  } else {
283  $request = $method . " /server HTTP/1.0\r\n";
284  $request .= "User-Agent: Dolibarr\r\n";
285  $request .= "Connection: close\r\n\r\n";
286  fwrite($fp, $request);
287  stream_set_timeout($fp, 4); // Connection response timeout is 4 seconds
288  $res = fread($fp, 2000);
289  $info = stream_get_meta_data($fp);
290  fclose($fp);
291 
292  if ($info['timed_out']) {
293  $this->ErrorStore('OPENID_SOCKETTIMEOUT');
294  } else {
295  return $res;
296  }
297  }
298  }
299 
308  function CURL_Request($url, $method="GET", $params = "")
309  { // Remember, SSL MUST BE SUPPORTED
310  if (is_array($params)) $params = $this->array2url($params);
311 
312  $curl = curl_init($url . ($method == "GET" && $params != "" ? "?" . $params : ""));
313  @curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
314  curl_setopt($curl, CURLOPT_HEADER, false);
315  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
316  curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET"));
317  curl_setopt($curl, CURLOPT_POST, ($method == "POST"));
318  if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
319  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
320  $response = curl_exec($curl);
321 
322  if (curl_errno($curl) == 0){
323  $response;
324  }else{
325  $this->ErrorStore('OPENID_CURL', curl_error($curl));
326  }
327  return $response;
328  }
329 
336  function HTML2OpenIDServer($content)
337  {
338  $get = array();
339 
340  // Get details of their OpenID server and (optional) delegate
341  preg_match_all('/<link[^>]*rel=[\'"]openid.server[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
342  preg_match_all('/<link[^>]*href=\'"([^\'"]+)[\'"][^>]*rel=[\'"]openid.server[\'"][^>]*\/?>/i', $content, $matches2);
343  $servers = array_merge($matches1[1], $matches2[1]);
344 
345  preg_match_all('/<link[^>]*rel=[\'"]openid.delegate[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
346 
347  preg_match_all('/<link[^>]*href=[\'"]([^\'"]+)[\'"][^>]*rel=[\'"]openid.delegate[\'"][^>]*\/?>/i', $content, $matches2);
348 
349  $delegates = array_merge($matches1[1], $matches2[1]);
350 
351  $ret = array($servers, $delegates);
352  return $ret;
353  }
354 
355 
362  function GetOpenIDServer($url='')
363  {
364  global $conf;
365 
366  include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
367  if (empty($url)) $url=$conf->global->MAIN_AUTHENTICATION_OPENID_URL;
368 
369  $response = getURLContent($url);
370 
371  list($servers, $delegates) = $this->HTML2OpenIDServer($response);
372  if (count($servers) == 0){
373  $this->ErrorStore('OPENID_NOSERVERSFOUND');
374  return false;
375  }
376  if (isset($delegates[0])
377  && ($delegates[0] != "")){
378  $this->SetIdentity($delegates[0]);
379  }
380  $this->SetOpenIDServer($servers[0]);
381  return $servers[0];
382  }
383 
389  function GetRedirectURL()
390  {
391  $params = array();
392  $params['openid.return_to'] = urlencode($this->URLs['approved']);
393  $params['openid.mode'] = 'checkid_setup';
394  $params['openid.identity'] = urlencode($this->openid_url_identity);
395  $params['openid.trust_root'] = urlencode($this->URLs['trust_root']);
396 
397  if (isset($this->fields['required'])
398  && (count($this->fields['required']) > 0)) {
399  $params['openid.sreg.required'] = implode(',',$this->fields['required']);
400  }
401  if (isset($this->fields['optional'])
402  && (count($this->fields['optional']) > 0)) {
403  $params['openid.sreg.optional'] = implode(',',$this->fields['optional']);
404  }
405  return $this->URLs['openid_server'] . "?". $this->array2url($params);
406  }
407 
413  function Redirect()
414  {
415  $redirect_to = $this->GetRedirectURL();
416  if (headers_sent())
417  { // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
418  echo '<script language="JavaScript" type="text/javascript">window.location=\'';
419  echo $redirect_to;
420  echo '\';</script>';
421  }
422  else
423  { // Default Header Redirect
424  header('Location: ' . $redirect_to);
425  }
426  }
427 
433  function ValidateWithServer()
434  {
435  $params = array(
436  'openid.assoc_handle' => urlencode($_GET['openid_assoc_handle']),
437  'openid.signed' => urlencode($_GET['openid_signed']),
438  'openid.sig' => urlencode($_GET['openid_sig'])
439  );
440  // Send only required parameters to confirm validity
441  $arr_signed = explode(",",str_replace('sreg.','sreg_',$_GET['openid_signed']));
442  $num = count($arr_signed);
443  for ($i = 0; $i < $num; $i++)
444  {
445  $s = str_replace('sreg_','sreg.', $arr_signed[$i]);
446  $c = $_GET['openid_' . $arr_signed[$i]];
447  // if ($c != ""){
448  $params['openid.' . $s] = urlencode($c);
449  // }
450  }
451  $params['openid.mode'] = "check_authentication";
452 
453  $openid_server = $this->GetOpenIDServer();
454  if ($openid_server == false)
455  {
456  return false;
457  }
458  $response = $this->CURL_Request($openid_server,'POST',$params);
459  $data = $this->splitResponse($response);
460  if ($data['is_valid'] == "true")
461  {
462  return true;
463  }
464  else
465  {
466  return false;
467  }
468  }
469 
470 
471 
472 
479  function sendDiscoveryRequestToGetXRDS($url='')
480  {
481  global $conf;
482 
483  include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
484  if (empty($url)) $url=$conf->global->MAIN_AUTHENTICATION_OPENID_URL;
485 
486  dol_syslog(get_class($this).'::sendDiscoveryRequestToGetXRDS get XRDS');
487 
488  $addheaders=array('Accept: application/xrds+xml');
489  $response = getURLContent($url, 'GET', '', 1, $addheaders);
490  /* response should like this:
491  <?xml version="1.0" encoding="UTF-8"?>
492  <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
493  <XRD>
494  <Service priority="0">
495  <Type>http://specs.openid.net/auth/2.0/server</Type>
496  <Type>http://openid.net/srv/ax/1.0</Type>
497  ...
498  <URI>https://www.google.com/accounts/o8/ud</URI>
499  </Service>
500  </XRD>
501  </xrds:XRDS>
502  */
503  $content=$response['content'];
504 
505  $server='';
506  if (preg_match('/'.preg_quote('<URI>','/').'(.*)'.preg_quote('</URI>','/').'/is', $content, $reg))
507  {
508  $server=$reg[1];
509  }
510 
511  if (empty($server))
512  {
513  $this->ErrorStore('OPENID_NOSERVERSFOUND');
514  return false;
515  }
516  else
517  {
518  dol_syslog(get_class($this).'::sendDiscoveryRequestToGetXRDS found endpoint = '.$server);
519  $this->SetOpenIDServer($server);
520  return $server;
521  }
522  }
523 
524 }
525 
SetOptionalFields($a)
SetOptionalFields.
SetApprovedURL($a)
SetApprovedURL.
SetOpenIDServer($a)
SetOpenIDServer.
GetIdentity()
GetIdentity.
sendDiscoveryRequestToGetXRDS($url='')
Get XRDS response and set possible servers.
HTML2OpenIDServer($content)
HTML2OpenIDServer.
array2url($arr)
array2url
SetIdentity($a)
SetIdentity.
GetRedirectURL()
GetRedirectURL.
IsError()
IsError.
ErrorStore($code, $desc=null)
ErrorStore.
getURLContent($url, $postorget='GET', $param='', $followlocation=1, $addheaders=array())
Function get content from an URL (use proxy if proxy defined)
Definition: geturl.lib.php:34
SetRequiredFields($a)
SetRequiredFields.
SetCancelURL($a)
SetOpenIDServer.
SetTrustRoot($a)
SetOpenIDServer.
CURL_Request($url, $method="GET", $params="")
CURL_Request.
OpenID_Standarize($openid_identity=null)
OpenID_Standarize.
FSOCK_Request($url, $method="GET", $params="")
FSOCK_Request.
GetOpenIDServer($url='')
Get openid server.
splitResponse($response)
splitResponse
GetError()
SetOpenIDServer.
__construct()
Constructor.
Redirect()
Redirect.
Class to manage OpenID.