diff options
Diffstat (limited to 'hauth/Hybrid/Endpoint.php')
| -rw-r--r-- | hauth/Hybrid/Endpoint.php | 222 |
1 files changed, 222 insertions, 0 deletions
diff --git a/hauth/Hybrid/Endpoint.php b/hauth/Hybrid/Endpoint.php new file mode 100644 index 0000000..7813fee --- /dev/null +++ b/hauth/Hybrid/Endpoint.php @@ -0,0 +1,222 @@ +<?php + +/** + * HybridAuth + * http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth + * (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html + */ + +/** + * Hybrid_Endpoint class + * + * Provides a simple way to handle the OpenID and OAuth endpoint + */ +class Hybrid_Endpoint { + + protected $request = null; + protected $initDone = false; + + /** + * Process the current request + * + * @param array $request The current request parameters. Leave as null to default to use $_REQUEST. + */ + public function __construct($request = null) { + if (is_null($request)) { + // Fix a strange behavior when some provider call back ha endpoint + // with /index.php?hauth.done={provider}?{args}... + // >here we need to parse $_SERVER[QUERY_STRING] + $request = $_REQUEST; + if (isset($_SERVER["QUERY_STRING"]) && strrpos($_SERVER["QUERY_STRING"], '?')) { + $_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]); + parse_str($_SERVER["QUERY_STRING"], $request); + } + } + + // Setup request variable + $this->request = $request; + + // If openid_policy requested, we return our policy document + if (isset($this->request["get"]) && $this->request["get"] == "openid_policy") { + $this->processOpenidPolicy(); + } + + // If openid_xrds requested, we return our XRDS document + if (isset($this->request["get"]) && $this->request["get"] == "openid_xrds") { + $this->processOpenidXRDS(); + } + + // If we get a hauth.start + if (isset($this->request["hauth_start"]) && $this->request["hauth_start"]) { + $this->processAuthStart(); + } + // Else if hauth.done + elseif (isset($this->request["hauth_done"]) && $this->request["hauth_done"]) { + $this->processAuthDone(); + } + // Else we advertise our XRDS document, something supposed to be done from the Realm URL page + else { + $this->processOpenidRealm(); + } + } + + /** + * Process the current request + * + * @param array $request The current request parameters. Leave as null to default to use $_REQUEST. + * @return Hybrid_Endpoint + */ + public static function process($request = null) { + // Trick for PHP 5.2, because it doesn't support late static binding + $class = function_exists('get_called_class') ? get_called_class() : __CLASS__; + new $class($request); + } + + /** + * Process OpenID policy request + * @return void + */ + protected function processOpenidPolicy() { + $output = file_get_contents(dirname(__FILE__) . "/resources/openid_policy.html"); + print $output; + die(); + } + + /** + * Process OpenID XRDS request + * @return void + */ + protected function processOpenidXRDS() { + header("Content-Type: application/xrds+xml"); + + $output = str_replace("{RETURN_TO_URL}", str_replace( + array("<", ">", "\"", "'", "&"), array("<", ">", """, "'", "&"), Hybrid_Auth::getCurrentUrl(false) + ), file_get_contents(dirname(__FILE__) . "/resources/openid_xrds.xml")); + print $output; + die(); + } + + /** + * Process OpenID realm request + * @return void + */ + protected function processOpenidRealm() { + $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') + . "?get=openid_xrds&v=" + . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html")); + print $output; + die(); + } + + /** + * Define: endpoint step 3 + * @return void + * @throws Hybrid_Exception + */ + protected function processAuthStart() { + $this->authInit(); + + $provider_id = trim(strip_tags($this->request["hauth_start"])); + + // check if page accessed directly + if (!Hybrid_Auth::storage()->get("hauth_session.$provider_id.hauth_endpoint")) { + Hybrid_Logger::error("Endpoint: hauth_endpoint parameter is not defined on hauth_start, halt login process!"); + + throw new Hybrid_Exception("You cannot access this page directly."); + } + + // define:hybrid.endpoint.php step 2. + $hauth = Hybrid_Auth::setup($provider_id); + + // if REQUESTed hauth_idprovider is wrong, session not created, etc. + if (!$hauth) { + Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_start!"); + throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again."); + } + + try { + Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginBegin()"); + + $hauth->adapter->loginBegin(); + } catch (Exception $e) { + Hybrid_Logger::error("Exception:" . $e->getMessage(), $e); + Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious()); + + $hauth->returnToCallbackUrl(); + } + + die(); + } + + /** + * Define: endpoint step 3.1 and 3.2 + * @return void + * @throws Hybrid_Exception + */ + protected function processAuthDone() { + $this->authInit(); + + $provider_id = trim(strip_tags($this->request["hauth_done"])); + + $hauth = Hybrid_Auth::setup($provider_id); + + if (!$hauth) { + Hybrid_Logger::error("Endpoint: Invalid parameter on hauth_done!"); + + $hauth->adapter->setUserUnconnected(); + + throw new Hybrid_Exception("Invalid parameter! Please return to the login page and try again."); + } + + try { + Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() "); + $hauth->adapter->loginFinish(); + } catch (Exception $e) { + Hybrid_Logger::error("Exception:" . $e->getMessage(), $e); + Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e->getPrevious()); + + $hauth->adapter->setUserUnconnected(); + } + + Hybrid_Logger::info("Endpoint: job done. return to callback url."); + + $hauth->returnToCallbackUrl(); + die(); + } + + /** + * Initializes authentication + * @throws Hybrid_Exception + */ + protected function authInit() { + if (!$this->initDone) { + $this->initDone = true; + + // Init Hybrid_Auth + try { + if (!class_exists("Hybrid_Storage", false)) { + require_once realpath(dirname(__FILE__)) . "/Storage.php"; + } + if (!class_exists("Hybrid_Exception", false)) { + require_once realpath(dirname(__FILE__)) . "/Exception.php"; + } + if (!class_exists("Hybrid_Logger", false)) { + require_once realpath(dirname(__FILE__)) . "/Logger.php"; + } + + $storage = new Hybrid_Storage(); + + // Check if Hybrid_Auth session already exist + if (!$storage->config("CONFIG")) { + throw new Hybrid_Exception("You cannot access this page directly."); + } + + Hybrid_Auth::initialize($storage->config("CONFIG")); + } catch (Exception $e) { + Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage()); + throw new Hybrid_Exception( "Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage(), $e->getCode(), $e ); + } + } + } + +} |
