Zend Framework: plugin OpenID

In your project (Questions and answers for programmers) in Zend Framework I need to connect an OpenID and after hours of work I successfully connected the standard sendowski service. I think the class as easy and convenient(like everything in Zend), but as it turned out, this service does not work with OpenId 2.0, Yes, he just did not finish.

A little digging in the source code I confirmed this — Consumer.php * todo OpenID 2.0 (7.3) XRI and Yadis discovery
Then he looked at the bug tracker and found that it weighs for a long time(very) and no hurry to finish. Then I started to look for an alternative. The choice fell on openidenabled.com/php-openid.

Following is an example that will allow those who are only going to connect to do it in about 15 minutes.

Download library openidenabled.com plug it in the php include path, or manually, whatever you like.

That would not do what has been done to me, I took the core component of the framework CakePhp.
Following code is modified for my desired component.

<?php

class OpenidComponent {
private $controller = null;

public function __construct($controller) {
$this->controller = $controller;
define('Auth_Yadis_CURL_OVERRIDE'true);
}

public function authenticate($openidUrl, $returnTo, $realm, $required = array(), $optional = array()) {
if (trim($openidUrl) != ") {
if ($this->isEmail($openidUrl)) {
$openidUrl = $this->transformEmailToOpenID($openidUrl);
}

$consumer = $this->getConsumer();

$authRequest = $consumer->begin($openidUrl);

if (!isset($authRequest) || !$authRequest) {
throw new InvalidArgumentException('Invalid OpenID');
}

if ($authRequest- > shouldSendRedirect()) {
$redirectUrl = $authRequest- > redirectUrl($realm, $returnTo);

if (Auth_OpenID::isFailure($redirectUrl)) {
throw new Exception('Could not redirect to server: '.$redirectUrl->message);
} else {
$this->controller->redirect($redirectUrl);
}
} else {
$formId = 'openid_message';
$formHtml = $authRequest- > formMarkup($realm, $returnTo false , array('id' => $formId));

if (Auth_OpenID::isFailure($formHtml)) {
throw new Exception('Could not redirect to server: '.$formHtml- > message);
} else {
return '<html><head><title>redirect to the page OpenId server</title></head>'.
"<body onload='document.getElementById(\"".$formId."\").submit()'>".
$formHtml.'</body></html>';
}
}
}
}

public function getResponse($currentUrl) {
$consumer = $this->getConsumer();
$response = $consumer- > complete($currentUrl, $this->getQuery());

return $response;
}

private function getConsumer() {
require_once 'Auth/OpenID/Consumer.php';
return new Auth_OpenID_Consumer($this->getFileStore());
}

private function getQuery() {
$query = Auth_OpenID::getQuery();

// unset the url parameter automatically added by app/webroot/.htaccess
// as it causes problems with the verification of the return_to url
unset($query['url']);

return $query;
}

private function isEmail($string) {
return strpos($string '@');
}

private function transformEmailToOpenID($email) {
if (include_once 'My/Auth/Yadis/Email.php') {
return Auth_Yadis_Email_getID($email);

throw new InvalidArgumentException('Invalid OpenID');
}

private function getFileStore() {

require_once 'Auth/OpenID/FileStore.php';

$storePath = Zend_Registry::getInstance()->configuration->openidFileStore;

if (!file_exists($storePath) && !mkdir($storePath,0777)) {
throw new Exception('Could not create the FileStore directory '.$storePath.'. Please check the effective permissions.');
}

return new Auth_OpenID_FileStore($storePath);
}
}

* This source code was highlighted with Source Code Highlighter.


public function openid(){
if (null === $this->_openid) {
require_once APPLICATION_PATH . '/models/openid.php';
$this->_openid = new OpenidComponent($this);
}
return $this->_openid;

}

* This source code was highlighted with Source Code Highlighter.


As parameter pass the controller to call the redirect(openId previous version), but since $this->_redirect(); is a protected method and cannot be called from other classes, I added a wrapper for it in the controller class(it is certainly better to do it through interfaces, but it is a matter of each).

public function redirect($url){
$this->_redirect($url);
}

* This source code was highlighted with Source Code Highlighter.


define('Auth_Yadis_CURL_OVERRIDE',true); — means that you will use file_get_contents and not curl(for discovery). I have curl installed but when working with https, like Google, the library doesn't display any errors, but not working. I'll spend my time, but it is set up that would work, most likely the problem is in my settings or server configuration.

So, how to use it.

Do action in LoginController, which will get after the user has entered his ID in the input box and clicked login.

public openidAction function(){
error_reporting(E_ERROR);
$auth = Zend_Auth::getInstance();
$flashMessenger = $this->_helper- > FlashMessenger;
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$identifier = trim($this->getRequest()->getParam("openid_identifier"));
$openidComponent = $this->openid();
try{
$ret = $openidComponent->authenticate($identifier,Zend_Registry::getInstance()->configuration->webhost.'/login/openidcallback/',Zend_Registry::getInstance()->configuration->webhost, $required = array(), $optional = array());
if ($ret){
echo $ret;
}

}catch(Exception $e){

Zend_Registry::getInstance()->logger->ERR("openid error:".$e->getMessage().$e->getTraceAsString());
$flashMessenger- > addMessage("Incorrect openID!");
return $this->_redirect('/login/');
}
}

* This source code was highlighted with Source Code Highlighter.


Zend_Registry::getInstance()->configuration->webhost = is the name of my host, it is possible to get variable from SERVER(but I need it in other places)

Zend_Registry::getInstance()->configuration->webhost.'/login/openidcallback/ — this is where OpendId server needs to do a redirect after the login(successful or by pressing cancel). You can go back to /login/ with some parameter, and process it, again a personal matter.

Next, the code which checks the login in the return from the OpenId server:

public openidcallbackAction function(){

$openidComponent = $this->openid();
$response = $openidComponent->getResponse(Zend_Registry::getInstance()->configuration->webhost.'/login/openidcallback/');
$flashMessenger = $this->_helper- > FlashMessenger;
if ($response->status == Auth_OpenID_CANCEL) {

$flashMessenger- > addMessage('Verification was cancelled!');
return $this->_redirect('/login/');
} else if ($response->status == Auth_OpenID_FAILURE) {
$flashMessenger- > addMessage("authorization Error: $response->message !");
return $this->_redirect('/login/');
} else if ($response->status == Auth_OpenID_SUCCESS) {

$auth = Zend_Auth::getInstance();
$openid = $response->getDisplayIdentifier();
$model = $this->getUserModel();
//look for user, if not found suggest to choose a userName on site
$user = $model->findByOpenid($openid);
if ($user){
$auth->getStorage()->write($user);

return $this->_redirect("/");//main page
}

$flashMessenger- > addMessage('You first on the website. Please choose a username!');

$model = Lookup::get()->user();
$newUser = $model->create();
$newUser- > save();

$auth->getStorage()->write($newUser);
$openid = $response->getDisplayIdentifier();
$model->addUserOpenidURL($newUser, $openid);
return $this->_redirect('/settings/choosename/');

}

}

* This source code was highlighted with Source Code Highlighter.


Storage Association between a database user and OpenID ID I am using a table. findByOpenid and addUserOpenidURL work with her. I thought that "unknown" or "guest" inappropriate for my site, and if the user is successfully primogenita, but for the first time on the site, I suggest to choose a user name to continue(this paragraph might be superfluous for those who do not believe).

To store OpenId associations and nonces(don't know how to translate better) use file storage, because storage in the database this library material requires a connection to the database from PEAR, and I didn't want unnecessary objects.

I hope the developers of Zend decide to finish implementing OpenId and then I will have to write a data migration from the format of this library in a Zend format, I think it will not create any problems, and can serve as a topic for a separate topic.

Maybe someone made a patch to the zend framework and already successfully utilizes native sendowski services, I would be very grateful if You share them.

If someone is topic useful but not sufficiently detailed, write comments, will try to add.

P. S. please really don't quibble over Naming Conventions, I know I don't really follow :)
Article based on information from habrahabr.ru

Comments

Post a Comment

Popular posts from this blog

Powershell and Cyrillic in the console (updated)

Image
In the development process is very often necessary to run a powershell script from a console application. What could be easier? the #test.ps1 & $PSScriptRoot\ConsoleApp.exe Examine the behavior of console applications when running them from the command line, using PowerShell and using PowerShell ISE: execution Result In PowerShell ISE, there is a problem with encoding, as the ISE expects the output to the encoding 1251. Use Google and find two problem solving: c use [Console]::OutputEncoding and through the powershell pipeline. Let's use the first solution: test2.ps1 $ErrorActionPreference = "Stop" function RunConsole($scriptBlock) { $encoding = [Console]::OutputEncoding [Console]::OutputEncoding = [System.Text.Encoding]::GetEncoding("cp866") try { &$scriptBlock } finally { [Console]::OutputEncoding = $encoding } } RunConsole { & $PSScriptRoot\ConsoleApp1.exe } execution Result At the command prompt, all is well, bu
Read more

Active/Passive PostgreSQL Cluster, using Pacemaker, Corosync

Image
Description This article describes an example of configuring Active/Passive PostgreSQL cluster, using Pacemaker, Corosync. As the disk subsystem is considered the drive from the system data storage (CSV). Similar to the Windows Failover Cluster from Microsoft. Technical details: OS Version — CentOS 7.1 Version package pacemaker — 1.1.13-10 Package version pcs — 0.9.143 PostgreSQL — 9.4.6 As servers(2pcs) — iron server 2*12 CPU/ memory 94GB As a CSV(Cluster Shared Volume) — an array of class Mid-Range Hitachi RAID 1+0 Preparation of cluster nodes Rule /etc/hosts on both hosts and make the visibility of hosts to each other by short names, for example: the [root@node1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.1.66.23 node1.local.lan node1 10.1.66.24 node2.local.lan node2 Also make exchange between servers using SSH keys and
Read more

Automatic deployment ElasticBeanstalk using Bitbucket Pipelines

Image
bitbucket is a service ( Bitbucket Pipelines), which among other things allows extremely simple to automate the deployment of applications in the Amazon cloud, in particular using ElasticBeanstallk. To whom interesting, I ask under kat. the Prerequirements You should already be created ElasticBeanstalk application and deployed environments (in order to do this, refer to the official AWS documentation for, so, for example, unfolds Django ). Since the service is still undergoing testing, you need to request access to it here . the project setup Let's say we have two branches, master and we want to deplot on production environment and development — development environment. Create in the root of the project file bitbucket-pipelines.yml with the following content: the image: python:2.7.11 pipelines: branches: master: - step: script: - apt-get update # to install required zip - apt-get install -y zip # required for packaging up the application - pip install b
Read more