forked from thinkphp/browserID-MooTools
/
login.class.php
182 lines (140 loc) · 5.18 KB
/
login.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
<?php
/**
* Simple implementation of Mozilla BrowserID
*/
class BrowserID {
/**
* The browserID's assertion verification service endpoint
*/
const endpoint = 'https://verifier.login.persona.org/verify';
/**
*
*/
private $assertion;
/**
* The hostname and optional port of your site
*/
private $audience;
/**
* The email address of the user
*/
private $email;
/**
* Expiration timestamp of the assertion
*/
private $expires;
/**
* The entity who issued the assertion
*/
private $issuer;
/**
* The entity who issued the assertion
*/
private $reason;
/**
* The constructor of class
* @public access
*/
public function __construct($audience, $assertion) {
//init
$this->audience = $audience;
$this->assertion = $assertion;
}
/**
* Get email address of the user
* @param None
* @return String return email address
* @public access
*/
public function getEmail() {
return $this->email;
}
/**
* Get expiration timestamp
* @param None
* @return integer expiration timestamp
* @public access
*/
public function getExpires() {
return $this->expires;
}
/**
* Get the entity who issued the assertion
* @param None
* @return String the entity who issued the assertion
* @public access
*/
public function getIssuer() {
return $this->issuer;
}
/**
* Get the reason if any!
* @param None
* @return String the reason why the assertion is failed
* @public access
*/
public function getReason() {
return $this->reason;
}
/**
* Makes an HTTP POST Request to verification endpoint
* @param String Endpoint Server
* @param Array the data to be sent to the endpoint
* @return Object returns an object verification response
* @private access
*/
private function _requestPOST($url, $data) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
$response = curl_exec($ch);
$infos = curl_getinfo($ch);
curl_close($ch);
if(false === $response) {
throw new Exception(sprintf("Faild to connect to the %s verifier", $url));
}
$json_decoded = json_decode($response);
if(!$json_decoded) {
throw new Exception(sprintf("JSON Response from %s is not valid", $url));
}
//for debug
//echo"<pre>"
//print_r($infos);
//echo"</pre>"
return $json_decoded;
}
/**
* With this method you must verify the assertion is authentic and extract the email address from it.
* @public access
* @return Object - returns an object as response from service with the following attributes:
* 1)status Okay
* 2)email mergesortv@gmail.com
* 3)audience https://mysite.com
* 4)expires 1308859352261
* 5)issuer "login.persona.org"
*/
public function verify_assertion() {
$params = json_encode(array('assertion'=>$this->assertion,
'audience'=>$this->audience));
$output = $this->_requestPOST(self::endpoint, $params);
//for debug
//print_r($output);
if(isset($output->status) && $output->status == 'okay') {
$this->email = $output->email;
$this->expires = $output->expires;
$this->issuer = $output->issuer;
return true;
} else {
$this->reason = $output->reason;
return false;
}
}
}
?>