php Auth_OpenID_splitNonce类(方法)实例源码

function Auth_OpenID_checkTimestamp($nonce_string,
                                    $allowed_skew = null,
                                    $now = null)
{
    // Is the timestamp that is part of the specified nonce string
    // within the allowed clock-skew of the current time?
    global $Auth_OpenID_SKEW;

    if ($allowed_skew === null) {
        $allowed_skew = $Auth_OpenID_SKEW;
    }

    $parts = Auth_OpenID_splitNonce($nonce_string);
    if ($parts == null) {
        return false;
    }

    if ($now === null) {
        $now = time();
    }

    $stamp = $parts[0];

    // Time after which we should not use the nonce
    $past = $now - $allowed_skew;

    // Time that is too far in the future for us to allow
    $future = $now + $allowed_skew;

    // the stamp is not too far in the future and is not too far
    // in the past
    return (($past <= $stamp) && ($stamp <= $future));
}

function runTest()
 {
     $result = Auth_OpenID_splitNonce($this->nonce_str);
     $this->assertNull($result);
 }

/**
  * @access private
  */
 function _idResCheckNonce($message, $endpoint)
 {
     if ($message->isOpenID1()) {
         // This indicates that the nonce was generated by the consumer
         $nonce = $this->_idResGetNonceOpenID1($message, $endpoint);
         $server_url = '';
     } else {
         $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
         $server_url = $endpoint->server_url;
     }
     if ($nonce === null) {
         return new Auth_OpenID_FailureResponse($endpoint, "Nonce missing from response");
     }
     $parts = Auth_OpenID_splitNonce($nonce);
     if ($parts === null) {
         return new Auth_OpenID_FailureResponse($endpoint, "Malformed nonce in response");
     }
     list($timestamp, $salt) = $parts;
     if (!$this->store->useNonce($server_url, $timestamp, $salt)) {
         return new Auth_OpenID_FailureResponse($endpoint, "Nonce already used or out of range");
     }
     return null;
 }

function index()
 {
     try {
         $member = Member::currentUser();
         if ($member) {
             // user is already logged in
             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
         }
         $consumer = Injector::inst()->get('MyOpenIDConsumer');
         $query = Auth_OpenID::getQuery();
         $message = Auth_OpenID_Message::fromPostArgs($query);
         $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
         list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
         $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
         error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp));
         // Complete the authentication process using the server's response.
         $response = $consumer->complete(OpenStackIdCommon::getReturnTo());
         if ($response->status == Auth_OpenID_CANCEL) {
             error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL');
             SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN);
             throw new Exception('The verification was cancelled. Please try again.');
         } else {
             if ($response->status == Auth_OpenID_FAILURE) {
                 error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE');
                 SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN);
                 throw new Exception("The OpenID authentication failed.");
             } else {
                 if ($response->status == Auth_OpenID_SUCCESS) {
                     error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS');
                     $openid = $response->getDisplayIdentifier();
                     $openid = OpenStackIdCommon::escape($openid);
                     if ($response->endpoint->canonicalID) {
                         $openid = escape($response->endpoint->canonicalID);
                     }
                     //get user info from openid response
                     $member = null;
                     list($email, $full_name) = $this->getUserProfileInfo($response);
                     if (!is_null($email)) {
                         //try to get user by email
                         $member = $this->member_repository->findByEmail($email);
                     }
                     if (!$member) {
                         // or by openid
                         $member = Member::get()->filter('IdentityURL', $openid)->first();
                     }
                     if ($member) {
                         $result = $member->canLogIn();
                         if ($result->valid()) {
                             $member->setIdentityUrl($openid);
                             $member->write();
                             $member->LogIn(true);
                             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
                         }
                         throw new Exception("Inactive User!");
                     }
                     throw new Exception("The OpenID authentication failed: can not find user " . $openid);
                 }
             }
         }
     } catch (Exception $ex) {
         Session::set("Security.Message.message", $ex->getMessage());
         Session::set("Security.Message.type", "bad");
         SS_Log::log($ex, SS_Log::WARN);
         return $this->redirect("Security/badlogin");
     }
 }

function _testNonceCleanup(&$store)
 {
     if (!$store->supportsCleanup()) {
         return;
     }
     $server_url = 'http://www.myopenid.com/openid';
     $now = time();
     $old_nonce1 = Auth_OpenID_mkNonce($now - 20000);
     $old_nonce2 = Auth_OpenID_mkNonce($now - 10000);
     $recent_nonce = Auth_OpenID_mkNonce($now - 600);
     global $Auth_OpenID_SKEW;
     $orig_skew = $Auth_OpenID_SKEW;
     $Auth_OpenID_SKEW = 0;
     $store->cleanupNonces();
     // Set SKEW high so stores will keep our nonces.
     $Auth_OpenID_SKEW = 100000;
     $params = Auth_OpenID_splitNonce($old_nonce1);
     array_unshift($params, $server_url);
     $this->assertTrue(call_user_func_array(array(&$store, 'useNonce'), $params));
     $params = Auth_OpenID_splitNonce($old_nonce2);
     array_unshift($params, $server_url);
     $this->assertTrue(call_user_func_array(array(&$store, 'useNonce'), $params));
     $params = Auth_OpenID_splitNonce($recent_nonce);
     array_unshift($params, $server_url);
     $this->assertTrue(call_user_func_array(array(&$store, 'useNonce'), $params));
     $Auth_OpenID_SKEW = 3600;
     $cleaned = $store->cleanupNonces();
     $this->assertEquals(2, $cleaned);
     // , "Cleaned %r nonces." % (cleaned,)
     $Auth_OpenID_SKEW = 100000;
     // A roundabout method of checking that the old nonces were
     // cleaned is to see if we're allowed to add them again.
     $params = Auth_OpenID_splitNonce($old_nonce1);
     array_unshift($params, $server_url);
     $this->assertTrue(call_user_func_array(array(&$store, 'useNonce'), $params));
     $params = Auth_OpenID_splitNonce($old_nonce2);
     array_unshift($params, $server_url);
     $this->assertTrue(call_user_func_array(array(&$store, 'useNonce'), $params));
     // The recent nonce wasn't cleaned, so it should still fail.
     $params = Auth_OpenID_splitNonce($recent_nonce);
     array_unshift($params, $server_url);
     $this->assertFalse(call_user_func_array(array(&$store, 'useNonce'), $params));
     $Auth_OpenID_SKEW = $orig_skew;
 }

function test_badNonce()
 {
     // remove the nonce from the store
     $nonce = Auth_OpenID_mkNonce();
     list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
     $this->store->useNonce($this->server_url, $timestamp, $salt);
     $response = Auth_OpenID_Message::fromOpenIDArgs(array('response_nonce' => $nonce, 'ns' => Auth_OpenID_OPENID2_NS));
     $result = $this->consumer->_idResCheckNonce($response, $this->endpoint);
     $this->assertTrue(Auth_OpenID::isFailure($result));
 }