openid.class.php

Go to the documentation of this file.

<?php
/* Copyright (C) 2013 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2024   MDW           <mdeweerd@users.noreply.github.com>
 * Copyright (C) 2024       Frédéric France         <frederic.france@free.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */
 
class SimpleOpenID
{
  public $openid_url_identity;
  public $URLs = array();
  public $error = array();
  public $fields = array(
    'required' => array(),
    'optional' => array(),
  );
 
  public function __construct()
  {
    if (!function_exists('curl_exec')) {
      die('Error: Class SimpleOpenID requires curl extension to work');
    }
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetOpenIDServer($a)
  {
    // phpcs:enable
    $this->URLs['openid_server'] = $a;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetTrustRoot($a)
  {
    // phpcs:enable
    $this->URLs['trust_root'] = $a;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetCancelURL($a)
  {
    // phpcs:enable
    $this->URLs['cancel'] = $a;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetApprovedURL($a)
  {
    // phpcs:enable
    $this->URLs['approved'] = $a;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetRequiredFields($a)
  {
    // phpcs:enable
    if (is_array($a)) {
      $this->fields['required'] = $a;
    } else {
      $this->fields['required'][] = $a;
    }
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetOptionalFields($a)
  {
    // phpcs:enable
    if (is_array($a)) {
      $this->fields['optional'] = $a;
    } else {
      $this->fields['optional'][] = $a;
    }
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function SetIdentity($a)
  {
    // phpcs:enable
    // Set Identity URL
    if ((stripos($a, 'http://') === false)
    && (stripos($a, 'https://') === false)) {
      $a = 'http://'.$a;
    }
    /*
     $u = parse_url(trim($a));
     if (!isset($u['path'])){
     $u['path'] = '/';
     }else if(substr($u['path'],-1,1) == '/'){
     $u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
     }
     if (isset($u['query'])){ // If there is a query string, then use identity as is
     $identity = $a;
     }else{
     $identity = $u['scheme'] . '://' . $u['host'] . $u['path'];
     }
    */
    $this->openid_url_identity = $a;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function GetIdentity()
  {
    // phpcs:enable
    // Get Identity
    return $this->openid_url_identity;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function GetError()
  {
    // phpcs:enable
    $e = $this->error;
    return array('code' => $e[0], 'description' => $e[1]);
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function ErrorStore($code, $desc = null)
  {
    // phpcs:enable
    $errs = array();
    $errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server TAG on Identity page.';
    if ($desc == null) {
      $desc = $errs[$code];
    }
    $this->error = array($code, $desc);
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function IsError()
  {
    // phpcs:enable
    if (count($this->error) > 0) {
      return true;
    } else {
      return false;
    }
  }
 
  public function splitResponse($response)
  {
    $r = array();
    $response = explode("\n", $response);
    foreach ($response as $line) {
      $line = trim($line);
      if ($line != "") {
        list($key, $value) = explode(":", $line, 2);
        $r[trim($key)] = trim($value);
      }
    }
    return $r;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function OpenID_Standarize($openid_identity = null)
  {
    // phpcs:enable
    if ($openid_identity === null) {
      $openid_identity = $this->openid_url_identity;
    }
 
    $u = parse_url(strtolower(trim($openid_identity)));
 
    if (!isset($u['path']) || ($u['path'] == '/')) {
      $u['path'] = '';
    }
    if (substr($u['path'], -1, 1) == '/') {
      $u['path'] = substr($u['path'], 0, strlen($u['path']) - 1);
    }
    if (isset($u['query'])) { // If there is a query string, then use identity as is
      return $u['host'].$u['path'].'?'.$u['query'];
    } else {
      return $u['host'].$u['path'];
    }
  }
 
  public function array2url($arr)
  {
    // converts associated array to URL Query String
    if (!is_array($arr)) {
      return false;
    }
    $query = '';
    foreach ($arr as $key => $value) {
      $query .= $key."=".$value."&";
    }
    return $query;
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function FSOCK_Request($url, $method = "GET", $params = "")
  {
    // phpcs:enable
    $fp = fsockopen("ssl://www.myopenid.com", 443, $errno, $errstr, 3); // Connection timeout is 3 seconds
    if (!$fp) {
      $this->ErrorStore('OPENID_SOCKETERROR', $errstr);
      return false;
    } else {
      $request = $method." /server HTTP/1.0\r\n";
      $request .= "User-Agent: Dolibarr\r\n";
      $request .= "Connection: close\r\n\r\n";
      fwrite($fp, $request);
      stream_set_timeout($fp, 4); // Connection response timeout is 4 seconds
      $res = fread($fp, 2000);
      $info = stream_get_meta_data($fp);
      fclose($fp);
 
      if ($info['timed_out']) {
        $this->ErrorStore('OPENID_SOCKETTIMEOUT');
      } else {
        return $res;
      }
    }
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function HTML2OpenIDServer($content)
  {
    // phpcs:enable
    $get = array();
 
    $matches1 = array();
    $matches2 = array();
 
    // Get details of their OpenID server and (optional) delegate
    preg_match_all('/<link[^>]*rel=[\'"]openid.server[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
    preg_match_all('/<link[^>]*href=\'"([^\'"]+)[\'"][^>]*rel=[\'"]openid.server[\'"][^>]*\/?>/i', $content, $matches2);
    $servers = array_merge($matches1[1], $matches2[1]);
 
    preg_match_all('/<link[^>]*rel=[\'"]openid.delegate[\'"][^>]*href=[\'"]([^\'"]+)[\'"][^>]*\/?>/i', $content, $matches1);
 
    preg_match_all('/<link[^>]*href=[\'"]([^\'"]+)[\'"][^>]*rel=[\'"]openid.delegate[\'"][^>]*\/?>/i', $content, $matches2);
 
    $delegates = array_merge($matches1[1], $matches2[1]);
 
    $ret = array($servers, $delegates);
    return $ret;
  }
 
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function GetOpenIDServer($url = '')
  {
    // phpcs:enable
    global $conf;
 
    include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
    if (empty($url)) {
      $url = getDolGlobalString('MAIN_AUTHENTICATION_OPENID_URL');
    }
 
    $response = getURLContent($url, 'GET', '', 1, array(), array('http', 'https'));
 
    list($servers, $delegates) = $this->HTML2OpenIDServer($response);
    if (count($servers) == 0) {
      $this->ErrorStore('OPENID_NOSERVERSFOUND');
      return false;
    }
    if (isset($delegates[0])
    && ($delegates[0] != "")) {
      $this->SetIdentity($delegates[0]);
    }
    $this->SetOpenIDServer($servers[0]);
    return $servers[0];
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function GetRedirectURL()
  {
    // phpcs:enable
    $params = array();
    $params['openid.return_to'] = urlencode($this->URLs['approved']);
    $params['openid.mode'] = 'checkid_setup';
    $params['openid.identity'] = urlencode($this->openid_url_identity);
    $params['openid.trust_root'] = urlencode($this->URLs['trust_root']);
 
    if (isset($this->fields['required'])
    && (count($this->fields['required']) > 0)) {
      $params['openid.sreg.required'] = implode(',', $this->fields['required']);
    }
    if (isset($this->fields['optional'])
    && (count($this->fields['optional']) > 0)) {
      $params['openid.sreg.optional'] = implode(',', $this->fields['optional']);
    }
    return $this->URLs['openid_server']."?".$this->array2url($params);
  }
 
  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
  public function Redirect()
  {
    // phpcs:enable
    $redirect_to = $this->GetRedirectURL();
    if (headers_sent()) { // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
      echo '<script nonce="'.getNonce().'" type="text/javascript">window.location=\'';
      echo $redirect_to;
      echo '\';</script>';
    } else {  // Default Header Redirect
      header('Location: '.$redirect_to);
    }
  }
 
  public function validateWithServer()
  {
    $params = array(
      'openid.assoc_handle' => urlencode(GETPOST('openid_assoc_handle')),
      'openid.signed' => urlencode(GETPOST('openid_signed')),
      'openid.sig' => urlencode(GETPOST('openid_sig'))
    );
    // Send only required parameters to confirm validity
    $arr_signed = explode(",", str_replace('sreg.', 'sreg_', GETPOST('openid_signed')));
    $num = count($arr_signed);
    for ($i = 0; $i < $num; $i++) {
      $s = str_replace('sreg_', 'sreg.', $arr_signed[$i]);
      $c = GETPOST('openid_'.$arr_signed[$i]);
      // if ($c != ""){
      $params['openid.'.$s] = urlencode($c);
      // }
    }
    $params['openid.mode'] = "check_authentication";
 
    $openid_server = $this->GetOpenIDServer();
    if ($openid_server == false) {
      return false;
    }
 
    if (is_array($params)) {
      $params = $this->array2url($params);
    }
 
    $result = getURLContent($openid_server, 'POST', $params);
 
    $response = $result['content'];
 
    $data = $this->splitResponse($response);
    if ($data['is_valid'] == "true") {
      return true;
    } else {
      return false;
    }
  }
 
 
 
 
  public function sendDiscoveryRequestToGetXRDS($url = '')
  {
    global $conf;
 
    include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
    if (empty($url)) {
      $url = getDolGlobalString('MAIN_AUTHENTICATION_OPENID_URL');
    }
 
    dol_syslog(get_class($this).'::sendDiscoveryRequestToGetXRDS get XRDS');
 
    $addheaders = array('Accept: application/xrds+xml');
    $response = getURLContent($url, 'GET', '', 1, $addheaders, array('http', 'https'), 0);
    /* response should like this:
    <?xml version="1.0" encoding="UTF-8"?>
    <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
    <XRD>
    <Service priority="0">
    <Type>http://specs.openid.net/auth/2.0/server</Type>
    <Type>http://openid.net/srv/ax/1.0</Type>
    ...
    <URI>https://www.google.com/accounts/o8/ud</URI>
    </Service>
    </XRD>
    </xrds:XRDS>
    */
    $content = $response['content'];
 
    $server = '';
    if (preg_match('/'.preg_quote('<URI>', '/').'(.*)'.preg_quote('</URI>', '/').'/is', $content, $reg)) {
      $server = $reg[1];
    }
 
    if (empty($server)) {
      $this->ErrorStore('OPENID_NOSERVERSFOUND');
      return false;
    } else {
      dol_syslog(get_class($this).'::sendDiscoveryRequestToGetXRDS found endpoint = '.$server);
      $this->SetOpenIDServer($server);
      return $server;
    }
  }
}