From 8370303a3d5f30b78ae37116ca2df8c7525d9e49 Mon Sep 17 00:00:00 2001 From: "Anthony G. Basile" Date: Sat, 10 Mar 2018 19:18:59 -0500 Subject: Update openid 3.4.4 Signed-off-by: Anthony G. Basile --- plugins/openid/lib/Auth/OpenID.php | 23 +- plugins/openid/lib/Auth/OpenID/AX.php | 160 +++++---- plugins/openid/lib/Auth/OpenID/Association.php | 42 ++- plugins/openid/lib/Auth/OpenID/BigMath.php | 77 ++++- plugins/openid/lib/Auth/OpenID/Consumer.php | 360 +++++++++++++++------ plugins/openid/lib/Auth/OpenID/CryptUtil.php | 3 +- .../openid/lib/Auth/OpenID/DatabaseConnection.php | 6 +- plugins/openid/lib/Auth/OpenID/DiffieHellman.php | 9 +- plugins/openid/lib/Auth/OpenID/Discover.php | 38 ++- plugins/openid/lib/Auth/OpenID/DumbStore.php | 19 +- plugins/openid/lib/Auth/OpenID/Extension.php | 13 +- plugins/openid/lib/Auth/OpenID/FileStore.php | 44 ++- plugins/openid/lib/Auth/OpenID/HMAC.php | 7 +- plugins/openid/lib/Auth/OpenID/Interface.php | 48 ++- plugins/openid/lib/Auth/OpenID/KVForm.php | 5 + plugins/openid/lib/Auth/OpenID/MemcachedStore.php | 115 ++++--- plugins/openid/lib/Auth/OpenID/Message.php | 56 +++- plugins/openid/lib/Auth/OpenID/Nonce.php | 2 +- plugins/openid/lib/Auth/OpenID/PAPE.php | 49 ++- plugins/openid/lib/Auth/OpenID/Parse.php | 35 +- plugins/openid/lib/Auth/OpenID/SQLStore.php | 46 ++- plugins/openid/lib/Auth/OpenID/SReg.php | 83 ++++- plugins/openid/lib/Auth/OpenID/Server.php | 344 ++++++++++++++++---- plugins/openid/lib/Auth/OpenID/ServerRequest.php | 5 +- plugins/openid/lib/Auth/OpenID/TrustRoot.php | 6 +- plugins/openid/lib/Auth/OpenID/URINorm.php | 14 +- plugins/openid/lib/Auth/Yadis/HTTPFetcher.php | 31 +- plugins/openid/lib/Auth/Yadis/Manager.php | 61 +++- .../openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php | 16 + plugins/openid/lib/Auth/Yadis/ParseHTML.php | 15 +- plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php | 8 + plugins/openid/lib/Auth/Yadis/XML.php | 33 +- plugins/openid/lib/Auth/Yadis/XRDS.php | 35 +- plugins/openid/lib/Auth/Yadis/XRI.php | 5 + plugins/openid/lib/Auth/Yadis/XRIRes.php | 4 + plugins/openid/lib/Auth/Yadis/Yadis.php | 41 ++- plugins/openid/openid.php | 4 +- plugins/openid/readme.txt | 21 +- plugins/openid/server.php | 7 +- 39 files changed, 1388 insertions(+), 502 deletions(-) diff --git a/plugins/openid/lib/Auth/OpenID.php b/plugins/openid/lib/Auth/OpenID.php index c9d97796..4d8fffa3 100644 --- a/plugins/openid/lib/Auth/OpenID.php +++ b/plugins/openid/lib/Auth/OpenID.php @@ -117,6 +117,8 @@ class Auth_OpenID { * false if not. * * @access private + * @param object|string $thing + * @return bool */ static function isFailure($thing) { @@ -141,6 +143,8 @@ class Auth_OpenID { * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html * * @access private + * @param string|null $query_str + * @return array */ static function getQuery($query_str=null) { @@ -203,6 +207,8 @@ class Auth_OpenID { * true if the operation succeeded; false if not. * * @access private + * @param string $dir_name + * @return bool */ static function ensureDir($dir_name) { @@ -225,6 +231,9 @@ class Auth_OpenID { * array containing the prefixed values. * * @access private + * @param array $values + * @param string $prefix + * @return array */ static function addPrefix($values, $prefix) { @@ -241,6 +250,10 @@ class Auth_OpenID { * or return $default if the key is absent. * * @access private + * @param array $arr + * @param string $key + * @param mixed $fallback + * @return mixed */ static function arrayGet($arr, $key, $fallback = null) { @@ -261,6 +274,9 @@ class Auth_OpenID { /** * Replacement for PHP's broken parse_str. + * + * @param string|null $query + * @return array|null */ static function parse_str($query) { @@ -435,7 +451,7 @@ class Auth_OpenID { if ($normalized === null) { return null; } - list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); + list($defragged) = Auth_OpenID::urldefrag($normalized); return $defragged; } @@ -443,6 +459,8 @@ class Auth_OpenID { * Replacement (wrapper) for PHP's intval() because it's broken. * * @access private + * @param string|int $value + * @return bool|int */ static function intval($value) { @@ -470,6 +488,9 @@ class Auth_OpenID { /** * Get the bytes in a string independently of multibyte support * conditions. + * + * @param string $str + * @return array */ static function toBytes($str) { diff --git a/plugins/openid/lib/Auth/OpenID/AX.php b/plugins/openid/lib/Auth/OpenID/AX.php index 49cf2676..acc9af52 100644 --- a/plugins/openid/lib/Auth/OpenID/AX.php +++ b/plugins/openid/lib/Auth/OpenID/AX.php @@ -47,6 +47,9 @@ class Auth_OpenID_AX { /** * Check an alias for invalid characters; raise AXError if any are * found. Return None if the alias is valid. + * + * @param string $alias + * @return Auth_OpenID_AX_Error|bool */ function Auth_OpenID_AX_checkAlias($alias) { @@ -86,15 +89,15 @@ class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { * ns_alias: The preferred namespace alias for attribute exchange * messages */ - var $ns_alias = 'ax'; + public $ns_alias = 'ax'; /** * mode: The type of this attribute exchange message. This must be * overridden in subclasses. */ - var $mode = null; + public $mode = null; - var $ns_uri = Auth_OpenID_AX_NS_URI; + public $ns_uri = Auth_OpenID_AX_NS_URI; /** * Return Auth_OpenID_AX_Error if the mode in the attribute @@ -102,6 +105,8 @@ class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { * class; true otherwise. * * @access private + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool */ function _checkMode($ax_args) { @@ -190,6 +195,12 @@ class Auth_OpenID_AX_AttrInfo { /** * Construct an attribute information object. For parameter * details, see the constructor. + * + * @param string $type_uri + * @param int $count + * @param bool $required + * @param string|null $alias + * @return Auth_OpenID_AX_AttrInfo|Auth_OpenID_AX_Error|bool */ static function make($type_uri, $count=1, $required=false, $alias=null) @@ -224,11 +235,11 @@ class Auth_OpenID_AX_AttrInfo { * list of namespace aliases, return a list of type URIs that * correspond to those aliases. * - * @param $namespace_map The mapping from namespace URI to alias - * @param $alias_list_s The string containing the comma-separated + * @param Auth_OpenID_NamespaceMap $namespace_map The mapping from namespace URI to alias + * @param string $alias_list_s The string containing the comma-separated * list of aliases. May also be None for convenience. * - * @return $seq The list of namespace URIs that corresponds to the + * @return string[]|Auth_OpenID_AX_Error The list of namespace URIs that corresponds to the * supplied list of aliases. If the string was zero-length or None, an * empty list will be returned. * @@ -267,21 +278,27 @@ function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s) */ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { - var $mode = 'fetch_request'; + public $mode = 'fetch_request'; + + /** + * update_url: A URL that will accept responses for this + * attribute exchange request, even in the absence of the user + * who made this request. + * + * @var string + */ + public $update_url = ''; + + /** + * requested_attributes: The attributes that have been + * requested thus far, indexed by the type URI. + * + * @var array + */ + private $requested_attributes = array(); function __construct($update_url=null) { - /** - * requested_attributes: The attributes that have been - * requested thus far, indexed by the type URI. - */ - $this->requested_attributes = array(); - - /** - * update_url: A URL that will accept responses for this - * attribute exchange request, even in the absence of the user - * who made this request. - */ $this->update_url = $update_url; } @@ -289,8 +306,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { * Add an attribute to this attribute exchange request. * * @param attribute: The attribute that is being requested - * @return true on success, false when the requested attribute is - * already present in this fetch request. + * @return bool|Auth_OpenID_AX_Error */ function add($attribute) { @@ -308,9 +324,10 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Get the serialized form of this attribute fetch request. * - * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters + * @param Auth_OpenID_Request|null $request + * @return Auth_OpenID_AX_Error|Auth_OpenID_AX_FetchRequest The fetch request message parameters */ - function getExtensionArgs() + function getExtensionArgs($request = null) { $aliases = new Auth_OpenID_NamespaceMap(); @@ -361,7 +378,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { * Get the type URIs for all attributes that have been marked as * required. * - * @return A list of the type URIs for attributes that have been + * @return array A list of the type URIs for attributes that have been * marked as required. */ function getRequiredAttrs() @@ -379,12 +396,9 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Extract a FetchRequest from an OpenID message * - * @param request: The OpenID request containing the attribute - * fetch request + * @param Auth_OpenID_Request $request The OpenID request containing the attribute fetch request * - * @returns mixed An Auth_OpenID_AX_Error or the - * Auth_OpenID_AX_FetchRequest extracted from the request message if - * successful + * @return Auth_OpenID_AX_FetchRequest|Auth_OpenID_AX_Error */ static function fromOpenIDRequest($request) { @@ -424,11 +438,12 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Given attribute exchange arguments, populate this FetchRequest. * - * @return $result Auth_OpenID_AX_Error if the data to be parsed + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool if the data to be parsed * does not follow the attribute exchange specification. At least * when 'if_available' or 'required' is not specified for a * particular attribute type. Returns true otherwise. - */ + */ function parseExtensionArgs($ax_args) { $result = $this->_checkMode($ax_args); @@ -524,6 +539,9 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Is the given type URI present in this fetch_request? + * + * @param string $type_uri + * @return bool */ function contains($type_uri) { @@ -540,10 +558,8 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { */ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { - function __construct() - { - $this->data = array(); - } + /** @var array */ + protected $data = array(); /** * Add a single value for the given attribute type to the @@ -554,7 +570,6 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * @param type_uri: The URI for the attribute * @param value: The value to add to the response to the relying * party for this attribute - * @return null */ function addValue($type_uri, $value) { @@ -582,12 +597,13 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * Get the extension arguments for the key/value pairs contained * in this message. * - * @param aliases: An alias mapping. Set to None if you don't care + * @param Auth_OpenID_NamespaceMap $aliases An alias mapping. Set to None if you don't care * about the aliases for this request. * * @access private + * @return array */ - function _getExtensionKVArgs($aliases) + function _getExtensionKpublicgs($aliases) { if ($aliases === null) { $aliases = new Auth_OpenID_NamespaceMap(); @@ -613,10 +629,10 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { /** * Parse attribute exchange key/value arguments into this object. * - * @param ax_args: The attribute exchange fetch_response + * @param array $ax_args The attribute exchange fetch_response * arguments, with namespacing removed. * - * @return Auth_OpenID_AX_Error or true + * @return Auth_OpenID_AX_Error|bool */ function parseExtensionArgs($ax_args) { @@ -711,13 +727,11 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * this attribute, use the supplied default. If there is more than * one value for this attribute, this method will fail. * - * @param type_uri: The URI for the attribute - * @param default: The value to return if the attribute was not + * @param string $type_uri The URI for the attribute + * @param mixed $default The value to return if the attribute was not * sent in the fetch_response. * - * @return $value Auth_OpenID_AX_Error on failure or the value of - * the attribute in the fetch_response message, or the default - * supplied + * @return Auth_OpenID_AX_Error|mixed */ function getSingle($type_uri, $default=null) { @@ -744,9 +758,9 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * the user's code, so it might be okay. If no default is * supplied, should the return be None or []? * - * @param type_uri: The URI of the attribute + * @param string $type_uri The URI of the attribute * - * @return $values The list of values for this attribute in the + * @return Auth_OpenID_AX_Error|array The list of values for this attribute in the * response. May be an empty list. If the attribute was not sent * in the response, returns Auth_OpenID_AX_Error. */ @@ -766,9 +780,9 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * Get the number of responses for a particular attribute in this * fetch_response message. * - * @param type_uri: The URI of the attribute + * @param string $type_uri The URI of the attribute * - * @returns int The number of values sent for this attribute. If + * @returns int|Auth_OpenID_AX_Error The number of values sent for this attribute. If * the attribute was not sent in the response, returns * Auth_OpenID_AX_Error. */ @@ -791,11 +805,13 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * @package OpenID */ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'fetch_response'; + public $mode = 'fetch_response'; + + /** @var string */ + private $update_url = ''; function __construct($update_url=null) { - parent::__construct(); $this->update_url = $update_url; } @@ -803,7 +819,8 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * Serialize this object into arguments in the attribute exchange * namespace * - * @return $args The dictionary of unqualified attribute exchange + * @param Auth_OpenID_AX_FetchRequest|null $request + * @return Auth_OpenID_AX_Error|array|null $args The dictionary of unqualified attribute exchange * arguments that represent this fetch_response, or * Auth_OpenID_AX_Error on error. */ @@ -863,7 +880,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { } } - $kv_args = $this->_getExtensionKVArgs($aliases); + $kv_args = $this->_getExtensionKpublicgs($aliases); // Add the KV args into the response with the args that are // unique to the fetch_response @@ -894,7 +911,8 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { } /** - * @return $result Auth_OpenID_AX_Error on failure or true on + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool Auth_OpenID_AX_Error on failure or true on * success. */ function parseExtensionArgs($ax_args) @@ -914,12 +932,12 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * - * @param success_response: A successful id_res response object + * @param Auth_OpenID_SuccessResponse $success_response A successful id_res response object * - * @param signed: Whether non-signed args should be processsed. If + * @param bool $signed Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * - * @return $response A FetchResponse containing the data from the + * @return Auth_OpenID_AX_FetchResponse|null A FetchResponse containing the data from the * OpenID message */ static function fromSuccessResponse($success_response, $signed=true) @@ -950,16 +968,17 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * @package OpenID */ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'store_request'; + public $mode = 'store_request'; /** - * @param array $aliases The namespace aliases to use when making + * @param Auth_OpenID_NamespaceMap $aliases The namespace aliases to use when making * this store response. Leave as None to use defaults. + * @return array|null */ function getExtensionArgs($aliases=null) { $ax_args = $this->_newArgs(); - $kv_args = $this->_getExtensionKVArgs($aliases); + $kv_args = $this->_getExtensionKpublicgs($aliases); Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } @@ -973,12 +992,18 @@ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { * @package OpenID */ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { - var $SUCCESS_MODE = 'store_response_success'; - var $FAILURE_MODE = 'store_response_failure'; + public $SUCCESS_MODE = 'store_response_success'; + public $FAILURE_MODE = 'store_response_failure'; /** - * Returns Auth_OpenID_AX_Error on error or an - * Auth_OpenID_AX_StoreResponse object on success. + * @var string + */ + private $error_message = ''; + + /** + * @param bool $succeeded + * @param string $error_message + * @return Auth_OpenID_AX_Error|Auth_OpenID_AX_StoreResponse */ function make($succeeded=true, $error_message=null) { @@ -1009,7 +1034,14 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { return $this->mode == $this->SUCCESS_MODE; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { $ax_args = $this->_newArgs(); if ((!$this->succeeded()) && $this->error_message) { diff --git a/plugins/openid/lib/Auth/OpenID/Association.php b/plugins/openid/lib/Auth/OpenID/Association.php index 47eac84d..23ced3a4 100644 --- a/plugins/openid/lib/Auth/OpenID/Association.php +++ b/plugins/openid/lib/Auth/OpenID/Association.php @@ -48,14 +48,14 @@ class Auth_OpenID_Association { * * @access private */ - var $SIG_LENGTH = 20; + public $SIG_LENGTH = 20; /** * The ordering and name of keys as stored by serialize. * * @access private */ - var $assoc_keys = array( + public $assoc_keys = array( 'version', 'handle', 'secret', @@ -64,7 +64,7 @@ class Auth_OpenID_Association { 'assoc_type' ); - var $_macs = array( + public $_macs = array( 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1', 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256' ); @@ -83,16 +83,15 @@ class Auth_OpenID_Association { * @param string $handle This is the handle the server gave this * association. * - * @param string secret This is the shared secret the server + * @param string $secret This is the shared secret the server * generated for this association. * - * @param assoc_type This is the type of association this + * @param string $assoc_type This is the type of association this * instance represents. The only valid values of this field at * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may * be defined in the future. * - * @return association An {@link Auth_OpenID_Association} - * instance. + * @return Auth_OpenID_Association */ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) { @@ -148,7 +147,8 @@ class Auth_OpenID_Association { * This returns the number of seconds this association is still * valid for, or 0 if the association is no longer valid. * - * @return integer $seconds The number of seconds this association + * @param int|null $now + * @return int $seconds The number of seconds this association * is still valid for, or 0 if the association is no longer valid. */ function getExpiresIn($now = null) @@ -164,6 +164,7 @@ class Auth_OpenID_Association { * This checks to see if two {@link Auth_OpenID_Association} * instances represent the same association. * + * @param object $other * @return bool $result true if the two instances represent the * same association, false otherwise. */ @@ -196,13 +197,14 @@ class Auth_OpenID_Association { assert(array_keys($data) == $this->assoc_keys); - return Auth_OpenID_KVForm::fromArray($data, $strict = true); + return Auth_OpenID_KVForm::fromArray($data); } /** * Parse an association as stored by serialize(). This is the * inverse of serialize. * + * @param string $class_name * @param string $assoc_s Association as serialized by serialize() * @return Auth_OpenID_Association $result instance of this class */ @@ -274,11 +276,12 @@ class Auth_OpenID_Association { * Generate a signature for some fields in a dictionary * * @access private - * @param array $fields The fields to sign, in order; this is an + * @param Auth_OpenID_Message $message + * @return string $signature The signature, base64 encoded + * @internal param array $fields The fields to sign, in order; this is an * array of strings. - * @param array $data Dictionary of values to sign (an array of + * @internal param array $data Dictionary of values to sign (an array of * string => string pairs). - * @return string $signature The signature, base64 encoded */ function signMessage($message) { @@ -326,6 +329,8 @@ class Auth_OpenID_Association { * the message lacks a signed list, return null. * * @access private + * @param Auth_OpenID_Message $message + * @return array|null */ function _makePairs($message) { @@ -351,6 +356,8 @@ class Auth_OpenID_Association { * the signed list in the message. * * @access private + * @param Auth_OpenID_Message $message + * @return string */ function getMessageSignature($message) { @@ -363,6 +370,8 @@ class Auth_OpenID_Association { * signature contained in the data. * * @access private + * @param Auth_OpenID_Message $message + * @return bool */ function checkMessageSignature($message) { @@ -405,6 +414,10 @@ function Auth_OpenID_getSupportedAssociationTypes() return $a; } +/** + * @param string $assoc_type + * @return mixed + */ function Auth_OpenID_getSessionTypes($assoc_type) { $assoc_to_session = array( @@ -534,6 +547,8 @@ class Auth_OpenID_SessionNegotiator { * combination is valid. * * @access private + * @param array $allowed_types + * @return bool */ function setAllowedTypes($allowed_types) { @@ -554,6 +569,9 @@ class Auth_OpenID_SessionNegotiator { * they are added. * * @access private + * @param $assoc_type + * @param null $session_type + * @return bool */ function addAllowedType($assoc_type, $session_type = null) { diff --git a/plugins/openid/lib/Auth/OpenID/BigMath.php b/plugins/openid/lib/Auth/OpenID/BigMath.php index 58b46bf2..6a33322a 100644 --- a/plugins/openid/lib/Auth/OpenID/BigMath.php +++ b/plugins/openid/lib/Auth/OpenID/BigMath.php @@ -30,7 +30,7 @@ require_once 'Auth/OpenID.php'; * @access private * @package OpenID */ -class Auth_OpenID_MathLibrary { +abstract class Auth_OpenID_MathLibrary { /** * Given a long integer, returns the number converted to a binary * string. This function accepts long integer values of arbitrary @@ -78,7 +78,7 @@ class Auth_OpenID_MathLibrary { * Given a binary string, returns the binary string converted to a * long number. * - * @param string $binary The binary version of a long number, + * @param string $str The binary version of a long number, * probably as a result of calling longToBinary * @return integer $long The long number equivalent of the binary * string $str @@ -131,12 +131,8 @@ class Auth_OpenID_MathLibrary { * and will utilize the local large-number math library when * available. * - * @param integer $start The start of the range, or the minimum - * random number to return * @param integer $stop The end of the range, or the maximum * random number to return - * @param integer $step The step size, such that $result - ($step - * * N) = $start for some N * @return integer $result The resulting randomly-generated number */ function rand($stop) @@ -176,6 +172,55 @@ class Auth_OpenID_MathLibrary { return $this->mod($n, $stop); } + + /** + * @param int $number + * @param int $base + * @return int + */ + abstract protected function init($number, $base = 10); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract public function cmp($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function add($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function mul($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function div($x, $y); + + /** + * @param int $base + * @param int $modulus + * @return int + */ + abstract protected function mod($base, $modulus); + + /** + * @param int $base + * @param int $exponent + * @return int + */ + abstract protected function pow($base, $exponent); } /** @@ -188,7 +233,7 @@ class Auth_OpenID_MathLibrary { * @package OpenID */ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ - var $type = 'bcmath'; + public $type = 'bcmath'; function add($x, $y) { @@ -234,6 +279,10 @@ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ * Same as bcpowmod when bcpowmod is missing * * @access private + * @param int $base + * @param int $exponent + * @param int $modulus + * @return int */ function _powmod($base, $exponent, $modulus) { @@ -274,7 +323,7 @@ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ * @package OpenID */ class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{ - var $type = 'gmp'; + public $type = 'gmp'; function add($x, $y) { @@ -360,11 +409,12 @@ function Auth_OpenID_math_extensions() /** * Detect which (if any) math library is available + * + * @param array $exts + * @return bool */ function Auth_OpenID_detectMathLibrary($exts) { - $loaded = false; - foreach ($exts as $extension) { if (extension_loaded($extension['extension'])) { return $extension; @@ -391,8 +441,7 @@ function Auth_OpenID_detectMathLibrary($exts) * This function checks for the existence of specific long number * implementations in the following order: GMP followed by BCmath. * - * @return Auth_OpenID_MathWrapper $instance An instance of - * {@link Auth_OpenID_MathWrapper} or one of its subclasses + * @return Auth_OpenID_MathLibrary|null * * @package OpenID */ @@ -421,12 +470,10 @@ function Auth_OpenID_getMathLib() foreach (Auth_OpenID_math_extensions() as $extinfo) { $tried[] = $extinfo['extension']; } - $triedstr = implode(", ", $tried); Auth_OpenID_setNoMathSupport(); - $result = null; - return $result; + return null; } // Instantiate a new wrapper diff --git a/plugins/openid/lib/Auth/OpenID/Consumer.php b/plugins/openid/lib/Auth/OpenID/Consumer.php index c2b8c34b..fb1257ef 100644 --- a/plugins/openid/lib/Auth/OpenID/Consumer.php +++ b/plugins/openid/lib/Auth/OpenID/Consumer.php @@ -214,20 +214,14 @@ define('Auth_OpenID_PARSE_ERROR', 'parse error'); */ class Auth_OpenID_Consumer { - /** - * @access private - */ - var $discoverMethod = 'Auth_OpenID_discover'; + private $discoverMethod = 'Auth_OpenID_discover'; - /** - * @access private - */ - var $session_key_prefix = "_openid_consumer_"; + private $session_key_prefix = "_openid_consumer_"; - /** - * @access private - */ - var $_token_suffix = "last_token"; + private $_token_suffix = "last_token"; + + /** @var Auth_OpenID_GenericConsumer */ + public $consumer; /** * Initialize a Consumer instance. @@ -254,12 +248,11 @@ class Auth_OpenID_Consumer { * need to pass something here if you have your own sessioning * implementation. * - * @param str $consumer_cls The name of the class to instantiate + * @param string $consumer_cls The name of the class to instantiate * when creating the internal consumer object. This is used for * testing. */ - function __construct($store, $session = null, - $consumer_cls = null) + function __construct($store, $session = null, $consumer_cls = null) { if ($session === null) { $session = new Auth_Yadis_PHPSession(); @@ -280,12 +273,14 @@ class Auth_OpenID_Consumer { * Used in testing to define the discovery mechanism. * * @access private + * @param Auth_Yadis_PHPSession $session + * @param string $openid_url + * @param string $session_key_prefix + * @return Auth_Yadis_Discovery */ - function getDiscoveryObject($session, $openid_url, - $session_key_prefix) + function getDiscoveryObject($session, $openid_url, $session_key_prefix) { - return new Auth_Yadis_Discovery($session, $openid_url, - $session_key_prefix); + return new Auth_Yadis_Discovery($session, $openid_url, $session_key_prefix); } /** @@ -364,10 +359,10 @@ class Auth_OpenID_Consumer { * @param Auth_OpenID_ServiceEndpoint $endpoint an OpenID service * endpoint descriptor. * - * @param bool anonymous Set to true if you want to perform OpenID + * @param bool $anonymous Set to true if you want to perform OpenID * without identifiers. * - * @return Auth_OpenID_AuthRequest $auth_request An OpenID + * @return Auth_OpenID_AuthRequest|Auth_OpenID_FailureResponse $auth_request An OpenID * authentication request object. */ function beginWithoutDiscovery($endpoint, $anonymous=false) @@ -451,10 +446,10 @@ class Auth_OpenID_Consumer { * @package OpenID */ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { - var $session_type = 'DH-SHA1'; - var $hash_func = 'Auth_OpenID_SHA1'; - var $secret_size = 20; - var $allowed_assoc_types = array('HMAC-SHA1'); + public $session_type = 'DH-SHA1'; + public $hash_func = 'Auth_OpenID_SHA1'; + public $secret_size = 20; + public $allowed_assoc_types = array('HMAC-SHA1'); function __construct($dh = null) { @@ -484,6 +479,10 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { return $args; } + /** + * @param Auth_OpenID_Message $response + * @return null|string + */ function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, @@ -514,10 +513,10 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { */ class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends Auth_OpenID_DiffieHellmanSHA1ConsumerSession { - var $session_type = 'DH-SHA256'; - var $hash_func = 'Auth_OpenID_SHA256'; - var $secret_size = 32; - var $allowed_assoc_types = array('HMAC-SHA256'); + public $session_type = 'DH-SHA256'; + public $hash_func = 'Auth_OpenID_SHA256'; + public $secret_size = 32; + public $allowed_assoc_types = array('HMAC-SHA256'); } /** @@ -526,14 +525,18 @@ class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends * @package OpenID */ class Auth_OpenID_PlainTextConsumerSession { - var $session_type = 'no-encryption'; - var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); + public $session_type = 'no-encryption'; + public $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); function getRequest() { return array(); } + /** + * @param Auth_OpenID_Message $response + * @return bool|null|string + */ function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) { @@ -569,29 +572,29 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - var $discoverMethod = 'Auth_OpenID_discover'; + public $discoverMethod = 'Auth_OpenID_discover'; /** * This consumer's store object. */ - var $store; + public $store; /** * @access private */ - var $_use_assocs; + public $_use_assocs; /** * @access private */ - var $openid1_nonce_query_arg_name = 'janrain_nonce'; + public $openid1_nonce_query_arg_name = 'janrain_nonce'; /** * Another query parameter that gets added to the return_to for * OpenID 1; if the user's session state is lost, use this claimed * identifier to do discovery when verifying the response. */ - var $openid1_return_to_identifier_name = 'openid1_claimed_id'; + public $openid1_return_to_identifier_name = 'openid1_claimed_id'; /** * This method initializes a new {@link Auth_OpenID_Consumer} @@ -605,11 +608,6 @@ class Auth_OpenID_GenericConsumer { * filesystem-backed store, see the {@link Auth_OpenID_FileStore} module. * As a last resort, if it isn't possible for the server to store * state at all, an instance of {@link Auth_OpenID_DumbStore} can be used. - * - * @param bool $immediate This is an optional boolean value. It - * controls whether the library uses immediate mode, as explained - * in the module description. The default value is False, which - * disables immediate mode. */ function __construct($store) { @@ -630,6 +628,8 @@ class Auth_OpenID_GenericConsumer { * {@link Auth_OpenID_ServiceEndpoint}. * * @access private + * @param Auth_OpenID_ServiceEndpoint $service_endpoint + * @return Auth_OpenID_AuthRequest */ function begin($service_endpoint) { @@ -652,6 +652,10 @@ class Auth_OpenID_GenericConsumer { * complete OpenID authentication. * * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_SuccessResponse */ function complete($message, $endpoint, $return_to) { @@ -674,8 +678,11 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse */ - function _completeInvalid($message, $endpoint, $unused) + function _completeInvalid($message, $endpoint) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', ''); @@ -686,16 +693,22 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_CancelResponse */ - function _complete_cancel($message, $endpoint, $unused) + function _complete_cancel($message, $endpoint) { return new Auth_OpenID_CancelResponse($endpoint); } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse */ - function _complete_error($message, $endpoint, $unused) + function _complete_error($message, $endpoint) { $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact'); @@ -707,8 +720,11 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SetupNeededResponse */ - function _complete_setup_needed($message, $endpoint, $unused) + function _complete_setup_needed($message, $endpoint) { if (!$message->isOpenID2()) { return $this->_completeInvalid($message, $endpoint); @@ -721,15 +737,17 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SetupNeededResponse|Auth_OpenID_SuccessResponse|null */ function _complete_id_res($message, $endpoint, $return_to) { - $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, - 'user_setup_url'); + $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, 'user_setup_url'); if ($this->_checkSetupNeeded($message)) { - return new Auth_OpenID_SetupNeededResponse( - $endpoint, $user_setup_url); + return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } else { return $this->_doIdRes($message, $endpoint, $return_to); } @@ -737,6 +755,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return bool */ function _checkSetupNeeded($message) { @@ -756,6 +776,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SuccessResponse|mixed|null|string */ function _doIdRes($message, $endpoint, $return_to) { @@ -783,8 +807,7 @@ class Auth_OpenID_GenericConsumer { $endpoint = $result; - $result = $this->_idResCheckSignature($message, - $endpoint->server_url); + $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; @@ -812,6 +835,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $return_to + * @return bool */ function _checkReturnTo($message, $return_to) { @@ -879,6 +905,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param array $query + * @return Auth_OpenID_FailureResponse|bool */ function _verifyReturnToArgs($query) { @@ -936,6 +964,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return Auth_OpenID_FailureResponse|null */ function _idResCheckSignature($message, $server_url) { @@ -983,20 +1014,24 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint|null $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResults($message, $endpoint=null) { if ($message->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS) { - return $this->_verifyDiscoveryResultsOpenID2($message, - $endpoint); + return $this->_verifyDiscoveryResultsOpenID2($message, $endpoint); } else { - return $this->_verifyDiscoveryResultsOpenID1($message, - $endpoint); + return $this->_verifyDiscoveryResultsOpenID1($message, $endpoint); } } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResultsOpenID1($message, $endpoint) { @@ -1054,6 +1089,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_ServiceEndpoint $to_match + * @return Auth_OpenID_FailureResponse|null */ function _verifyDiscoverySingle($endpoint, $to_match) { @@ -1069,8 +1107,7 @@ class Auth_OpenID_GenericConsumer { // Fragments do not influence discovery, so we can't compare a // claimed identifier with a fragment to discovered // information. - list($defragged_claimed_id, $_) = - Auth_OpenID::urldefrag($to_match->claimed_id); + list($defragged_claimed_id) = Auth_OpenID::urldefrag($to_match->claimed_id); if ($defragged_claimed_id != $endpoint->claimed_id) { return new Auth_OpenID_FailureResponse($endpoint, @@ -1106,6 +1143,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResultsOpenID2($message, $endpoint) { @@ -1182,11 +1222,14 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param string $claimed_id + * @param Auth_OpenID_ServiceEndpoint[] $to_match_endpoints + * @return Auth_OpenID_FailureResponse */ function _discoverAndVerify($claimed_id, $to_match_endpoints) { // oidutil.log('Performing discovery on %s' % (claimed_id,)) - list($unused, $services) = call_user_func_array($this->discoverMethod, + list(, $services) = call_user_func_array($this->discoverMethod, array( $claimed_id, $this->fetcher, @@ -1204,6 +1247,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param string $claimed_id + * @param Auth_OpenID_ServiceEndpoint[] $services + * @param Auth_OpenID_ServiceEndpoint[] $to_match_endpoints + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryServices($claimed_id, $services, $to_match_endpoints) @@ -1211,10 +1258,10 @@ class Auth_OpenID_GenericConsumer { // Search the services resulting from discovery to find one // that matches the information from the assertion + $result = null; foreach ($services as $endpoint) { foreach ($to_match_endpoints as $to_match_endpoint) { - $result = $this->_verifyDiscoverySingle($endpoint, - $to_match_endpoint); + $result = $this->_verifyDiscoverySingle($endpoint, $to_match_endpoint); if (!Auth_OpenID::isFailure($result)) { // It matches, so discover verification has @@ -1224,9 +1271,10 @@ class Auth_OpenID_GenericConsumer { } } + $message = $result instanceof Auth_OpenID_FailureResponse ? $result->message : ''; + return new Auth_OpenID_FailureResponse(null, - sprintf('No matching endpoint found after discovering %s: %s', - $claimed_id, $result->message)); + sprintf('No matching endpoint found after discovering %s: %s', $claimed_id, $message)); } /** @@ -1236,24 +1284,27 @@ class Auth_OpenID_GenericConsumer { * * See the openid1_nonce_query_arg_name class variable * - * @returns $nonce The nonce as a string or null + * @param Auth_OpenID_Message $message + * @return string The nonce as a string or null * * @access private */ - function _idResGetNonceOpenID1($message, $endpoint) + function _idResGetNonceOpenID1($message) { - return $message->getArg(Auth_OpenID_BARE_NS, - $this->openid1_nonce_query_arg_name); + return $message->getArg(Auth_OpenID_BARE_NS, $this->openid1_nonce_query_arg_name); } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|null */ function _idResCheckNonce($message, $endpoint) { if ($message->isOpenID1()) { // This indicates that the nonce was generated by the consumer - $nonce = $this->_idResGetNonceOpenID1($message, $endpoint); + $nonce = $this->_idResGetNonceOpenID1($message); $server_url = ''; } else { $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, @@ -1286,6 +1337,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_FailureResponse|mixed|null|string */ function _idResCheckForFields($message) { @@ -1339,6 +1392,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return bool */ function _checkAuth($message, $server_url) { @@ -1358,6 +1414,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_Message|null */ function _createCheckAuthRequest($message) { @@ -1378,6 +1436,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $response + * @param string $server_url + * @return bool */ function _processCheckAuthResponse($response, $server_url) { @@ -1402,11 +1463,11 @@ class Auth_OpenID_GenericConsumer { /** * Adapt a POST response to a Message. * - * @param $response Result of a POST to an OpenID endpoint. - * + * @param Auth_Yadis_HTTPResponse $response Result of a POST to an OpenID endpoint. * @access private + * @return Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ - static function _httpResponseToMessage($response, $server_url) + static function _httpResponseToMessage($response) { // Should this function be named Message.fromHTTPResponse instead? $response_message = Auth_OpenID_Message::fromKVForm($response->body); @@ -1423,6 +1484,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _makeKVPost($message, $server_url) { @@ -1433,11 +1497,13 @@ class Auth_OpenID_GenericConsumer { return null; } - return $this->_httpResponseToMessage($resp, $server_url); + return $this->_httpResponseToMessage($resp); } /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_Association|Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _getAssociation($endpoint) { @@ -1453,8 +1519,7 @@ class Auth_OpenID_GenericConsumer { $assoc = $this->_negotiateAssociation($endpoint); if ($assoc !== null) { - $this->store->storeAssociation($endpoint->server_url, - $assoc); + $this->store->storeAssociation($endpoint->server_url, $assoc); } } @@ -1464,14 +1529,13 @@ class Auth_OpenID_GenericConsumer { /** * Handle ServerErrors resulting from association requests. * - * @return $result If server replied with an C{unsupported-type} + * @param $server_error + * @return array|null $result If server replied with an C{unsupported-type} * error, return a tuple of supported C{association_type}, * C{session_type}. Otherwise logs the error and returns null. - * * @access private */ - function _extractSupportedAssociationType($server_error, $endpoint, - $assoc_type) + function _extractSupportedAssociationType($server_error) { // Any error message whose code is not 'unsupported-type' // should be considered a total failure. @@ -1504,6 +1568,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_Association|null */ function _negotiateAssociation($endpoint) { @@ -1518,10 +1584,7 @@ class Auth_OpenID_GenericConsumer { } if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { - $why = $assoc; - - $supportedTypes = $this->_extractSupportedAssociationType( - $why, $endpoint, $assoc_type); + $supportedTypes = $this->_extractSupportedAssociationType($assoc); if ($supportedTypes !== null) { list($assoc_type, $session_type) = $supportedTypes; @@ -1553,6 +1616,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $assoc_type + * @param string $session_type + * @return Auth_OpenID_Association|Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _requestAssociation($endpoint, $assoc_type, $session_type) { @@ -1574,6 +1641,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $assoc_response + * @param Auth_OpenID_PlainTextConsumerSession $assoc_session + * @return Auth_OpenID_Association|Auth_OpenID_FailureResponse|null */ function _extractAssociation($assoc_response, $assoc_session) { @@ -1666,6 +1736,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $assoc_type + * @param string $session_type + * @return array|null */ function _createAssociateRequest($endpoint, $assoc_type, $session_type) { @@ -1673,6 +1747,7 @@ class Auth_OpenID_GenericConsumer { $session_type_class = $this->session_types[$session_type]; if (is_callable($session_type_class)) { + /** @var Auth_OpenID_PlainTextConsumerSession $assoc_session */ $assoc_session = $session_type_class(); } else { $assoc_session = new $session_type_class(); @@ -1712,7 +1787,8 @@ class Auth_OpenID_GenericConsumer { * return 'no-encryption' * * @access private - * @return $typ The association type for this message + * @param Auth_OpenID_Message $assoc_response + * @return string The association type for this message */ function _getOpenID1SessionType($assoc_response) { @@ -1756,21 +1832,23 @@ class Auth_OpenID_AuthRequest { * Users of this library should not create instances of this * class. Instances of this class are created by the library when * needed. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_Association $assoc */ function __construct($endpoint, $assoc) { $this->assoc = $assoc; $this->endpoint = $endpoint; $this->return_to_args = array(); - $this->message = new Auth_OpenID_Message( - $endpoint->preferredNamespace()); + $this->message = new Auth_OpenID_Message($endpoint->preferredNamespace()); $this->_anonymous = false; } /** * Add an extension to this checkid request. * - * $extension_request: An object that implements the extension + * @param Auth_OpenID_Extension $extension_request An object that implements the extension * request interface for adding arguments to an OpenID message. */ function addExtension($extension_request) @@ -1796,6 +1874,8 @@ class Auth_OpenID_AuthRequest { * * @param string $value The value to provide to the server for * this argument. + * + * @return Auth_OpenID_FailureResponse|bool|null|string */ function addExtensionArg($namespace, $key, $value) { @@ -1810,6 +1890,9 @@ class Auth_OpenID_AuthRequest { * * Anonymous requests are not allowed when the request is made * with OpenID 1. + * + * @param bool $is_anonymous + * @return bool */ function setAnonymous($is_anonymous) { @@ -1840,6 +1923,8 @@ class Auth_OpenID_AuthRequest { * engage the user before providing a response. This is the * default case, as the user may need to provide credentials or * approve the request before a positive response can be sent. + * + * @return Auth_OpenID_Message|Auth_OpenID_FailureResponse */ function getMessage($realm, $return_to=null, $immediate=false) { @@ -1933,6 +2018,12 @@ class Auth_OpenID_AuthRequest { * tag. 'accept-charset' and 'enctype' have defaults that can be * overridden. If a value is supplied for 'action' or 'method', it * will be replaced. + * + * @param string $realm + * @param null|string $return_to + * @param bool $immediate + * @param null|array $form_tag_attrs + * @return Auth_OpenID_FailureResponse|Auth_OpenID_Message|string */ function formMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) @@ -1943,8 +2034,7 @@ class Auth_OpenID_AuthRequest { return $message; } - return $message->toFormMarkup($this->endpoint->server_url, - $form_tag_attrs); + return $message->toFormMarkup($this->endpoint->server_url, $form_tag_attrs); } /** @@ -1952,6 +2042,12 @@ class Auth_OpenID_AuthRequest { * to the IDP. * * Wraps formMarkup. See the documentation for that function. + * + * @param string $realm + * @param string $return_to + * @param bool $immediate + * @param array $form_tag_attrs + * @return Auth_OpenID_FailureResponse|Auth_OpenID_Message|string */ function htmlMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) @@ -1977,8 +2073,17 @@ class Auth_OpenID_AuthRequest { * @package OpenID */ class Auth_OpenID_ConsumerResponse { - var $status = null; + public $status = null; + + /** @var null|string */ + public $identity_url = null; + /** @var Auth_OpenID_ServiceEndpoint */ + public $endpoint; + + /** + * @param Auth_OpenID_ServiceEndpoint|null $endpoint + */ function setEndpoint($endpoint) { $this->endpoint = $endpoint; @@ -2031,27 +2136,37 @@ class Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_SUCCESS; + public $status = Auth_OpenID_SUCCESS; + + /** @var array */ + public $signed_args = array(); + /** @var Auth_OpenID_Message */ + public $message; /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_Message $message + * @param array|null $signed_args */ function __construct($endpoint, $message, $signed_args=null) { $this->endpoint = $endpoint; $this->identity_url = $endpoint->claimed_id; - $this->signed_args = $signed_args; $this->message = $message; - if ($this->signed_args === null) { - $this->signed_args = array(); + if ($this->signed_args !== null) { + $this->signed_args = $signed_args; } } /** * Extract signed extension data from the server's response. * - * @param string $prefix The extension namespace from which to + * @param $namespace_uri + * @param $require_signed + * @return array|Auth_OpenID_FailureResponse|null|string + * @internal param string $prefix The extension namespace from which to * extract the extension data. */ function extensionResponse($namespace_uri, $require_signed) @@ -2089,8 +2204,6 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { function getSignedNS($ns_uri) { - $args = array(); - $msg_args = $this->message->getArgs($ns_uri); if (Auth_OpenID::isFailure($msg_args)) { return null; @@ -2137,10 +2250,16 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_FAILURE; + public $status = Auth_OpenID_FAILURE; - function __construct($endpoint, $message = null, - $contact = null, $reference = null) + /** @var string */ + public $message; + + public $contact; + + public $reference; + + function __construct($endpoint, $message = null, $contact = null, $reference = null) { $this->setEndpoint($endpoint); $this->message = $message; @@ -2164,9 +2283,23 @@ class Auth_OpenID_TypeURIMismatch extends Auth_OpenID_FailureResponse { * @package OpenID */ class Auth_OpenID_ServerErrorContainer { - function __construct($error_text, - $error_code, - $message) + + /** @var Auth_OpenID_Message */ + private $message; + + /** @var string */ + private $error_code; + /** @var string */ + private $error_text; + + /** + * Auth_OpenID_ServerErrorContainer constructor. + * + * @param string $error_text + * @param string $error_code + * @param Auth_OpenID_Message $message + */ + function __construct($error_text, $error_code, $message) { $this->error_text = $error_text; $this->error_code = $error_code; @@ -2175,6 +2308,8 @@ class Auth_OpenID_ServerErrorContainer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_ServerErrorContainer */ static function fromMessage($message) { @@ -2200,8 +2335,13 @@ class Auth_OpenID_ServerErrorContainer { * @package OpenID */ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_CANCEL; + public $status = Auth_OpenID_CANCEL; + /** + * Auth_OpenID_CancelResponse constructor. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + */ function __construct($endpoint) { $this->setEndpoint($endpoint); @@ -2226,14 +2366,20 @@ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_SETUP_NEEDED; + public $status = Auth_OpenID_SETUP_NEEDED; - function __construct($endpoint, - $setup_url = null) + /** @var string */ + public $setup_url = ''; + + /** + * Auth_OpenID_SetupNeededResponse constructor. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $setup_url + */ + function __construct($endpoint, $setup_url = null) { $this->setEndpoint($endpoint); $this->setup_url = $setup_url; } } - - diff --git a/plugins/openid/lib/Auth/OpenID/CryptUtil.php b/plugins/openid/lib/Auth/OpenID/CryptUtil.php index 3c60cea1..15c77f51 100644 --- a/plugins/openid/lib/Auth/OpenID/CryptUtil.php +++ b/plugins/openid/lib/Auth/OpenID/CryptUtil.php @@ -40,7 +40,6 @@ class Auth_OpenID_CryptUtil { static function getBytes($num_bytes) { static $f = null; - $bytes = ''; if ($f === null) { if (Auth_OpenID_RAND_SOURCE === null) { $f = false; @@ -72,7 +71,7 @@ class Auth_OpenID_CryptUtil { * * @param integer $length The length of the resulting * randomly-generated string - * @param string $chrs A string of characters from which to choose + * @param string|null $population A string of characters from which to choose * to build the new string * @return string $result A string of randomly-chosen characters * from $chrs diff --git a/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php b/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php index 0c7d08f9..b74f0afe 100644 --- a/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php +++ b/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php @@ -50,6 +50,7 @@ class Auth_OpenID_DatabaseConnection { */ function query($sql, $params = array()) { + return null; } /** @@ -90,6 +91,7 @@ class Auth_OpenID_DatabaseConnection { */ function getOne($sql, $params = array()) { + return false; } /** @@ -103,11 +105,12 @@ class Auth_OpenID_DatabaseConnection { * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * - * @return array $result The first row of the result set, if any, + * @return array|bool $result The first row of the result set, if any, * keyed on column name. False if no such result was found. */ function getRow($sql, $params = array()) { + return false; } /** @@ -125,6 +128,7 @@ class Auth_OpenID_DatabaseConnection { */ function getAll($sql, $params = array()) { + return array(); } } diff --git a/plugins/openid/lib/Auth/OpenID/DiffieHellman.php b/plugins/openid/lib/Auth/OpenID/DiffieHellman.php index 27759a52..fa334ed1 100644 --- a/plugins/openid/lib/Auth/OpenID/DiffieHellman.php +++ b/plugins/openid/lib/Auth/OpenID/DiffieHellman.php @@ -42,10 +42,11 @@ function Auth_OpenID_getDefaultGen() */ class Auth_OpenID_DiffieHellman { - var $mod; - var $gen; - var $private; - var $lib = null; + public $mod; + public $gen; + public $private; + /** @var Auth_OpenID_BcMathWrapper */ + public $lib = null; function __construct($mod = null, $gen = null, $private = null, $lib = null) diff --git a/plugins/openid/lib/Auth/OpenID/Discover.php b/plugins/openid/lib/Auth/OpenID/Discover.php index 569402e3..95c32f45 100644 --- a/plugins/openid/lib/Auth/OpenID/Discover.php +++ b/plugins/openid/lib/Auth/OpenID/Discover.php @@ -56,6 +56,7 @@ function Auth_OpenID_getOpenIDTypeName($type_uri) { case Auth_OpenID_RP_RETURN_TO_URL_TYPE: return 'OpenID relying party'; } + return 'unknown'; } /** @@ -235,11 +236,11 @@ class Auth_OpenID_ServiceEndpoint { return null; } - /* + /** * Create endpoints from a DiscoveryResult. * - * @param discoveryResult Auth_Yadis_DiscoveryResult - * @return array of Auth_OpenID_ServiceEndpoint or null if + * @param Auth_Yadis_DiscoveryResult $discoveryResult + * @return Auth_OpenID_ServiceEndpoint[]|null null if * endpoints cannot be created. */ static function fromDiscoveryResult($discoveryResult) @@ -305,6 +306,11 @@ class Auth_OpenID_ServiceEndpoint { } } +/** + * @param Auth_Yadis_Service $service + * @param array $type_uris + * @return bool|null + */ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) { // Extract a openid:Delegate value from a Yadis Service element. @@ -350,6 +356,10 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) return $local_id; } +/** + * @param Auth_Yadis_Service $service + * @return bool + */ function filter_MatchesAnyOpenIDType($service) { $uris = $service->getTypes(); @@ -363,6 +373,10 @@ function filter_MatchesAnyOpenIDType($service) return false; } +/** + * @param Auth_Yadis_Service $service + * @return bool + */ function filter_MatchesAnyOpenIDConsumerType(&$service) { $uris = $service->getTypes(); @@ -442,6 +456,11 @@ function Auth_OpenID_getOPOrUserServices($openid_services) } } +/** + * @param string $uri + * @param Auth_Yadis_Service[] $yadis_services + * @return array + */ function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services) { $s = array(); @@ -488,13 +507,10 @@ function Auth_OpenID_discoverWithYadis($uri, $fetcher, $discover_function = array('Auth_Yadis_Yadis', 'discover'); } - $openid_services = array(); - $response = call_user_func_array($discover_function, array($uri, $fetcher)); $yadis_url = $response->normalized_uri; - $yadis_services = array(); if ($response->isFailure() && !$response->isXRDS()) { return array($uri, array()); @@ -529,6 +545,11 @@ function Auth_OpenID_discoverURI($uri, $fetcher) return Auth_OpenID_discoverWithYadis($uri, $fetcher); } +/** + * @param string $uri + * @param Auth_Yadis_PlainHTTPFetcher $fetcher + * @return array + */ function Auth_OpenID_discoverWithoutYadis($uri, $fetcher) { $http_resp = @$fetcher->get($uri); @@ -571,6 +592,11 @@ function Auth_OpenID_discoverXRI($iname, $fetcher) return array($iname, $openid_services); } +/** + * @param string $uri + * @param Auth_Yadis_PlainHTTPFetcher $fetcher + * @return array + */ function Auth_OpenID_discover($uri, $fetcher) { // If the fetcher (i.e., PHP) doesn't support SSL, we can't do diff --git a/plugins/openid/lib/Auth/OpenID/DumbStore.php b/plugins/openid/lib/Auth/OpenID/DumbStore.php index b79bf658..01c7abff 100644 --- a/plugins/openid/lib/Auth/OpenID/DumbStore.php +++ b/plugins/openid/lib/Auth/OpenID/DumbStore.php @@ -32,6 +32,7 @@ require_once 'Auth/OpenID/HMAC.php'; * @package OpenID */ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { + protected $auth_key; /** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security @@ -47,7 +48,7 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * - * @param string secret_phrase The phrase used to create the auth + * @param string $secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function __construct($secret_phrase) @@ -57,6 +58,9 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation does nothing. + * + * @param string $server_url + * @param Auth_OpenID_Association $association */ function storeAssociation($server_url, $association) { @@ -64,6 +68,10 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation always returns null. + * + * @param string $server_url + * @param null $handle + * @return Auth_OpenID_Association|null */ function getAssociation($server_url, $handle = null) { @@ -72,6 +80,10 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation always returns false. + * + * @param string $server_url + * @param string $handle + * @return bool|mixed */ function removeAssociation($server_url, $handle) { @@ -82,6 +94,11 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { * In a system truly limited to dumb mode, nonces must all be * accepted. This therefore always returns true, which makes * replay attacks feasible. + * + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function useNonce($server_url, $timestamp, $salt) { diff --git a/plugins/openid/lib/Auth/OpenID/Extension.php b/plugins/openid/lib/Auth/OpenID/Extension.php index 542a1da2..61d2f375 100644 --- a/plugins/openid/lib/Auth/OpenID/Extension.php +++ b/plugins/openid/lib/Auth/OpenID/Extension.php @@ -22,14 +22,17 @@ class Auth_OpenID_Extension { * ns_uri: The namespace to which to add the arguments for this * extension */ - var $ns_uri = null; - var $ns_alias = null; + public $ns_uri = null; + public $ns_alias = null; /** * Get the string arguments that should be added to an OpenID * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null */ - function getExtensionArgs() + function getExtensionArgs($request = null) { return null; } @@ -38,6 +41,10 @@ class Auth_OpenID_Extension { * Add the arguments from this extension to the provided message. * * Returns the message with the extension arguments added. + * + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_Request $request + * @return null */ function toMessage($message, $request = null) { diff --git a/plugins/openid/lib/Auth/OpenID/FileStore.php b/plugins/openid/lib/Auth/OpenID/FileStore.php index 730225e0..afeaf2b2 100644 --- a/plugins/openid/lib/Auth/OpenID/FileStore.php +++ b/plugins/openid/lib/Auth/OpenID/FileStore.php @@ -38,6 +38,13 @@ require_once 'Auth/OpenID/Nonce.php'; */ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { + protected $directory = ''; + protected $active = false; + protected $nonce_dir = ''; + protected $association_dir = ''; + protected $temp_dir = ''; + protected $max_nonce_age = 0; + /** * Initializes a new {@link Auth_OpenID_FileStore}. This * initializes the nonce and association directories, which are @@ -114,6 +121,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { } else { Auth_OpenID_FileStore::_removeIfPresent($name); } + return array(); } function cleanupNonces() @@ -145,6 +153,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * contain the domain name from the server URL for ease of human * inspection of the data directory. * + * @param string $server_url + * @param string $handle * @return string $filename */ function getAssociationFilename($server_url, $handle) @@ -178,6 +188,10 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * Store an association in the association directory. + * + * @param string $server_url + * @param Auth_OpenID_Association $association + * @return bool */ function storeAssociation($server_url, $association) { @@ -227,7 +241,9 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * Retrieve an association. If no handle is specified, return the * association with the most recent issue time. * - * @return mixed $association + * @param string $server_url + * @param string|null $handle + * @return Auth_OpenID_Association|mixed|null */ function getAssociation($server_url, $handle = null) { @@ -282,7 +298,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { // return the most recently issued one. if ($matching_associations) { - list($issued, $assoc) = $matching_associations[0]; + list(, $assoc) = $matching_associations[0]; return $assoc; } else { return null; @@ -292,6 +308,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $filename + * @return Auth_OpenID_Association|null */ function _getAssociation($filename) { @@ -342,6 +360,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * Remove an association if it exists. Do nothing if it does not. * + * @param string $server_url + * @param string $handle * @return bool $success */ function removeAssociation($server_url, $handle) @@ -364,6 +384,9 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * Return whether this nonce is present. As a side effect, mark it * as no longer present. * + * @param string $server_url + * @param int $timestamp + * @param string $salt * @return bool $present */ function useNonce($server_url, $timestamp, $salt) @@ -466,6 +489,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; + /** @var Auth_OpenID_Association $assoc */ if ($assoc->getExpiresIn() == 0) { Auth_OpenID_FileStore::_removeIfPresent($assoc_filename); } @@ -474,6 +498,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool */ function _rmtree($dir) { @@ -512,6 +538,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool|string */ function _mkstemp($dir) { @@ -527,6 +555,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool|string */ static function _mkdtemp($dir) { @@ -544,6 +574,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return array */ function _listdir($dir) { @@ -559,6 +591,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $char + * @return bool */ function _isFilenameSafe($char) { @@ -569,6 +603,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $str + * @return mixed|string */ function _safe64($str) { @@ -581,6 +617,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $str + * @return string */ function _filenameEscape($str) { @@ -603,6 +641,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * the time of the call. * * @access private + * @param string $filename * @return bool $result True if the file was present, false if not. */ function _removeIfPresent($filename) @@ -615,6 +654,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { $removed = 0; foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; + /** @var Auth_OpenID_Association $assoc */ if ($assoc->getExpiresIn() == 0) { $this->_removeIfPresent($assoc_filename); $removed += 1; diff --git a/plugins/openid/lib/Auth/OpenID/HMAC.php b/plugins/openid/lib/Auth/OpenID/HMAC.php index e6c4bdfd..d83a1569 100644 --- a/plugins/openid/lib/Auth/OpenID/HMAC.php +++ b/plugins/openid/lib/Auth/OpenID/HMAC.php @@ -43,6 +43,7 @@ function Auth_OpenID_SHA1($text) } else { // Explode. trigger_error('No SHA1 function found', E_USER_ERROR); + return false; } } @@ -57,7 +58,7 @@ function Auth_OpenID_SHA1($text) function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { - $key = Auth_OpenID_SHA1($key, true); + $key = Auth_OpenID_SHA1($key); } if (function_exists('hash_hmac') && @@ -70,8 +71,8 @@ function Auth_OpenID_HMACSHA1($key, $text) $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); - $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); - $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); + $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text); + $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1); return $hmac; } diff --git a/plugins/openid/lib/Auth/OpenID/Interface.php b/plugins/openid/lib/Auth/OpenID/Interface.php index eca6b9c5..a8a335d5 100644 --- a/plugins/openid/lib/Auth/OpenID/Interface.php +++ b/plugins/openid/lib/Auth/OpenID/Interface.php @@ -39,15 +39,14 @@ class Auth_OpenID_OpenIDStore { * particular, expect to see unescaped non-url-safe characters in * the server_url field. * - * @param Association $association The Association to store. + * @param Auth_OpenID_Association $association The Association to store. */ function storeAssociation($server_url, $association) { - trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::storeAssociation not implemented", E_USER_ERROR); } - /* + /** * Remove expired nonces from the store. * * Discards any nonce from storage that is old enough that its @@ -57,40 +56,40 @@ class Auth_OpenID_OpenIDStore { * library. It provides a way for store admins to keep their * storage from filling up with expired data. * - * @return the number of nonces expired + * @return int the number of nonces expired */ function cleanupNonces() { - trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces not implemented", E_USER_ERROR); + return 0; } - /* + /** * Remove expired associations from the store. * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. * - * @return the number of associations expired. + * @return int the number of associations expired. */ function cleanupAssociations() { - trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations not implemented", E_USER_ERROR); + return 0; } - /* + /** * Shortcut for cleanupNonces(), cleanupAssociations(). * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. + * @return array */ function cleanup() { - return array($this->cleanupNonces(), - $this->cleanupAssociations()); + return array($this->cleanupNonces(), $this->cleanupAssociations()); } /** @@ -128,13 +127,12 @@ class Auth_OpenID_OpenIDStore { * provided, any valid association matching the server URL is * returned. * - * @return Association The Association for the given identity - * server. + * @return Auth_OpenID_Association The Association for the given identity server. */ function getAssociation($server_url, $handle = null) { - trigger_error("Auth_OpenID_OpenIDStore::getAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::getAssociation not implemented", E_USER_ERROR); + return null; } /** @@ -157,8 +155,8 @@ class Auth_OpenID_OpenIDStore { */ function removeAssociation($server_url, $handle) { - trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::removeAssociation not implemented", E_USER_ERROR); + return null; } /** @@ -176,14 +174,15 @@ class Auth_OpenID_OpenIDStore { * storeNonce call. (storeNonce is no longer part of the * interface. * - * @param string $nonce The nonce to use. - * + * @param string $server_url + * @param int $timestamp + * @param string $salt * @return bool Whether or not the nonce was valid. */ function useNonce($server_url, $timestamp, $salt) { - trigger_error("Auth_OpenID_OpenIDStore::useNonce ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::useNonce not implemented", E_USER_ERROR); + return false; } /** @@ -192,5 +191,4 @@ class Auth_OpenID_OpenIDStore { function reset() { } - } diff --git a/plugins/openid/lib/Auth/OpenID/KVForm.php b/plugins/openid/lib/Auth/OpenID/KVForm.php index dd02661d..f7806533 100644 --- a/plugins/openid/lib/Auth/OpenID/KVForm.php +++ b/plugins/openid/lib/Auth/OpenID/KVForm.php @@ -25,6 +25,9 @@ class Auth_OpenID_KVForm { * * @static * @access private + * @param string $kvs + * @param bool $strict + * @return array|bool */ static function toArray($kvs, $strict=false) { @@ -77,6 +80,8 @@ class Auth_OpenID_KVForm { * * @static * @access private + * @param null|array $values + * @return null|string */ static function fromArray($values) { diff --git a/plugins/openid/lib/Auth/OpenID/MemcachedStore.php b/plugins/openid/lib/Auth/OpenID/MemcachedStore.php index 10785860..5badd0ab 100644 --- a/plugins/openid/lib/Auth/OpenID/MemcachedStore.php +++ b/plugins/openid/lib/Auth/OpenID/MemcachedStore.php @@ -22,10 +22,10 @@ require_once 'Auth/OpenID/Interface.php'; /** * This is a memcached-based store for OpenID associations and - * nonces. - * - * As memcache has limit of 250 chars for key length, - * server_url, handle and salt are hashed with sha1(). + * nonces. + * + * As memcache has limit of 250 chars for key length, + * server_url, handle and salt are hashed with sha1(). * * Most of the methods of this class are implementation details. * People wishing to just use this store need only pay attention to @@ -34,12 +34,18 @@ require_once 'Auth/OpenID/Interface.php'; * @package OpenID */ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { + /** @var int */ + private $compress = 0; + + /** @var Memcache */ + private $connection; /** * Initializes a new {@link Auth_OpenID_MemcachedStore} instance. * Just saves memcached object as property. * - * @param resource connection Memcache connection resourse + * @param Memcache $connection Memcache connection resource + * @param bool $compress */ function __construct($connection, $compress = false) { @@ -48,29 +54,32 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { } /** - * Store association until its expiration time in memcached. - * Overwrites any existing association with same server_url and - * handle. Handles list of associations for every server. + * Store association until its expiration time in memcached. + * Overwrites any existing association with same server_url and + * handle. Handles list of associations for every server. + * + * @param string $server_url + * @param Auth_OpenID_Association $association */ function storeAssociation($server_url, $association) { - // create memcached keys for association itself + // create memcached keys for association itself // and list of associations for this server - $associationKey = $this->associationKey($server_url, + $associationKey = $this->associationKey($server_url, $association->handle); $serverKey = $this->associationServerKey($server_url); - - // get list of associations + + // get list of associations $serverAssociations = $this->connection->get($serverKey); - + // if no such list, initialize it with empty array if (!$serverAssociations) { $serverAssociations = array(); } // and store given association key in it $serverAssociations[$association->issued] = $associationKey; - - // save associations' keys list + + // save associations' keys list $this->connection->set( $serverKey, $serverAssociations, @@ -79,14 +88,18 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { // save association itself $this->connection->set( $associationKey, - $association, - $this->compress, + $association, + $this->compress, $association->issued + $association->lifetime); } /** - * Read association from memcached. If no handle given + * Read association from memcached. If no handle given * and multiple associations found, returns latest issued + * + * @param string $server_url + * @param null $handle + * @return Auth_OpenID_Association|null */ function getAssociation($server_url, $handle = null) { @@ -97,23 +110,23 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { $this->associationKey($server_url, $handle)); return $association ? $association : null; } - + // no handle given, working with list // create key for list of associations $serverKey = $this->associationServerKey($server_url); - + // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return null; } - + // get key of most recently issued association $keys = array_keys($serverAssociations); sort($keys); $lastKey = $serverAssociations[array_pop($keys)]; - + // get association, return null if failed $association = $this->connection->get($lastKey); return $association ? $association : null; @@ -121,32 +134,36 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { /** * Immediately delete association from memcache. + * + * @param string $server_url + * @param string $handle + * @return bool|mixed */ function removeAssociation($server_url, $handle) { - // create memcached keys for association itself + // create memcached keys for association itself // and list of associations for this server $serverKey = $this->associationServerKey($server_url); - $associationKey = $this->associationKey($server_url, + $associationKey = $this->associationKey($server_url, $handle); - + // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return false; } - + // ensure that given association key exists in list $serverAssociations = array_flip($serverAssociations); if (!array_key_exists($associationKey, $serverAssociations)) { return false; } - + // remove given association key from list unset($serverAssociations[$associationKey]); $serverAssociations = array_flip($serverAssociations); - + // save updated list $this->connection->set( $serverKey, @@ -154,48 +171,60 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { $this->compress ); - // delete association + // delete association return $this->connection->delete($associationKey); } /** - * Create nonce for server and salt, expiring after + * Create nonce for server and salt, expiring after * $Auth_OpenID_SKEW seconds. + * + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function useNonce($server_url, $timestamp, $salt) { global $Auth_OpenID_SKEW; - - // save one request to memcache when nonce obviously expired + + // save one request to memcache when nonce obviously expired if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { return false; } - + // returns false when nonce already exists // otherwise adds nonce return $this->connection->add( - 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), - 1, // any value here - $this->compress, + 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), + 1, // any value here + $this->compress, $Auth_OpenID_SKEW); } - + /** - * Memcache key is prefixed with 'openid_association_' string. + * Memcache key is prefixed with 'openid_association_' string. + * + * @param string $server_url + * @param null $handle + * @return string */ - function associationKey($server_url, $handle = null) + function associationKey($server_url, $handle = null) { return 'openid_association_' . sha1($server_url) . '_' . sha1($handle); } - + /** - * Memcache key is prefixed with 'openid_association_' string. + * Memcache key is prefixed with 'openid_association_' string. + * + * @param string $server_url + * @return string */ - function associationServerKey($server_url) + function associationServerKey($server_url) { return 'openid_association_server_' . sha1($server_url); } - + /** * Report that this storage doesn't support cleanup */ diff --git a/plugins/openid/lib/Auth/OpenID/Message.php b/plugins/openid/lib/Auth/OpenID/Message.php index 41a8a316..f2cbb3b6 100644 --- a/plugins/openid/lib/Auth/OpenID/Message.php +++ b/plugins/openid/lib/Auth/OpenID/Message.php @@ -74,6 +74,10 @@ $Auth_OpenID_registered_aliases = array(); * namespace URI or alias has already been registered with a different * value. This function is required if you want to use a namespace * with an OpenID 1 message. + * + * @param string $namespace_uri + * @param string $alias + * @return bool */ function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias) { @@ -101,6 +105,10 @@ function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias) * Removes a (namespace_uri, alias) registration from the global * namespace alias map. Returns true if the removal succeeded; false * if not (if the mapping did not exist). + * + * @param string $namespace_uri + * @param string $alias + * @return bool */ function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias) { @@ -126,6 +134,8 @@ class Auth_OpenID_Mapping { /** * Initialize a mapping. If $classic_array is specified, its keys * and values are used to populate the mapping. + * + * @param array|null $classic_array */ function __construct($classic_array = null) { @@ -142,6 +152,9 @@ class Auth_OpenID_Mapping { /** * Returns true if $thing is an Auth_OpenID_Mapping object; false * if not. + * + * @param Auth_OpenID_Mapping $thing + * @return bool */ static function isA($thing) { @@ -190,6 +203,9 @@ class Auth_OpenID_Mapping { /** * Sets a key-value pair in the mapping. If the key already * exists, its value is replaced with the new value. + * + * @param string $key + * @param mixed $value */ function set($key, $value) { @@ -207,6 +223,10 @@ class Auth_OpenID_Mapping { * Gets a specified value from the mapping, associated with the * specified key. If the key does not exist in the mapping, * $default is returned instead. + * + * @param string $key + * @param mixed $default + * @return mixed|null */ function get($key, $default = null) { @@ -244,6 +264,9 @@ class Auth_OpenID_Mapping { /** * Deletes a key-value pair from the mapping with the specified * key. + * + * @param string $key + * @return bool */ function del($key) { @@ -261,6 +284,9 @@ class Auth_OpenID_Mapping { /** * Returns true if the specified value has a key in the mapping; * false if not. + * + * @param string $value + * @return bool */ function contains($value) { @@ -442,6 +468,10 @@ class Auth_OpenID_Message { return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS; } + /** + * @param array $args + * @return Auth_OpenID_Message|null + */ static function fromPostArgs($args) { // Construct a Message containing a set of POST arguments @@ -457,6 +487,7 @@ class Auth_OpenID_Message { $parts = explode('.', $key, 2); + $rest = ''; if (count($parts) == 2) { list($prefix, $rest) = $parts; } else { @@ -492,11 +523,11 @@ class Auth_OpenID_Message { /** * @access private + * @param Auth_OpenID_Mapping|array $openid_args + * @return bool */ function _fromOpenIDArgs($openid_args) { - global $Auth_OpenID_registered_aliases; - // Takes an Auth_OpenID_Mapping instance OR an array. if (!Auth_OpenID_Mapping::isA($openid_args)) { @@ -601,6 +632,9 @@ class Auth_OpenID_Message { Auth_OpenID_KVForm::toArray($kvform_string)); } + /** + * @return Auth_OpenID_Message + */ function copy() { return $this; @@ -657,8 +691,13 @@ class Auth_OpenID_Message { return $kvargs; } - function toFormMarkup($action_url, $form_tag_attrs = null, - $submit_text = "Continue") + /** + * @param string $action_url + * @param null|array $form_tag_attrs + * @param string $submit_text + * @return string + */ + function toFormMarkup($action_url, $form_tag_attrs = null, $submit_text = "Continue") { $form = "
@@ -81,6 +93,9 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { /** * Instantiate a Request object from the arguments in a checkid_* * OpenID message + * + * @param Auth_OpenID_Request $request + * @return Auth_OpenID_PAPE_Request|null */ static function fromOpenIDRequest($request) { @@ -158,8 +173,12 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { */ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { - var $ns_alias = 'pape'; - var $ns_uri = Auth_OpenID_PAPE_NS_URI; + public $ns_alias = 'pape'; + public $ns_uri = Auth_OpenID_PAPE_NS_URI; + + private $auth_time = 0; + private $nist_auth_level = 0; + private $auth_policies = array(); function __construct($auth_policies=null, $auth_time=null, $nist_auth_level=null) @@ -195,10 +214,10 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { * Create an Auth_OpenID_PAPE_Response object from a successful * OpenID library response. * - * @param success_response $success_response A SuccessResponse + * @param Auth_OpenID_SuccessResponse $success_response A SuccessResponse * from Auth_OpenID_Consumer::complete() * - * @returns: A provider authentication policy response from the + * @return Auth_OpenID_PAPE_Response A provider authentication policy response from the * data that was supplied with the id_res response. */ static function fromSuccessResponse($success_response) @@ -225,13 +244,13 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { * Parse the provider authentication policy arguments into the * internal state of this object * - * @param args: unqualified provider authentication policy + * @param array $args unqualified provider authentication policy * arguments * - * @param strict: Whether to return false when bad data is + * @param bool $strict Whether to return false when bad data is * encountered * - * @return null The data is parsed into the internal fields of + * @return null|bool The data is parsed into the internal fields of * this object. */ function parseExtensionArgs($args, $strict=false) @@ -268,9 +287,17 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { return false; } } + return null; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { $ns_args = array(); if (count($this->auth_policies) > 0) { diff --git a/plugins/openid/lib/Auth/OpenID/Parse.php b/plugins/openid/lib/Auth/OpenID/Parse.php index 9c0a255e..2e830e9c 100644 --- a/plugins/openid/lib/Auth/OpenID/Parse.php +++ b/plugins/openid/lib/Auth/OpenID/Parse.php @@ -89,24 +89,24 @@ class Auth_OpenID_Parse { /** * Specify some flags for use with regex matching. */ - var $_re_flags = "si"; + public $_re_flags = "si"; /** * Stuff to remove before we start looking for tags */ - var $_removed_re = + public $_removed_re = "||]*>.*?<\/script>"; /** * Starts with the tag name at a word boundary, where the tag name * is not a namespace */ - var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))"; + public $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))"; - var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)'; + public $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)'; - var $_open_tag_expr = "<%s\b"; - var $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>"; + public $_open_tag_expr = "<%s\b"; + public $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>"; function __construct() { @@ -136,6 +136,10 @@ class Auth_OpenID_Parse { /** * Returns a regular expression that will match a given tag in an * SGML string. + * + * @param string $tag_name + * @param array $close_tags + * @return string */ function tagMatcher($tag_name, $close_tags = null) { @@ -215,24 +219,13 @@ class Auth_OpenID_Parse { return $str; } } - + function match($regexp, $text, &$match) { - if (!is_callable('mb_ereg_search_init')) { - if (!preg_match($regexp, $text, $match)) { - return false; - } - $match = $match[0]; - return true; + if (preg_match($regexp, $text, $match)) { + return true; } - - $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags)); - mb_ereg_search_init($text); - if (!mb_ereg_search($regexp)) { - return false; - } - $match = mb_ereg_search_getregs(); - return true; + return false; } /** diff --git a/plugins/openid/lib/Auth/OpenID/SQLStore.php b/plugins/openid/lib/Auth/OpenID/SQLStore.php index a9e2ad53..9069771e 100644 --- a/plugins/openid/lib/Auth/OpenID/SQLStore.php +++ b/plugins/openid/lib/Auth/OpenID/SQLStore.php @@ -56,12 +56,27 @@ require_once 'Auth/OpenID/Nonce.php'; */ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { + /** @var string */ + protected $associations_table_name = ''; + + /** @var string */ + protected $nonces_table_name = ''; + + /** @var Auth_OpenID_DatabaseConnection|db_common */ + protected $connection; + + /** @var int */ + protected $max_nonce_age = 0; + + /** @var array */ + protected $sql = array(); + /** * This creates a new SQLStore instance. It requires an * established database connection be given to it, and it allows * overriding the default table names. * - * @param connection $connection This must be an established + * @param Auth_OpenID_DatabaseConnection $connection This must be an established * connection to a database of the correct type for the SQLStore * subclass you're using. This must either be an PEAR DB * connection handle or an instance of a subclass of @@ -75,9 +90,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * the name of the table used for storing nonces. The default * value is 'oid_nonces'. */ - function __construct($connection, - $associations_table = null, - $nonces_table = null) + function __construct($connection, $associations_table = null, $nonces_table = null) { $this->associations_table_name = "oid_associations"; $this->nonces_table_name = "oid_nonces"; @@ -317,6 +330,13 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $handle + * @param string $secret + * @param string $issued + * @param int $lifetime + * @param string $assoc_type + * @return mixed */ function _set_assoc($server_url, $handle, $secret, $issued, $lifetime, $assoc_type) @@ -350,6 +370,9 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $handle + * @return array|bool|null */ function _get_assoc($server_url, $handle) { @@ -364,6 +387,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @return array */ function _get_assocs($server_url) { @@ -440,7 +465,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { $associations); // return the most recently issued one. - list($issued, $assoc) = $associations[0]; + list($assoc) = $associations[0]; return $assoc; } else { return null; @@ -450,6 +475,10 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function _add_nonce($server_url, $timestamp, $salt) { @@ -482,6 +511,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * PostgreSQL BYTEA fields. * * @access private + * @param string $str + * @return string */ function _octify($str) { @@ -504,6 +535,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * resulting ASCII (possibly binary) string. * * @access private + * @param string $str + * @return string */ function _unoctify($str) { @@ -546,8 +579,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { function cleanupAssociations() { - $this->connection->query($this->sql['clean_assoc'], - array(time())); + $this->connection->query($this->sql['clean_assoc'], array(time())); $num = $this->connection->affectedRows(); $this->connection->commit(); return $num; diff --git a/plugins/openid/lib/Auth/OpenID/SReg.php b/plugins/openid/lib/Auth/OpenID/SReg.php index ae1eb91a..78259f3a 100644 --- a/plugins/openid/lib/Auth/OpenID/SReg.php +++ b/plugins/openid/lib/Auth/OpenID/SReg.php @@ -61,6 +61,9 @@ $Auth_OpenID_sreg_data_fields = array( /** * Check to see that the given value is a valid simple registration * data field name. Return true if so, false if not. + * + * @param string $field_name + * @return bool */ function Auth_OpenID_checkFieldName($field_name) { @@ -91,8 +94,9 @@ Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg'); * Does the given endpoint advertise support for simple * registration? * - * $endpoint: The endpoint object as returned by OpenID discovery. + * @param Auth_OpenID_ServiceEndpoint $endpoint The endpoint object as returned by OpenID discovery. * returns whether an sreg type was advertised by the endpoint + * @return bool */ function Auth_OpenID_supportsSReg($endpoint) { @@ -121,6 +125,8 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension { * namespace. * * @access private + * @param Auth_OpenID_Message $message + * @return mixed|null|string */ static function _getSRegNS($message) { @@ -168,16 +174,31 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension { */ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { - var $ns_alias = 'sreg'; + /** @var string */ + public $ns_alias = 'sreg'; + /** @var array */ + public $required = array(); + /** @var array */ + public $optional = array(); + /** @var string */ + public $policy_url = ''; /** * Initialize an empty simple registration request. + * + * @param null $required + * @param null $optional + * @param null $policy_url + * @param string $sreg_ns_uri + * @param string $cls + * @return null */ static function build($required=null, $optional=null, $policy_url=null, $sreg_ns_uri=Auth_OpenID_SREG_NS_URI, $cls='Auth_OpenID_SRegRequest') { + /** @var Auth_OpenID_SRegRequest $obj */ $obj = new $cls(); $obj->required = array(); @@ -212,6 +233,10 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * Used for testing. * * Returns the newly created simple registration request + * + * @param Auth_OpenID_Request $request + * @param string $cls + * @return Auth_OpenID_SRegRequest|null */ static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest') { @@ -258,6 +283,10 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * strict: Whether requests with fields that are not defined in * the simple registration specification should be tolerated (and * ignored) + * + * @param array $args + * @param bool $strict + * @return bool */ function parseExtensionArgs($args, $strict=false) { @@ -299,6 +328,9 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { /** * Was this field in the request? + * + * @param string $field_name + * @return bool */ function contains($field_name) { @@ -316,6 +348,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * * strict: whether to raise an exception when a field is added to * a request more than once + * + * @param string $field_name + * @param bool $required + * @param bool $strict + * @return bool */ function requestField($field_name, $required=false, $strict=false) @@ -362,6 +399,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * * strict: whether to raise an exception when a field is added to * a request more than once + * + * @param string $field_names + * @param bool $required + * @param bool $strict + * @return bool */ function requestFields($field_names, $required=false, $strict=false) { @@ -370,7 +412,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { } foreach ($field_names as $field_name) { - if (!$this->requestField($field_name, $required, $strict=$strict)) { + if (!$this->requestField($field_name, $required, $strict)) { return false; } } @@ -385,8 +427,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * This method is essentially the inverse of * C{L{parseExtensionArgs}}. This method serializes the simple * registration request fields. + * + * @param Auth_OpenID_Request|null $request + * @return array|null */ - function getExtensionArgs() + function getExtensionArgs($request = null) { $args = array(); @@ -416,14 +461,15 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { */ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { - var $ns_alias = 'sreg'; + /** @var string */ + public $ns_alias = 'sreg'; - function __construct($data=null, - $sreg_ns_uri=Auth_OpenID_SREG_NS_URI) + /** @var array */ + public $data = array(); + + function __construct($data=null, $sreg_ns_uri=Auth_OpenID_SREG_NS_URI) { - if ($data === null) { - $this->data = array(); - } else { + if ($data !== null) { $this->data = $data; } @@ -441,6 +487,10 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * dictionary from unqualified simple registration field name to * string (unicode) value. For instance, the nickname should be * stored under the key 'nickname'. + * + * @param Auth_OpenID_SRegRequest $request + * @param array $data + * @return Auth_OpenID_SRegResponse */ static function extractResponse($request, $data) { @@ -470,6 +520,10 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * * Returns a simple registration response containing the data that * was supplied with the C{id_res} response. + * + * @param Auth_OpenID_SuccessResponse $success_response + * @param bool $signed_only + * @return Auth_OpenID_SRegResponse|null */ static function fromSuccessResponse($success_response, $signed_only=true) { @@ -497,7 +551,14 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { return $obj; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { return $this->data; } diff --git a/plugins/openid/lib/Auth/OpenID/Server.php b/plugins/openid/lib/Auth/OpenID/Server.php index 5984c002..df8550a0 100644 --- a/plugins/openid/lib/Auth/OpenID/Server.php +++ b/plugins/openid/lib/Auth/OpenID/Server.php @@ -2,7 +2,7 @@ /** * OpenID server protocol and logic. - * + * * Overview * * An OpenID server must perform three tasks: @@ -10,7 +10,7 @@ * 1. Examine the incoming request to determine its nature and validity. * 2. Make a decision about how to respond to this request. * 3. Format the response according to the protocol. - * + * * The first and last of these tasks may performed by the {@link * Auth_OpenID_Server::decodeRequest()} and {@link * Auth_OpenID_Server::encodeResponse} methods. Who gets to do the @@ -37,7 +37,7 @@ * {@link Auth_OpenID_Server::handleRequest()}. * * OpenID Extensions - * + * * Do you want to provide other information for your users in addition * to authentication? Version 1.2 of the OpenID protocol allows * consumers to add extensions to their requests. For example, with @@ -131,6 +131,9 @@ define('Auth_OpenID_ENCODE_HTML_FORM', 'HTML form'); /** * @access private + * @param object|string $obj + * @param string $cls + * @return bool */ function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError') { @@ -145,8 +148,26 @@ function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError') * @package OpenID */ class Auth_OpenID_ServerError { + + /** @var Auth_OpenID_Message|null */ + private $message = null; + + /** @var null|string */ + private $text; + + /** @var null|string */ + private $contact; + + /** @var null|string */ + private $reference; + /** - * @access private + * Auth_OpenID_ServerError constructor. + * + * @param Auth_OpenID_Message $message + * @param string $text + * @param string $reference + * @param string $contact */ function __construct($message = null, $text = null, $reference = null, $contact = null) @@ -310,6 +331,9 @@ class Auth_OpenID_NoReturnToError extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_MalformedReturnURL extends Auth_OpenID_ServerError { + + private $return_to; + function __construct($message, $return_to) { $this->return_to = $return_to; @@ -341,7 +365,20 @@ class Auth_OpenID_MalformedTrustRoot extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_Request { - var $mode = null; + + public $mode = null; + + /** @var Auth_OpenID_Message|null */ + public $message = null; + + /** + * The OpenID namespace for this request. + * deprecated since version 2.0.2 + */ + public $namespace = ''; + + /** @var string */ + public $return_to = ''; } /** @@ -350,11 +387,15 @@ class Auth_OpenID_Request { * @package OpenID */ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { - var $mode = "check_authentication"; - var $invalidate_handle = null; + public $mode = "check_authentication"; + public $invalidate_handle = null; + + private $sig = ''; + private $assoc_handle = ''; + private $signed = ''; + - function __construct($assoc_handle, $signed, - $invalidate_handle = null) + function __construct($assoc_handle, $signed, $invalidate_handle = null) { $this->assoc_handle = $assoc_handle; $this->signed = $signed; @@ -362,27 +403,26 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { $this->invalidate_handle = $invalidate_handle; } $this->namespace = Auth_OpenID_OPENID2_NS; - $this->message = null; } - static function fromMessage($message, $server=null) + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_CheckAuthRequest|Auth_OpenID_ServerError + */ + static function fromMessage($message) { $required_keys = array('assoc_handle', 'sig', 'signed'); foreach ($required_keys as $k) { if (!$message->getArg(Auth_OpenID_OPENID_NS, $k)) { return new Auth_OpenID_ServerError($message, - sprintf("%s request missing required parameter %s from \ - query", "check_authentication", $k)); + sprintf("%s request missing required parameter %s from query", "check_authentication", $k)); } } $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); - $signed_list = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); - $signed_list = explode(",", $signed_list); - $signed = $message; if ($signed->hasKey(Auth_OpenID_OPENID_NS, 'mode')) { $signed->setArg(Auth_OpenID_OPENID_NS, 'mode', 'id_res'); @@ -396,6 +436,10 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { return $result; } + /** + * @param Auth_OpenID_Signatory $signatory + * @return Auth_OpenID_ServerResponse + */ function answer($signatory) { $is_valid = $signatory->verify($this->assoc_handle, $this->signed); @@ -432,11 +476,11 @@ class Auth_OpenID_PlainTextServerSession { * An object that knows how to handle association requests with no * session type. */ - var $session_type = 'no-encryption'; - var $needs_math = false; - var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); + public $session_type = 'no-encryption'; + public $needs_math = false; + public $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); - static function fromMessage($unused_request) + static function fromMessage() { return new Auth_OpenID_PlainTextServerSession(); } @@ -458,17 +502,32 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { * the Diffie-Hellman session type. */ - var $session_type = 'DH-SHA1'; - var $needs_math = true; - var $allowed_assoc_types = array('HMAC-SHA1'); - var $hash_func = 'Auth_OpenID_SHA1'; + public $session_type = 'DH-SHA1'; + public $needs_math = true; + public $allowed_assoc_types = array('HMAC-SHA1'); + public $hash_func = 'Auth_OpenID_SHA1'; + /** @var Auth_OpenID_DiffieHellman */ + private $dh; + + private $consumer_pubkey = ''; + + /** + * Auth_OpenID_DiffieHellmanSHA1ServerSession constructor. + * + * @param Auth_OpenID_DiffieHellman $dh + * @param string $consumer_pubkey + */ function __construct($dh, $consumer_pubkey) { $this->dh = $dh; $this->consumer_pubkey = $consumer_pubkey; } + /** + * @param Auth_OpenID_Message $message + * @return array|Auth_OpenID_ServerError + */ static function getDH($message) { $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus'); @@ -556,9 +615,9 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { class Auth_OpenID_DiffieHellmanSHA256ServerSession extends Auth_OpenID_DiffieHellmanSHA1ServerSession { - var $session_type = 'DH-SHA256'; - var $hash_func = 'Auth_OpenID_SHA256'; - var $allowed_assoc_types = array('HMAC-SHA256'); + public $session_type = 'DH-SHA256'; + public $hash_func = 'Auth_OpenID_SHA256'; + public $allowed_assoc_types = array('HMAC-SHA256'); static function fromMessage($message) { @@ -580,7 +639,12 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession * @package OpenID */ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { - var $mode = "associate"; + public $mode = "associate"; + + /** @var Auth_OpenID_PlainTextServerSession */ + public $session; + + public $assoc_type = ''; static function getSessionClasses() { @@ -590,6 +654,12 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession'); } + /** + * Auth_OpenID_AssociateRequest constructor. + * + * @param Auth_OpenID_PlainTextServerSession $session + * @param string $assoc_type + */ function __construct($session, $assoc_type) { $this->session = $session; @@ -597,7 +667,11 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { $this->assoc_type = $assoc_type; } - static function fromMessage($message, $server=null) + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_AssociateRequest|Auth_OpenID_ServerError|mixed + */ + static function fromMessage($message) { if ($message->isOpenID1()) { $session_type = $message->getArg(Auth_OpenID_OPENID_NS, @@ -649,6 +723,10 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { return $obj; } + /** + * @param Auth_OpenID_Association $assoc + * @return Auth_OpenID_ServerResponse + */ function answer($assoc) { $response = new Auth_OpenID_ServerResponse($this); @@ -661,7 +739,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { $response->fields->updateArgs(Auth_OpenID_OPENID_NS, $this->session->answer($assoc->secret)); - if (! ($this->session->session_type == 'no-encryption' + if (! ($this->session->session_type == 'no-encryption' && $this->message->isOpenID1())) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'session_type', @@ -711,29 +789,42 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { * Return-to verification callback. Default is * Auth_OpenID_verifyReturnTo from TrustRoot.php. */ - var $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'; + public $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'; /** * The mode of this request. */ - var $mode = "checkid_setup"; // or "checkid_immediate" + public $mode = "checkid_setup"; // or "checkid_immediate" /** * Whether this request is for immediate mode. */ - var $immediate = false; + public $immediate = false; /** * The trust_root value for this request. */ - var $trust_root = null; + public $trust_root = null; + + public $assoc_handle = ''; + + /** @var Auth_OpenID_Server */ + private $server; + + private $claimed_id = ''; + + private $identity = ''; /** - * The OpenID namespace for this request. - * deprecated since version 2.0.2 + * @param Auth_OpenID_Message $message + * @param string $identity + * @param string $return_to + * @param string $trust_root + * @param bool $immediate + * @param string $assoc_handle + * @param Auth_OpenID_Server $server + * @return Auth_OpenID_CheckIDRequest|Auth_OpenID_MalformedReturnURL|Auth_OpenID_ServerError|Auth_OpenID_UntrustedReturnURL */ - var $namespace; - static function make($message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null) { @@ -763,6 +854,17 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } } + /** + * Auth_OpenID_CheckIDRequest constructor. + * + * @param $identity + * @param $return_to + * @param string $trust_root + * @param bool $immediate + * @param string $assoc_handle + * @param Auth_OpenID_Server $server + * @param string $claimed_id + */ function __construct($identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null, @@ -789,6 +891,10 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } } + /** + * @param Auth_OpenID_CheckIDRequest $other + * @return bool + */ function equals($other) { return ( @@ -822,17 +928,18 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { array($this->trust_root, $this->return_to, $fetcher)); } + /** + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_Server $server + * @return Auth_OpenID_CheckIDRequest|Auth_OpenID_MalformedReturnURL|Auth_OpenID_ServerError|Auth_OpenID_UntrustedReturnURL + */ static function fromMessage($message, $server) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); - $immediate = null; - if ($mode == "checkid_immediate") { $immediate = true; - $mode = "checkid_immediate"; } else { $immediate = false; - $mode = "checkid_setup"; } $return_to = $message->getArg(Auth_OpenID_OPENID_NS, @@ -872,13 +979,13 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } else { $trust_root_param = 'realm'; } - $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, + $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, $trust_root_param); if (! $trust_root) { $trust_root = $return_to; } - if (! $message->isOpenID1() && + if (! $message->isOpenID1() && ($return_to === null) && ($trust_root === null)) { return new Auth_OpenID_ServerError($message, @@ -1025,7 +1132,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } if ($allow) { - + $response_claimed_id = ''; if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) { if (!$identity) { return new Auth_OpenID_ServerError(null, @@ -1165,9 +1272,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if ($this->immediate) { return new Auth_OpenID_ServerError(null, - "Cancel is not an appropriate \ - response to immediate mode \ - requests."); + "Cancel is not an appropriate response to immediate mode requests."); } $response = new Auth_OpenID_Message( @@ -1184,6 +1289,16 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { */ class Auth_OpenID_ServerResponse { + public $code; + + /** @var Auth_OpenID_Request */ + public $request; + + /** + * Auth_OpenID_ServerResponse constructor. + * + * @param Auth_OpenID_Request $request + */ function __construct($request) { $this->request = $request; @@ -1244,6 +1359,9 @@ class Auth_OpenID_ServerResponse { return $this->fields->toURL($this->request->return_to); } + /** + * @param Auth_OpenID_Extension $extension_response + */ function addExtension($extension_response) { $extension_response->toMessage($this->fields); @@ -1268,8 +1386,8 @@ class Auth_OpenID_ServerResponse { * @package OpenID */ class Auth_OpenID_WebResponse { - var $code = AUTH_OPENID_HTTP_OK; - var $body = ""; + public $code = AUTH_OPENID_HTTP_OK; + public $body = ""; function __construct($code = null, $headers = null, $body = null) @@ -1299,17 +1417,22 @@ class Auth_OpenID_WebResponse { class Auth_OpenID_Signatory { // = 14 * 24 * 60 * 60; # 14 days, in seconds - var $SECRET_LIFETIME = 1209600; + public $SECRET_LIFETIME = 1209600; // keys have a bogus server URL in them because the filestore // really does expect that key to be a URL. This seems a little // silly for the server store, since I expect there to be only one // server URL. - var $normal_key = 'http://localhost/|normal'; - var $dumb_key = 'http://localhost/|dumb'; + public $normal_key = 'http://localhost/|normal'; + public $dumb_key = 'http://localhost/|dumb'; + + /** @var Auth_OpenID_OpenIDStore */ + private $store; /** * Create a new signatory using a given store. + * + * @param Auth_OpenID_OpenIDStore $store */ function __construct($store) { @@ -1320,6 +1443,10 @@ class Auth_OpenID_Signatory { /** * Verify, using a given association handle, a signature with * signed key-value pairs from an HTTP request. + * + * @param string $assoc_handle + * @param Auth_OpenID_Message $message + * @return bool */ function verify($assoc_handle, $message) { @@ -1336,11 +1463,16 @@ class Auth_OpenID_Signatory { /** * Given a response, sign the fields in the response's 'signed' * list, and insert the signature into the response. + * + * @param Auth_OpenID_ServerResponse $response + * @return mixed */ function sign($response) { $signed_response = $response; - $assoc_handle = $response->request->assoc_handle; + /** @var Auth_OpenID_CheckIDRequest $request */ + $request = $response->request; + $assoc_handle = $request->assoc_handle; if ($assoc_handle) { // normal mode @@ -1369,6 +1501,10 @@ class Auth_OpenID_Signatory { /** * Make a new association. + * + * @param bool $dumb + * @param string $assoc_type + * @return Auth_OpenID_Association */ function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1') { @@ -1394,6 +1530,11 @@ class Auth_OpenID_Signatory { /** * Given an association handle, get the association from the * store, or return a ServerError or null if something goes wrong. + * + * @param string $assoc_handle + * @param bool $dumb + * @param bool $check_expiration + * @return Auth_OpenID_Association|Auth_OpenID_ServerError|null */ function getAssociation($assoc_handle, $dumb, $check_expiration=true) { @@ -1422,6 +1563,9 @@ class Auth_OpenID_Signatory { /** * Invalidate a given association handle. + * + * @param string $assoc_handle + * @param bool $dumb */ function invalidate($assoc_handle, $dumb) { @@ -1442,11 +1586,14 @@ class Auth_OpenID_Signatory { */ class Auth_OpenID_Encoder { - var $responseFactory = 'Auth_OpenID_WebResponse'; + public $responseFactory = 'Auth_OpenID_WebResponse'; /** * Encode an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_EncodingError */ function encode($response) { @@ -1483,6 +1630,14 @@ class Auth_OpenID_Encoder { */ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { + /** @var Auth_OpenID_Signatory */ + private $signatory; + + /** + * Auth_OpenID_SigningEncoder constructor. + * + * @param Auth_OpenID_Signatory $signatory + */ function __construct($signatory) { $this->signatory = $signatory; @@ -1491,6 +1646,9 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { /** * Sign an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_AlreadySigned|Auth_OpenID_EncodingError|Auth_OpenID_ServerError */ function encode($response) { @@ -1521,21 +1679,32 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { */ class Auth_OpenID_Decoder { + /** @var Auth_OpenID_Server */ + private $server; + + private $handlers = array( + 'checkid_setup' => 'Auth_OpenID_CheckIDRequest', + 'checkid_immediate' => 'Auth_OpenID_CheckIDRequest', + 'check_authentication' => 'Auth_OpenID_CheckAuthRequest', + 'associate' => 'Auth_OpenID_AssociateRequest' + ); + + /** + * Auth_OpenID_Decoder constructor. + * + * @param Auth_OpenID_Server $server + */ function __construct($server) { $this->server = $server; - - $this->handlers = array( - 'checkid_setup' => 'Auth_OpenID_CheckIDRequest', - 'checkid_immediate' => 'Auth_OpenID_CheckIDRequest', - 'check_authentication' => 'Auth_OpenID_CheckAuthRequest', - 'associate' => 'Auth_OpenID_AssociateRequest' - ); } /** * Given an HTTP query in an array (key-value pairs), decode it * into an Auth_OpenID_Request object. + * + * @param array $query + * @return Auth_OpenID_ServerError|mixed */ function decode($query) { @@ -1584,6 +1753,10 @@ class Auth_OpenID_Decoder { } } + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_ServerError + */ function defaultDecoder($message) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); @@ -1628,8 +1801,18 @@ class Auth_OpenID_AlreadySigned extends Auth_OpenID_EncodingError { * @package OpenID */ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { - function __construct($message, $return_to, - $trust_root) + + private $return_to = ''; + private $trust_root = ''; + + /** + * Auth_OpenID_UntrustedReturnURL constructor. + * + * @param Auth_OpenID_Message|null $message + * @param null|string $return_to + * @param null|string $trust_root + */ + function __construct($message, $return_to, $trust_root) { parent::__construct($message, "Untrusted return_to URL"); $this->return_to = $return_to; @@ -1681,6 +1864,27 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_Server { + + /** @var Auth_OpenID_OpenIDStore */ + private $store; + /** @var Auth_OpenID_Signatory */ + private $signatory; + /** @var Auth_OpenID_SigningEncoder */ + private $encoder; + /** @var Auth_OpenID_Decoder */ + private $decoder; + /** @var Auth_OpenID_SessionNegotiator */ + private $negotiator; + + /** @var Auth_OpenID_ServiceEndpoint|null */ + public $op_endpoint; + + /** + * Auth_OpenID_Server constructor. + * + * @param Auth_OpenID_OpenIDStore $store + * @param Auth_OpenID_ServiceEndpoint|null $op_endpoint + */ function __construct($store, $op_endpoint=null) { $this->store = $store; @@ -1713,6 +1917,9 @@ class Auth_OpenID_Server { /** * The callback for 'check_authentication' messages. + * + * @param Auth_OpenID_CheckAuthRequest $request + * @return mixed */ function openid_check_authentication($request) { @@ -1721,6 +1928,9 @@ class Auth_OpenID_Server { /** * The callback for 'associate' messages. + * + * @param Auth_OpenID_AssociateRequest $request + * @return mixed */ function openid_associate($request) { @@ -1744,6 +1954,9 @@ class Auth_OpenID_Server { /** * Encodes as response in the appropriate format suitable for * sending to the user agent. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_AlreadySigned|Auth_OpenID_EncodingError|Auth_OpenID_ServerError */ function encodeResponse($response) { @@ -1753,6 +1966,9 @@ class Auth_OpenID_Server { /** * Decodes a query args array into the appropriate * {@link Auth_OpenID_Request} object. + * + * @param array|null $query + * @return Auth_OpenID_ServerError|mixed */ function decodeRequest($query=null) { diff --git a/plugins/openid/lib/Auth/OpenID/ServerRequest.php b/plugins/openid/lib/Auth/OpenID/ServerRequest.php index 84c7758e..5dffff84 100644 --- a/plugins/openid/lib/Auth/OpenID/ServerRequest.php +++ b/plugins/openid/lib/Auth/OpenID/ServerRequest.php @@ -28,9 +28,6 @@ require_once "Auth/OpenID.php"; * @package OpenID */ class Auth_OpenID_ServerRequest { - function __construct() - { - $this->mode = null; - } + public $mode = null; } diff --git a/plugins/openid/lib/Auth/OpenID/TrustRoot.php b/plugins/openid/lib/Auth/OpenID/TrustRoot.php index 5e694907..379366b7 100644 --- a/plugins/openid/lib/Auth/OpenID/TrustRoot.php +++ b/plugins/openid/lib/Auth/OpenID/TrustRoot.php @@ -325,7 +325,7 @@ class Auth_OpenID_TrustRoot { } } -/* +/** * If the endpoint is a relying party OpenID return_to endpoint, * return the endpoint URL. Otherwise, return None. * @@ -335,10 +335,10 @@ class Auth_OpenID_TrustRoot { * @see: C{L{openid.yadis.services}} * @see: C{L{openid.yadis.filters}} * - * @param endpoint: An XRDS BasicServiceEndpoint, as returned by + * @param Auth_OpenID_ServiceEndpoint $endpoint An XRDS BasicServiceEndpoint, as returned by * performing Yadis dicovery. * - * @returns: The endpoint URL or None if the endpoint is not a + * @return Auth_OpenID_ServiceEndpoint|null The endpoint URL or None if the endpoint is not a * relying party endpoint. */ function filter_extractReturnURL($endpoint) diff --git a/plugins/openid/lib/Auth/OpenID/URINorm.php b/plugins/openid/lib/Auth/OpenID/URINorm.php index 32e84588..f8c73ada 100644 --- a/plugins/openid/lib/Auth/OpenID/URINorm.php +++ b/plugins/openid/lib/Auth/OpenID/URINorm.php @@ -84,11 +84,8 @@ function Auth_OpenID_pct_encoded_replace_unreserved($mo) $i = intval($mo[1], 16); if ($_unreserved[$i]) { return chr($i); - } else { - return strtoupper($mo[0]); } - - return $mo[0]; + return strtoupper($mo[0]); } function Auth_OpenID_pct_encoded_replace($mo) @@ -167,11 +164,6 @@ function Auth_OpenID_urinorm($uri) return null; } - $scheme = $uri_matches[2]; - if ($scheme) { - $scheme = strtolower($scheme); - } - $scheme = $uri_matches[2]; if ($scheme === '') { // No scheme specified @@ -204,13 +196,13 @@ function Auth_OpenID_urinorm($uri) } } - list($_whole, $userinfo, $host, $port) = $authority_matches; + list(, $userinfo, $host, $port) = $authority_matches; if ($userinfo === null) { $userinfo = ''; } - if (strpos($host, '%') !== -1) { + if (strpos($host, '%') !== false) { $host = strtolower($host); $host = preg_replace_callback( Auth_OpenID_getEncodedPattern(), diff --git a/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php index 76bc3239..a6e6814e 100644 --- a/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php @@ -19,10 +19,16 @@ require_once "Auth/OpenID.php"; define('Auth_OpenID_FETCHER_MAX_RESPONSE_KB', 1024); -define('Auth_OpenID_USER_AGENT', +define('Auth_OpenID_USER_AGENT', 'php-openid/'.Auth_OpenID_VERSION.' (php/'.phpversion().')'); class Auth_Yadis_HTTPResponse { + + public $final_url = ''; + public $status = ''; + public $body = ''; + public $headers = array(); + function __construct($final_url = null, $status = null, $headers = null, $body = null) { @@ -43,13 +49,14 @@ class Auth_Yadis_HTTPResponse { */ class Auth_Yadis_HTTPFetcher { - var $timeout = 20; // timeout in seconds. + public $timeout = 20; // timeout in seconds. /** * Return whether a URL can be fetched. Returns false if the URL * scheme is not allowed or is not supported by this fetcher * implementation; returns true otherwise. * + * @param string $url * @return bool */ function canFetchURL($url) @@ -74,6 +81,9 @@ class Auth_Yadis_HTTPFetcher { * conform to your local policy. * * By default, will attempt to fetch any http or https URL. + * + * @param string $url + * @return bool */ function allowedURL($url) { @@ -90,12 +100,15 @@ class Auth_Yadis_HTTPFetcher { function supportsSSL() { trigger_error("not implemented", E_USER_ERROR); + return false; } /** * Is this an https URL? * * @access private + * @param string $url + * @return bool */ function isHTTPS($url) { @@ -106,6 +119,8 @@ class Auth_Yadis_HTTPFetcher { * Is this an http or https URL? * * @access private + * @param string $url + * @return bool */ function URLHasAllowedScheme($url) { @@ -114,6 +129,9 @@ class Auth_Yadis_HTTPFetcher { /** * @access private + * @param array $headers + * @param string $url + * @return null|string */ function _findRedirect($headers, $url) { @@ -159,16 +177,13 @@ class Auth_Yadis_HTTPFetcher { * returns the server's response. * * @param string $url The URL to be fetched. - * @param array $extra_headers An array of header strings - * (e.g. "Accept: text/html"). - * @return mixed $result An array of ($code, $url, $headers, - * $body) if the URL could be fetched; null if the URL does not - * pass the URLHasAllowedScheme check or if the server's response - * is malformed. + * @param array $headers + * @return Auth_Yadis_HTTPResponse|null */ function get($url, $headers = null) { trigger_error("not implemented", E_USER_ERROR); + return null; } } diff --git a/plugins/openid/lib/Auth/Yadis/Manager.php b/plugins/openid/lib/Auth/Yadis/Manager.php index 8c8c3e5a..8aae2da4 100644 --- a/plugins/openid/lib/Auth/Yadis/Manager.php +++ b/plugins/openid/lib/Auth/Yadis/Manager.php @@ -32,7 +32,7 @@ class Auth_Yadis_PHPSession { * @param string $name The name of the key to retrieve. * @param string $default The optional value to return if the key * is not found in the session. - * @return string $result The key's value in the session or + * @return mixed $result The key's value in the session or * $default if it isn't found. */ function get($name, $default=null) @@ -73,17 +73,21 @@ class Auth_Yadis_PHPSession { * * @package OpenID */ -class Auth_Yadis_SessionLoader { +abstract class Auth_Yadis_SessionLoader { /** * Override this. * * @access private + * @param array $data + * @return bool */ function check($data) { return true; } + public abstract function requiredKeys(); + /** * Given a session data value (an array), this creates an object * (returned by $this->newObject()) whose attributes and values @@ -93,6 +97,8 @@ class Auth_Yadis_SessionLoader { * evaluates to false. * * @access private + * @param array $data + * @return null */ function fromSession($data) { @@ -132,6 +138,8 @@ class Auth_Yadis_SessionLoader { * the original data array before calling $this->newObject($data). * * @access private + * @param array $data + * @return array */ function prepareForLoad($data) { @@ -145,6 +153,8 @@ class Auth_Yadis_SessionLoader { * the object's attributes. * * @access private + * @param array $data + * @return null */ function newObject($data) { @@ -158,6 +168,8 @@ class Auth_Yadis_SessionLoader { * from $obj. * * @access private + * @param object $obj + * @return array */ function toSession($obj) { @@ -181,6 +193,8 @@ class Auth_Yadis_SessionLoader { * Override this. * * @access private + * @param object $obj + * @return array */ function prepareForSave($obj) { @@ -275,10 +289,29 @@ class Auth_Yadis_ManagerLoader extends Auth_Yadis_SessionLoader { */ class Auth_Yadis_Manager { + /** @var string */ + public $starting_url; + + /** @var string */ + public $yadis_url; + + /** @var array */ + public $services; + + /** @var string */ + public $session_key; + + /** @var Auth_OpenID_ServiceEndpoint */ + public $_current; + /** * Intialize a new yadis service manager. * * @access private + * @param string $starting_url + * @param string $yadis_url + * @param array $services + * @param string $session_key */ function __construct($starting_url, $yadis_url, $services, $session_key) @@ -340,6 +373,8 @@ class Auth_Yadis_Manager { /** * @access private + * @param string $url + * @return bool */ function forURL($url) { @@ -371,12 +406,12 @@ class Auth_Yadis_Discovery { /** * @access private */ - var $DEFAULT_SUFFIX = 'auth'; + public $DEFAULT_SUFFIX = 'auth'; /** * @access private */ - var $PREFIX = '_yadis_services_'; + public $PREFIX = '_yadis_services_'; /** * Initialize a discovery object. @@ -404,6 +439,10 @@ class Auth_Yadis_Discovery { /** * Return the next authentication service for the pair of * user_input and session. This function handles fallback. + * + * @param callback $discover_cb + * @param object $fetcher + * @return null|Auth_OpenID_ServiceEndpoint */ function getNextService($discover_cb, $fetcher) { @@ -437,8 +476,9 @@ class Auth_Yadis_Discovery { * most-recently-attempted service from the manager, if one * exists. * - * @param $force True if the manager should be deleted regardless + * @param bool $force True if the manager should be deleted regardless * of whether it's a manager for $this->url. + * @return null|Auth_OpenID_ServiceEndpoint */ function cleanup($force=false) { @@ -465,8 +505,9 @@ class Auth_Yadis_Discovery { /** * @access private * - * @param $force True if the manager should be returned regardless + * @param bool $force True if the manager should be returned regardless * of whether it's a manager for $this->url. + * @return null|Auth_Yadis_Manager */ function getManager($force=false) { @@ -474,6 +515,7 @@ class Auth_Yadis_Discovery { // suffix from the session. $manager_str = $this->session->get($this->getSessionKey()); + /** @var Auth_Yadis_Manager $manager */ $manager = null; if ($manager_str !== null) { @@ -484,10 +526,14 @@ class Auth_Yadis_Discovery { if ($manager && ($manager->forURL($this->url) || $force)) { return $manager; } + return null; } /** * @access private + * @param array $services + * @param null|string $yadis_url + * @return Auth_Yadis_Manager|null */ function createManager($services, $yadis_url = null) { @@ -504,12 +550,13 @@ class Auth_Yadis_Discovery { serialize($loader->toSession($manager))); return $manager; } + return null; } /** * @access private * - * @param $force True if the manager should be deleted regardless + * @param bool $force True if the manager should be deleted regardless * of whether it's a manager for $this->url. */ function destroyManager($force=false) diff --git a/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php index d15969be..29acf3b1 100644 --- a/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php @@ -27,6 +27,10 @@ require_once "Auth/OpenID.php"; * @package OpenID */ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { + + private $headers = array(); + private $data = ''; + function __construct() { $this->reset(); @@ -40,6 +44,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { /** * @access private + * @param string $ch + * @param string $header + * @return int */ function _writeHeader($ch, $header) { @@ -49,6 +56,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { /** * @access private + * @param string $ch + * @param string $data + * @return int */ function _writeData($ch, $data) { @@ -75,6 +85,11 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { } } + /** + * @param string $url + * @param array|null $extra_headers + * @return Auth_Yadis_HTTPResponse|null + */ function get($url, $extra_headers = null) { if (!$this->canFetchURL($url)) { @@ -153,6 +168,7 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { if (defined('Auth_OpenID_HTTP_PROXY')) { curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY); } + curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); diff --git a/plugins/openid/lib/Auth/Yadis/ParseHTML.php b/plugins/openid/lib/Auth/Yadis/ParseHTML.php index e0e9043c..8b8b33f2 100644 --- a/plugins/openid/lib/Auth/Yadis/ParseHTML.php +++ b/plugins/openid/lib/Auth/Yadis/ParseHTML.php @@ -25,23 +25,22 @@ class Auth_Yadis_ParseHTML { /** * @access private */ - var $_re_flags = "si"; + public $_re_flags = "si"; /** * @access private */ - var $_removed_re = - "||]*>.*?<\/script>"; + public $_removed_re = '||]*>.*?<\/script>'; /** * @access private */ - var $_tag_expr = "<%s%s(?:\s.*?)?%s>"; + public $_tag_expr = '<%s%s(?:\s.*?)?%s>'; /** * @access private */ - var $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]'; + public $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]'; function __construct() { @@ -78,7 +77,7 @@ class Auth_Yadis_ParseHTML { { $matches = array(); $double = '/^"(.*)"$/'; - $single = "/^\'(.*)\'$/"; + $single = "/^'(.*)'$/"; if (preg_match($double, $str, $matches)) { return $matches[1]; @@ -90,7 +89,7 @@ class Auth_Yadis_ParseHTML { } /** - * Create a regular expression that will match an opening + * Create a regular expression that will match an opening * or closing tag from a set of names. * * @access private @@ -181,7 +180,7 @@ class Auth_Yadis_ParseHTML { $link_data = array(); $link_matches = array(); - + if (!preg_match_all($this->tagPattern('meta', false, 'maybe'), $html_string, $link_matches)) { return array(); diff --git a/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php index 26890539..7a1bbba9 100644 --- a/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php @@ -34,6 +34,11 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher { return function_exists('openssl_open'); } + /** + * @param string $url + * @param array|null $extra_headers + * @return Auth_Yadis_HTTPResponse|null|bool + */ function get($url, $extra_headers = null) { if (!$this->canFetchURL($url)) { @@ -44,6 +49,9 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher { $stop = time() + $this->timeout; $off = $this->timeout; + $headers = array(); + $code = ''; + $body = ''; while ($redir && ($off > 0)) { diff --git a/plugins/openid/lib/Auth/Yadis/XML.php b/plugins/openid/lib/Auth/Yadis/XML.php index c96b2a90..3039d54e 100644 --- a/plugins/openid/lib/Auth/Yadis/XML.php +++ b/plugins/openid/lib/Auth/Yadis/XML.php @@ -61,6 +61,7 @@ class Auth_Yadis_XMLParser { function registerNamespace($prefix, $uri) { // Not implemented. + return false; } /** @@ -76,6 +77,7 @@ class Auth_Yadis_XMLParser { function setXML($xml_string) { // Not implemented. + return false; } /** @@ -94,6 +96,7 @@ class Auth_Yadis_XMLParser { function &evalXPath($xpath, $node = null) { // Not implemented. + return array(); } /** @@ -107,6 +110,7 @@ class Auth_Yadis_XMLParser { function content($node) { // Not implemented. + return ''; } /** @@ -115,12 +119,13 @@ class Auth_Yadis_XMLParser { * @param mixed $node A node object from a previous call to * $this->evalXPath(). * - * @return array $attrs An array mapping attribute names to + * @return array An array mapping attribute names to * values. */ function attributes($node) { // Not implemented. + return array(); } } @@ -217,13 +222,16 @@ class Auth_Yadis_domxml extends Auth_Yadis_XMLParser { * @package OpenID */ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { - function __construct() - { - $this->xml = null; - $this->doc = null; - $this->xpath = null; - $this->errors = array(); - } + + /** @var string */ + protected $xml = ''; + + protected $doc = null; + + /** @var DOMXPath */ + protected $xpath = null; + + protected $errors = array(); function setXML($xml_string) { @@ -294,11 +302,17 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { if ($node) { return $node->textContent; } + return ''; } + /** + * @param DOMNode $node + * @return array + */ function attributes($node) { if ($node) { + /** @var DOMNamedNodeMap $arr */ $arr = $node->attributes; $result = array(); @@ -311,6 +325,7 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return $result; } + return array(); } } @@ -343,6 +358,8 @@ function Auth_Yadis_getSupportedExtensions() * the availability of PHP extensions for XML parsing. If * Auth_Yadis_setDefaultParser has been called, the parser used in * that call will be returned instead. + * + * @return Auth_Yadis_XMLParser|bool */ function Auth_Yadis_getXMLParser() { diff --git a/plugins/openid/lib/Auth/Yadis/XRDS.php b/plugins/openid/lib/Auth/Yadis/XRDS.php index 4f1ede07..81e0c91b 100644 --- a/plugins/openid/lib/Auth/Yadis/XRDS.php +++ b/plugins/openid/lib/Auth/Yadis/XRDS.php @@ -54,6 +54,8 @@ function Auth_Yadis_getNSMap() /** * @access private + * @param array $arr + * @return array */ function Auth_Yadis_array_scramble($arr) { @@ -82,14 +84,10 @@ function Auth_Yadis_array_scramble($arr) */ class Auth_Yadis_Service { - /** - * Creates an empty service object. - */ - function __construct() - { - $this->element = null; - $this->parser = null; - } + public $element = null; + + /** @var Auth_Yadis_XMLParser */ + public $parser = null; /** * Return the URIs in the "Type" elements, if any, of this Service @@ -213,7 +211,7 @@ class Auth_Yadis_Service { */ function Auth_Yadis_getXRDExpiration($xrd_element, $default=null) { - $expires_element = $xrd_element->$parser->evalXPath('/xrd:Expires'); + $expires_element = $xrd_element->parser->evalXPath('/xrd:Expires'); if ($expires_element === null) { return $default; } else { @@ -251,9 +249,22 @@ function Auth_Yadis_getXRDExpiration($xrd_element, $default=null) */ class Auth_Yadis_XRDS { + /** @var Auth_Yadis_XMLParser */ + public $parser; + + public $xrdNode; + + public $allXrdNodes; + + /** @var Auth_Yadis_Service[][] */ + public $serviceList; + /** * Instantiate a Auth_Yadis_XRDS object. Requires an XPath * instance which has been used to parse a valid XRDS document. + * + * @param Auth_Yadis_XMLParser $xmlParser + * @param array $xrdNodes */ function __construct($xmlParser, $xrdNodes) { @@ -270,6 +281,7 @@ class Auth_Yadis_XRDS { * XRDS XML is valid. * * @param string $xml_string An XRDS XML string. + * @param array|null $extra_ns_map * @return mixed $xrds An instance of Auth_Yadis_XRDS or null, * depending on the validity of $xml_string */ @@ -321,12 +333,13 @@ class Auth_Yadis_XRDS { return $_null; } - $xrds = new Auth_Yadis_XRDS($parser, $xrd_nodes); - return $xrds; + return new Auth_Yadis_XRDS($parser, $xrd_nodes); } /** * @access private + * @param int $priority + * @param string $service */ function _addService($priority, $service) { diff --git a/plugins/openid/lib/Auth/Yadis/XRI.php b/plugins/openid/lib/Auth/Yadis/XRI.php index 0143a692..50c291f9 100644 --- a/plugins/openid/lib/Auth/Yadis/XRI.php +++ b/plugins/openid/lib/Auth/Yadis/XRI.php @@ -184,6 +184,11 @@ function Auth_Yadis_XRI($xri) return $xri; } +/** + * @param string $iname + * @param Auth_Yadis_XRDS $xrds + * @return bool|string + */ function Auth_Yadis_getCanonicalID($iname, $xrds) { // Returns false or a canonical ID value. diff --git a/plugins/openid/lib/Auth/Yadis/XRIRes.php b/plugins/openid/lib/Auth/Yadis/XRIRes.php index b484beec..cdf7ef58 100644 --- a/plugins/openid/lib/Auth/Yadis/XRIRes.php +++ b/plugins/openid/lib/Auth/Yadis/XRIRes.php @@ -8,6 +8,10 @@ require_once 'Auth/Yadis/XRDS.php'; require_once 'Auth/Yadis/XRI.php'; class Auth_Yadis_ProxyResolver { + + /** @var Auth_Yadis_HTTPFetcher */ + protected $fetcher; + function __construct($fetcher, $proxy_url = null) { $this->fetcher = $fetcher; diff --git a/plugins/openid/lib/Auth/Yadis/Yadis.php b/plugins/openid/lib/Auth/Yadis/Yadis.php index 5be56da1..70dc944d 100644 --- a/plugins/openid/lib/Auth/Yadis/Yadis.php +++ b/plugins/openid/lib/Auth/Yadis/Yadis.php @@ -48,25 +48,28 @@ define('Auth_Yadis_HEADER_NAME', 'X-XRDS-Location'); class Auth_Yadis_DiscoveryResult { // The URI that was passed to the fetcher - var $request_uri = null; + public $request_uri = null; // The result of following redirects from the request_uri - var $normalized_uri = null; + public $normalized_uri = null; // The URI from which the response text was returned (set to // None if there was no XRDS document found) - var $xrds_uri = null; + public $xrds_uri = null; - var $xrds = null; + /** + * @var Auth_Yadis_XRDS + */ + public $xrds = null; // The content-type returned with the response_text - var $content_type = null; + public $content_type = null; // The document returned from the xrds_uri - var $response_text = null; + public $response_text = null; // Did the discovery fail miserably? - var $failed = false; + public $failed = false; function __construct($request_uri) { @@ -123,7 +126,11 @@ class Auth_Yadis_DiscoveryResult { * * input_url: The URL on which to perform the Yadis protocol * - * @return: The normalized identity URL and an iterable of endpoint + * @param string $input_url + * @param $xrds_parse_func + * @param null $discover_func + * @param null $fetcher + * @return string The normalized identity URL and an iterable of endpoint * objects generated by the filter function. * * xrds_parse_func: a callback which will take (uri, xrds_text) and @@ -137,7 +144,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func, $discover_func=null, $fetcher=null) { if ($discover_func === null) { - $discover_function = array('Auth_Yadis_Yadis', 'discover'); + $discover_func = array('Auth_Yadis_Yadis', 'discover'); } $yadis_result = call_user_func_array($discover_func, @@ -249,6 +256,9 @@ class Auth_Yadis_Yadis { * * If Auth_Yadis_CURL_OVERRIDE is defined, this method will always * return a {@link Auth_Yadis_PlainHTTPFetcher}. + * + * @param int $timeout + * @return Auth_Yadis_ParanoidHTTPFetcher|Auth_Yadis_PlainHTTPFetcher */ static function getHTTPFetcher($timeout = 20) { @@ -268,6 +278,9 @@ class Auth_Yadis_Yadis { /** * @access private + * @param array $header_list + * @param array $names + * @return string */ static function _getHeader($header_list, $names) { @@ -284,6 +297,8 @@ class Auth_Yadis_Yadis { /** * @access private + * @param string $content_type_header + * @return string */ static function _getContentType($content_type_header) { @@ -291,6 +306,7 @@ class Auth_Yadis_Yadis { $parts = explode(";", $content_type_header); return strtolower($parts[0]); } + return ''; } /** @@ -300,16 +316,12 @@ class Auth_Yadis_Yadis { * * @param string $uri The URI on which to perform Yadis discovery. * - * @param array $http_response An array reference where the HTTP - * response object will be stored (see {@link - * Auth_Yadis_HTTPResponse}. - * * @param Auth_Yadis_HTTPFetcher $fetcher An instance of a * Auth_Yadis_HTTPFetcher subclass. * * @param array $extra_ns_map An array which maps namespace names * to namespace URIs to be used when parsing the Yadis XRDS - * document. + * document. UNUSED. * * @param integer $timeout An optional fetcher timeout, in seconds. * @@ -322,7 +334,6 @@ class Auth_Yadis_Yadis { { $result = new Auth_Yadis_DiscoveryResult($uri); - $request_uri = $uri; $headers = array("Accept: " . Auth_Yadis_CONTENT_TYPE . ', text/html; q=0.3, application/xhtml+xml; q=0.5'); diff --git a/plugins/openid/openid.php b/plugins/openid/openid.php index 5ad309fe..027512d3 100644 --- a/plugins/openid/openid.php +++ b/plugins/openid/openid.php @@ -1,11 +1,11 @@ . Project maintined on github at [diso/wordpress-openid](https://github.com/diso/wordpress-openid). += version 3.4.4 (Jan 12, 2018) = + - fixed bug with latest OpenID library + += version 3.4.3 (Jan 12, 2018) = + - update to latest OpenID library + = version 3.4.2 (Nov 20, 2016) = - update to latest OpenID library - fixed error response if nonce doesn't match https://github.com/diso/wordpress-openid/pull/46 diff --git a/plugins/openid/server.php b/plugins/openid/server.php index 2746de47..15e64d39 100644 --- a/plugins/openid/server.php +++ b/plugins/openid/server.php @@ -245,16 +245,11 @@ function openid_server_auth_request($request) { // get some user data $user = wp_get_current_user(); $author_url = get_author_posts_url($user->ID); - $id_select = ($request->identity == 'http://specs.openid.net/auth/2.0/identifier_select'); + $id_select = $request->idSelect(); // bail if user does not have access to OpenID provider if (!$user->has_cap('use_openid_provider')) return $request->answer(false); - // bail if user doesn't own identity and not using id select - if (!$id_select && ($author_url != $request->identity)) { - return $request->answer(false); - } - // if using id select but user is delegating, display error to user (unless checkid_immediate) if ($id_select && get_user_meta($user->ID, 'openid_delegate', true)) { if ($request->mode != 'checkid_immediate') { -- cgit v1.2.3-65-gdbad