diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2018-03-10 19:18:59 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2018-03-10 19:18:59 -0500 |
commit | 8370303a3d5f30b78ae37116ca2df8c7525d9e49 (patch) | |
tree | 3068eded62cf46faf6be67959c546ad4a55176e2 | |
parent | Update jetpack 5.9 (diff) | |
download | blogs-gentoo-8370303a3d5f30b78ae37116ca2df8c7525d9e49.tar.gz blogs-gentoo-8370303a3d5f30b78ae37116ca2df8c7525d9e49.tar.bz2 blogs-gentoo-8370303a3d5f30b78ae37116ca2df8c7525d9e49.zip |
Update openid 3.4.4
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
39 files changed, 1388 insertions, 502 deletions
diff --git a/plugins/openid/lib/Auth/OpenID.php b/plugins/openid/lib/Auth/OpenID.php index c9d97796..4d8fffa3 100644 --- a/plugins/openid/lib/Auth/OpenID.php +++ b/plugins/openid/lib/Auth/OpenID.php @@ -117,6 +117,8 @@ class Auth_OpenID { * false if not. * * @access private + * @param object|string $thing + * @return bool */ static function isFailure($thing) { @@ -141,6 +143,8 @@ class Auth_OpenID { * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html * * @access private + * @param string|null $query_str + * @return array */ static function getQuery($query_str=null) { @@ -203,6 +207,8 @@ class Auth_OpenID { * true if the operation succeeded; false if not. * * @access private + * @param string $dir_name + * @return bool */ static function ensureDir($dir_name) { @@ -225,6 +231,9 @@ class Auth_OpenID { * array containing the prefixed values. * * @access private + * @param array $values + * @param string $prefix + * @return array */ static function addPrefix($values, $prefix) { @@ -241,6 +250,10 @@ class Auth_OpenID { * or return $default if the key is absent. * * @access private + * @param array $arr + * @param string $key + * @param mixed $fallback + * @return mixed */ static function arrayGet($arr, $key, $fallback = null) { @@ -261,6 +274,9 @@ class Auth_OpenID { /** * Replacement for PHP's broken parse_str. + * + * @param string|null $query + * @return array|null */ static function parse_str($query) { @@ -435,7 +451,7 @@ class Auth_OpenID { if ($normalized === null) { return null; } - list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); + list($defragged) = Auth_OpenID::urldefrag($normalized); return $defragged; } @@ -443,6 +459,8 @@ class Auth_OpenID { * Replacement (wrapper) for PHP's intval() because it's broken. * * @access private + * @param string|int $value + * @return bool|int */ static function intval($value) { @@ -470,6 +488,9 @@ class Auth_OpenID { /** * Get the bytes in a string independently of multibyte support * conditions. + * + * @param string $str + * @return array */ static function toBytes($str) { diff --git a/plugins/openid/lib/Auth/OpenID/AX.php b/plugins/openid/lib/Auth/OpenID/AX.php index 49cf2676..acc9af52 100644 --- a/plugins/openid/lib/Auth/OpenID/AX.php +++ b/plugins/openid/lib/Auth/OpenID/AX.php @@ -47,6 +47,9 @@ class Auth_OpenID_AX { /** * Check an alias for invalid characters; raise AXError if any are * found. Return None if the alias is valid. + * + * @param string $alias + * @return Auth_OpenID_AX_Error|bool */ function Auth_OpenID_AX_checkAlias($alias) { @@ -86,15 +89,15 @@ class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { * ns_alias: The preferred namespace alias for attribute exchange * messages */ - var $ns_alias = 'ax'; + public $ns_alias = 'ax'; /** * mode: The type of this attribute exchange message. This must be * overridden in subclasses. */ - var $mode = null; + public $mode = null; - var $ns_uri = Auth_OpenID_AX_NS_URI; + public $ns_uri = Auth_OpenID_AX_NS_URI; /** * Return Auth_OpenID_AX_Error if the mode in the attribute @@ -102,6 +105,8 @@ class Auth_OpenID_AX_Message extends Auth_OpenID_Extension { * class; true otherwise. * * @access private + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool */ function _checkMode($ax_args) { @@ -190,6 +195,12 @@ class Auth_OpenID_AX_AttrInfo { /** * Construct an attribute information object. For parameter * details, see the constructor. + * + * @param string $type_uri + * @param int $count + * @param bool $required + * @param string|null $alias + * @return Auth_OpenID_AX_AttrInfo|Auth_OpenID_AX_Error|bool */ static function make($type_uri, $count=1, $required=false, $alias=null) @@ -224,11 +235,11 @@ class Auth_OpenID_AX_AttrInfo { * list of namespace aliases, return a list of type URIs that * correspond to those aliases. * - * @param $namespace_map The mapping from namespace URI to alias - * @param $alias_list_s The string containing the comma-separated + * @param Auth_OpenID_NamespaceMap $namespace_map The mapping from namespace URI to alias + * @param string $alias_list_s The string containing the comma-separated * list of aliases. May also be None for convenience. * - * @return $seq The list of namespace URIs that corresponds to the + * @return string[]|Auth_OpenID_AX_Error The list of namespace URIs that corresponds to the * supplied list of aliases. If the string was zero-length or None, an * empty list will be returned. * @@ -267,21 +278,27 @@ function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s) */ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { - var $mode = 'fetch_request'; + public $mode = 'fetch_request'; + + /** + * update_url: A URL that will accept responses for this + * attribute exchange request, even in the absence of the user + * who made this request. + * + * @var string + */ + public $update_url = ''; + + /** + * requested_attributes: The attributes that have been + * requested thus far, indexed by the type URI. + * + * @var array + */ + private $requested_attributes = array(); function __construct($update_url=null) { - /** - * requested_attributes: The attributes that have been - * requested thus far, indexed by the type URI. - */ - $this->requested_attributes = array(); - - /** - * update_url: A URL that will accept responses for this - * attribute exchange request, even in the absence of the user - * who made this request. - */ $this->update_url = $update_url; } @@ -289,8 +306,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { * Add an attribute to this attribute exchange request. * * @param attribute: The attribute that is being requested - * @return true on success, false when the requested attribute is - * already present in this fetch request. + * @return bool|Auth_OpenID_AX_Error */ function add($attribute) { @@ -308,9 +324,10 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Get the serialized form of this attribute fetch request. * - * @returns Auth_OpenID_AX_FetchRequest The fetch request message parameters + * @param Auth_OpenID_Request|null $request + * @return Auth_OpenID_AX_Error|Auth_OpenID_AX_FetchRequest The fetch request message parameters */ - function getExtensionArgs() + function getExtensionArgs($request = null) { $aliases = new Auth_OpenID_NamespaceMap(); @@ -361,7 +378,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { * Get the type URIs for all attributes that have been marked as * required. * - * @return A list of the type URIs for attributes that have been + * @return array A list of the type URIs for attributes that have been * marked as required. */ function getRequiredAttrs() @@ -379,12 +396,9 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Extract a FetchRequest from an OpenID message * - * @param request: The OpenID request containing the attribute - * fetch request + * @param Auth_OpenID_Request $request The OpenID request containing the attribute fetch request * - * @returns mixed An Auth_OpenID_AX_Error or the - * Auth_OpenID_AX_FetchRequest extracted from the request message if - * successful + * @return Auth_OpenID_AX_FetchRequest|Auth_OpenID_AX_Error */ static function fromOpenIDRequest($request) { @@ -424,11 +438,12 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Given attribute exchange arguments, populate this FetchRequest. * - * @return $result Auth_OpenID_AX_Error if the data to be parsed + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool if the data to be parsed * does not follow the attribute exchange specification. At least * when 'if_available' or 'required' is not specified for a * particular attribute type. Returns true otherwise. - */ + */ function parseExtensionArgs($ax_args) { $result = $this->_checkMode($ax_args); @@ -524,6 +539,9 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { /** * Is the given type URI present in this fetch_request? + * + * @param string $type_uri + * @return bool */ function contains($type_uri) { @@ -540,10 +558,8 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { */ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { - function __construct() - { - $this->data = array(); - } + /** @var array */ + protected $data = array(); /** * Add a single value for the given attribute type to the @@ -554,7 +570,6 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * @param type_uri: The URI for the attribute * @param value: The value to add to the response to the relying * party for this attribute - * @return null */ function addValue($type_uri, $value) { @@ -582,12 +597,13 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * Get the extension arguments for the key/value pairs contained * in this message. * - * @param aliases: An alias mapping. Set to None if you don't care + * @param Auth_OpenID_NamespaceMap $aliases An alias mapping. Set to None if you don't care * about the aliases for this request. * * @access private + * @return array */ - function _getExtensionKVArgs($aliases) + function _getExtensionKpublicgs($aliases) { if ($aliases === null) { $aliases = new Auth_OpenID_NamespaceMap(); @@ -613,10 +629,10 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { /** * Parse attribute exchange key/value arguments into this object. * - * @param ax_args: The attribute exchange fetch_response + * @param array $ax_args The attribute exchange fetch_response * arguments, with namespacing removed. * - * @return Auth_OpenID_AX_Error or true + * @return Auth_OpenID_AX_Error|bool */ function parseExtensionArgs($ax_args) { @@ -711,13 +727,11 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * this attribute, use the supplied default. If there is more than * one value for this attribute, this method will fail. * - * @param type_uri: The URI for the attribute - * @param default: The value to return if the attribute was not + * @param string $type_uri The URI for the attribute + * @param mixed $default The value to return if the attribute was not * sent in the fetch_response. * - * @return $value Auth_OpenID_AX_Error on failure or the value of - * the attribute in the fetch_response message, or the default - * supplied + * @return Auth_OpenID_AX_Error|mixed */ function getSingle($type_uri, $default=null) { @@ -744,9 +758,9 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * the user's code, so it might be okay. If no default is * supplied, should the return be None or []? * - * @param type_uri: The URI of the attribute + * @param string $type_uri The URI of the attribute * - * @return $values The list of values for this attribute in the + * @return Auth_OpenID_AX_Error|array The list of values for this attribute in the * response. May be an empty list. If the attribute was not sent * in the response, returns Auth_OpenID_AX_Error. */ @@ -766,9 +780,9 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * Get the number of responses for a particular attribute in this * fetch_response message. * - * @param type_uri: The URI of the attribute + * @param string $type_uri The URI of the attribute * - * @returns int The number of values sent for this attribute. If + * @returns int|Auth_OpenID_AX_Error The number of values sent for this attribute. If * the attribute was not sent in the response, returns * Auth_OpenID_AX_Error. */ @@ -791,11 +805,13 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * @package OpenID */ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'fetch_response'; + public $mode = 'fetch_response'; + + /** @var string */ + private $update_url = ''; function __construct($update_url=null) { - parent::__construct(); $this->update_url = $update_url; } @@ -803,7 +819,8 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * Serialize this object into arguments in the attribute exchange * namespace * - * @return $args The dictionary of unqualified attribute exchange + * @param Auth_OpenID_AX_FetchRequest|null $request + * @return Auth_OpenID_AX_Error|array|null $args The dictionary of unqualified attribute exchange * arguments that represent this fetch_response, or * Auth_OpenID_AX_Error on error. */ @@ -863,7 +880,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { } } - $kv_args = $this->_getExtensionKVArgs($aliases); + $kv_args = $this->_getExtensionKpublicgs($aliases); // Add the KV args into the response with the args that are // unique to the fetch_response @@ -894,7 +911,8 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { } /** - * @return $result Auth_OpenID_AX_Error on failure or true on + * @param array $ax_args + * @return Auth_OpenID_AX_Error|bool Auth_OpenID_AX_Error on failure or true on * success. */ function parseExtensionArgs($ax_args) @@ -914,12 +932,12 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * - * @param success_response: A successful id_res response object + * @param Auth_OpenID_SuccessResponse $success_response A successful id_res response object * - * @param signed: Whether non-signed args should be processsed. If + * @param bool $signed Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * - * @return $response A FetchResponse containing the data from the + * @return Auth_OpenID_AX_FetchResponse|null A FetchResponse containing the data from the * OpenID message */ static function fromSuccessResponse($success_response, $signed=true) @@ -950,16 +968,17 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * @package OpenID */ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { - var $mode = 'store_request'; + public $mode = 'store_request'; /** - * @param array $aliases The namespace aliases to use when making + * @param Auth_OpenID_NamespaceMap $aliases The namespace aliases to use when making * this store response. Leave as None to use defaults. + * @return array|null */ function getExtensionArgs($aliases=null) { $ax_args = $this->_newArgs(); - $kv_args = $this->_getExtensionKVArgs($aliases); + $kv_args = $this->_getExtensionKpublicgs($aliases); Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } @@ -973,12 +992,18 @@ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { * @package OpenID */ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { - var $SUCCESS_MODE = 'store_response_success'; - var $FAILURE_MODE = 'store_response_failure'; + public $SUCCESS_MODE = 'store_response_success'; + public $FAILURE_MODE = 'store_response_failure'; /** - * Returns Auth_OpenID_AX_Error on error or an - * Auth_OpenID_AX_StoreResponse object on success. + * @var string + */ + private $error_message = ''; + + /** + * @param bool $succeeded + * @param string $error_message + * @return Auth_OpenID_AX_Error|Auth_OpenID_AX_StoreResponse */ function make($succeeded=true, $error_message=null) { @@ -1009,7 +1034,14 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { return $this->mode == $this->SUCCESS_MODE; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { $ax_args = $this->_newArgs(); if ((!$this->succeeded()) && $this->error_message) { diff --git a/plugins/openid/lib/Auth/OpenID/Association.php b/plugins/openid/lib/Auth/OpenID/Association.php index 47eac84d..23ced3a4 100644 --- a/plugins/openid/lib/Auth/OpenID/Association.php +++ b/plugins/openid/lib/Auth/OpenID/Association.php @@ -48,14 +48,14 @@ class Auth_OpenID_Association { * * @access private */ - var $SIG_LENGTH = 20; + public $SIG_LENGTH = 20; /** * The ordering and name of keys as stored by serialize. * * @access private */ - var $assoc_keys = array( + public $assoc_keys = array( 'version', 'handle', 'secret', @@ -64,7 +64,7 @@ class Auth_OpenID_Association { 'assoc_type' ); - var $_macs = array( + public $_macs = array( 'HMAC-SHA1' => 'Auth_OpenID_HMACSHA1', 'HMAC-SHA256' => 'Auth_OpenID_HMACSHA256' ); @@ -83,16 +83,15 @@ class Auth_OpenID_Association { * @param string $handle This is the handle the server gave this * association. * - * @param string secret This is the shared secret the server + * @param string $secret This is the shared secret the server * generated for this association. * - * @param assoc_type This is the type of association this + * @param string $assoc_type This is the type of association this * instance represents. The only valid values of this field at * this time is 'HMAC-SHA1' and 'HMAC-SHA256', but new types may * be defined in the future. * - * @return association An {@link Auth_OpenID_Association} - * instance. + * @return Auth_OpenID_Association */ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) { @@ -148,7 +147,8 @@ class Auth_OpenID_Association { * This returns the number of seconds this association is still * valid for, or 0 if the association is no longer valid. * - * @return integer $seconds The number of seconds this association + * @param int|null $now + * @return int $seconds The number of seconds this association * is still valid for, or 0 if the association is no longer valid. */ function getExpiresIn($now = null) @@ -164,6 +164,7 @@ class Auth_OpenID_Association { * This checks to see if two {@link Auth_OpenID_Association} * instances represent the same association. * + * @param object $other * @return bool $result true if the two instances represent the * same association, false otherwise. */ @@ -196,13 +197,14 @@ class Auth_OpenID_Association { assert(array_keys($data) == $this->assoc_keys); - return Auth_OpenID_KVForm::fromArray($data, $strict = true); + return Auth_OpenID_KVForm::fromArray($data); } /** * Parse an association as stored by serialize(). This is the * inverse of serialize. * + * @param string $class_name * @param string $assoc_s Association as serialized by serialize() * @return Auth_OpenID_Association $result instance of this class */ @@ -274,11 +276,12 @@ class Auth_OpenID_Association { * Generate a signature for some fields in a dictionary * * @access private - * @param array $fields The fields to sign, in order; this is an + * @param Auth_OpenID_Message $message + * @return string $signature The signature, base64 encoded + * @internal param array $fields The fields to sign, in order; this is an * array of strings. - * @param array $data Dictionary of values to sign (an array of + * @internal param array $data Dictionary of values to sign (an array of * string => string pairs). - * @return string $signature The signature, base64 encoded */ function signMessage($message) { @@ -326,6 +329,8 @@ class Auth_OpenID_Association { * the message lacks a signed list, return null. * * @access private + * @param Auth_OpenID_Message $message + * @return array|null */ function _makePairs($message) { @@ -351,6 +356,8 @@ class Auth_OpenID_Association { * the signed list in the message. * * @access private + * @param Auth_OpenID_Message $message + * @return string */ function getMessageSignature($message) { @@ -363,6 +370,8 @@ class Auth_OpenID_Association { * signature contained in the data. * * @access private + * @param Auth_OpenID_Message $message + * @return bool */ function checkMessageSignature($message) { @@ -405,6 +414,10 @@ function Auth_OpenID_getSupportedAssociationTypes() return $a; } +/** + * @param string $assoc_type + * @return mixed + */ function Auth_OpenID_getSessionTypes($assoc_type) { $assoc_to_session = array( @@ -534,6 +547,8 @@ class Auth_OpenID_SessionNegotiator { * combination is valid. * * @access private + * @param array $allowed_types + * @return bool */ function setAllowedTypes($allowed_types) { @@ -554,6 +569,9 @@ class Auth_OpenID_SessionNegotiator { * they are added. * * @access private + * @param $assoc_type + * @param null $session_type + * @return bool */ function addAllowedType($assoc_type, $session_type = null) { diff --git a/plugins/openid/lib/Auth/OpenID/BigMath.php b/plugins/openid/lib/Auth/OpenID/BigMath.php index 58b46bf2..6a33322a 100644 --- a/plugins/openid/lib/Auth/OpenID/BigMath.php +++ b/plugins/openid/lib/Auth/OpenID/BigMath.php @@ -30,7 +30,7 @@ require_once 'Auth/OpenID.php'; * @access private * @package OpenID */ -class Auth_OpenID_MathLibrary { +abstract class Auth_OpenID_MathLibrary { /** * Given a long integer, returns the number converted to a binary * string. This function accepts long integer values of arbitrary @@ -78,7 +78,7 @@ class Auth_OpenID_MathLibrary { * Given a binary string, returns the binary string converted to a * long number. * - * @param string $binary The binary version of a long number, + * @param string $str The binary version of a long number, * probably as a result of calling longToBinary * @return integer $long The long number equivalent of the binary * string $str @@ -131,12 +131,8 @@ class Auth_OpenID_MathLibrary { * and will utilize the local large-number math library when * available. * - * @param integer $start The start of the range, or the minimum - * random number to return * @param integer $stop The end of the range, or the maximum * random number to return - * @param integer $step The step size, such that $result - ($step - * * N) = $start for some N * @return integer $result The resulting randomly-generated number */ function rand($stop) @@ -176,6 +172,55 @@ class Auth_OpenID_MathLibrary { return $this->mod($n, $stop); } + + /** + * @param int $number + * @param int $base + * @return int + */ + abstract protected function init($number, $base = 10); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract public function cmp($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function add($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function mul($x, $y); + + /** + * @param int $x + * @param int $y + * @return int + */ + abstract protected function div($x, $y); + + /** + * @param int $base + * @param int $modulus + * @return int + */ + abstract protected function mod($base, $modulus); + + /** + * @param int $base + * @param int $exponent + * @return int + */ + abstract protected function pow($base, $exponent); } /** @@ -188,7 +233,7 @@ class Auth_OpenID_MathLibrary { * @package OpenID */ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ - var $type = 'bcmath'; + public $type = 'bcmath'; function add($x, $y) { @@ -234,6 +279,10 @@ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ * Same as bcpowmod when bcpowmod is missing * * @access private + * @param int $base + * @param int $exponent + * @param int $modulus + * @return int */ function _powmod($base, $exponent, $modulus) { @@ -274,7 +323,7 @@ class Auth_OpenID_BcMathWrapper extends Auth_OpenID_MathLibrary{ * @package OpenID */ class Auth_OpenID_GmpMathWrapper extends Auth_OpenID_MathLibrary{ - var $type = 'gmp'; + public $type = 'gmp'; function add($x, $y) { @@ -360,11 +409,12 @@ function Auth_OpenID_math_extensions() /** * Detect which (if any) math library is available + * + * @param array $exts + * @return bool */ function Auth_OpenID_detectMathLibrary($exts) { - $loaded = false; - foreach ($exts as $extension) { if (extension_loaded($extension['extension'])) { return $extension; @@ -391,8 +441,7 @@ function Auth_OpenID_detectMathLibrary($exts) * This function checks for the existence of specific long number * implementations in the following order: GMP followed by BCmath. * - * @return Auth_OpenID_MathWrapper $instance An instance of - * {@link Auth_OpenID_MathWrapper} or one of its subclasses + * @return Auth_OpenID_MathLibrary|null * * @package OpenID */ @@ -421,12 +470,10 @@ function Auth_OpenID_getMathLib() foreach (Auth_OpenID_math_extensions() as $extinfo) { $tried[] = $extinfo['extension']; } - $triedstr = implode(", ", $tried); Auth_OpenID_setNoMathSupport(); - $result = null; - return $result; + return null; } // Instantiate a new wrapper diff --git a/plugins/openid/lib/Auth/OpenID/Consumer.php b/plugins/openid/lib/Auth/OpenID/Consumer.php index c2b8c34b..fb1257ef 100644 --- a/plugins/openid/lib/Auth/OpenID/Consumer.php +++ b/plugins/openid/lib/Auth/OpenID/Consumer.php @@ -214,20 +214,14 @@ define('Auth_OpenID_PARSE_ERROR', 'parse error'); */ class Auth_OpenID_Consumer { - /** - * @access private - */ - var $discoverMethod = 'Auth_OpenID_discover'; + private $discoverMethod = 'Auth_OpenID_discover'; - /** - * @access private - */ - var $session_key_prefix = "_openid_consumer_"; + private $session_key_prefix = "_openid_consumer_"; - /** - * @access private - */ - var $_token_suffix = "last_token"; + private $_token_suffix = "last_token"; + + /** @var Auth_OpenID_GenericConsumer */ + public $consumer; /** * Initialize a Consumer instance. @@ -254,12 +248,11 @@ class Auth_OpenID_Consumer { * need to pass something here if you have your own sessioning * implementation. * - * @param str $consumer_cls The name of the class to instantiate + * @param string $consumer_cls The name of the class to instantiate * when creating the internal consumer object. This is used for * testing. */ - function __construct($store, $session = null, - $consumer_cls = null) + function __construct($store, $session = null, $consumer_cls = null) { if ($session === null) { $session = new Auth_Yadis_PHPSession(); @@ -280,12 +273,14 @@ class Auth_OpenID_Consumer { * Used in testing to define the discovery mechanism. * * @access private + * @param Auth_Yadis_PHPSession $session + * @param string $openid_url + * @param string $session_key_prefix + * @return Auth_Yadis_Discovery */ - function getDiscoveryObject($session, $openid_url, - $session_key_prefix) + function getDiscoveryObject($session, $openid_url, $session_key_prefix) { - return new Auth_Yadis_Discovery($session, $openid_url, - $session_key_prefix); + return new Auth_Yadis_Discovery($session, $openid_url, $session_key_prefix); } /** @@ -364,10 +359,10 @@ class Auth_OpenID_Consumer { * @param Auth_OpenID_ServiceEndpoint $endpoint an OpenID service * endpoint descriptor. * - * @param bool anonymous Set to true if you want to perform OpenID + * @param bool $anonymous Set to true if you want to perform OpenID * without identifiers. * - * @return Auth_OpenID_AuthRequest $auth_request An OpenID + * @return Auth_OpenID_AuthRequest|Auth_OpenID_FailureResponse $auth_request An OpenID * authentication request object. */ function beginWithoutDiscovery($endpoint, $anonymous=false) @@ -451,10 +446,10 @@ class Auth_OpenID_Consumer { * @package OpenID */ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { - var $session_type = 'DH-SHA1'; - var $hash_func = 'Auth_OpenID_SHA1'; - var $secret_size = 20; - var $allowed_assoc_types = array('HMAC-SHA1'); + public $session_type = 'DH-SHA1'; + public $hash_func = 'Auth_OpenID_SHA1'; + public $secret_size = 20; + public $allowed_assoc_types = array('HMAC-SHA1'); function __construct($dh = null) { @@ -484,6 +479,10 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { return $args; } + /** + * @param Auth_OpenID_Message $response + * @return null|string + */ function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, @@ -514,10 +513,10 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { */ class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends Auth_OpenID_DiffieHellmanSHA1ConsumerSession { - var $session_type = 'DH-SHA256'; - var $hash_func = 'Auth_OpenID_SHA256'; - var $secret_size = 32; - var $allowed_assoc_types = array('HMAC-SHA256'); + public $session_type = 'DH-SHA256'; + public $hash_func = 'Auth_OpenID_SHA256'; + public $secret_size = 32; + public $allowed_assoc_types = array('HMAC-SHA256'); } /** @@ -526,14 +525,18 @@ class Auth_OpenID_DiffieHellmanSHA256ConsumerSession extends * @package OpenID */ class Auth_OpenID_PlainTextConsumerSession { - var $session_type = 'no-encryption'; - var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); + public $session_type = 'no-encryption'; + public $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); function getRequest() { return array(); } + /** + * @param Auth_OpenID_Message $response + * @return bool|null|string + */ function extractSecret($response) { if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) { @@ -569,29 +572,29 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - var $discoverMethod = 'Auth_OpenID_discover'; + public $discoverMethod = 'Auth_OpenID_discover'; /** * This consumer's store object. */ - var $store; + public $store; /** * @access private */ - var $_use_assocs; + public $_use_assocs; /** * @access private */ - var $openid1_nonce_query_arg_name = 'janrain_nonce'; + public $openid1_nonce_query_arg_name = 'janrain_nonce'; /** * Another query parameter that gets added to the return_to for * OpenID 1; if the user's session state is lost, use this claimed * identifier to do discovery when verifying the response. */ - var $openid1_return_to_identifier_name = 'openid1_claimed_id'; + public $openid1_return_to_identifier_name = 'openid1_claimed_id'; /** * This method initializes a new {@link Auth_OpenID_Consumer} @@ -605,11 +608,6 @@ class Auth_OpenID_GenericConsumer { * filesystem-backed store, see the {@link Auth_OpenID_FileStore} module. * As a last resort, if it isn't possible for the server to store * state at all, an instance of {@link Auth_OpenID_DumbStore} can be used. - * - * @param bool $immediate This is an optional boolean value. It - * controls whether the library uses immediate mode, as explained - * in the module description. The default value is False, which - * disables immediate mode. */ function __construct($store) { @@ -630,6 +628,8 @@ class Auth_OpenID_GenericConsumer { * {@link Auth_OpenID_ServiceEndpoint}. * * @access private + * @param Auth_OpenID_ServiceEndpoint $service_endpoint + * @return Auth_OpenID_AuthRequest */ function begin($service_endpoint) { @@ -652,6 +652,10 @@ class Auth_OpenID_GenericConsumer { * complete OpenID authentication. * * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_SuccessResponse */ function complete($message, $endpoint, $return_to) { @@ -674,8 +678,11 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse */ - function _completeInvalid($message, $endpoint, $unused) + function _completeInvalid($message, $endpoint) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', '<No mode set>'); @@ -686,16 +693,22 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_CancelResponse */ - function _complete_cancel($message, $endpoint, $unused) + function _complete_cancel($message, $endpoint) { return new Auth_OpenID_CancelResponse($endpoint); } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse */ - function _complete_error($message, $endpoint, $unused) + function _complete_error($message, $endpoint) { $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact'); @@ -707,8 +720,11 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SetupNeededResponse */ - function _complete_setup_needed($message, $endpoint, $unused) + function _complete_setup_needed($message, $endpoint) { if (!$message->isOpenID2()) { return $this->_completeInvalid($message, $endpoint); @@ -721,15 +737,17 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SetupNeededResponse|Auth_OpenID_SuccessResponse|null */ function _complete_id_res($message, $endpoint, $return_to) { - $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, - 'user_setup_url'); + $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, 'user_setup_url'); if ($this->_checkSetupNeeded($message)) { - return new Auth_OpenID_SetupNeededResponse( - $endpoint, $user_setup_url); + return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } else { return $this->_doIdRes($message, $endpoint, $return_to); } @@ -737,6 +755,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return bool */ function _checkSetupNeeded($message) { @@ -756,6 +776,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $return_to + * @return Auth_OpenID_FailureResponse|Auth_OpenID_SuccessResponse|mixed|null|string */ function _doIdRes($message, $endpoint, $return_to) { @@ -783,8 +807,7 @@ class Auth_OpenID_GenericConsumer { $endpoint = $result; - $result = $this->_idResCheckSignature($message, - $endpoint->server_url); + $result = $this->_idResCheckSignature($message, $endpoint->server_url); if (Auth_OpenID::isFailure($result)) { return $result; @@ -812,6 +835,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $return_to + * @return bool */ function _checkReturnTo($message, $return_to) { @@ -879,6 +905,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param array $query + * @return Auth_OpenID_FailureResponse|bool */ function _verifyReturnToArgs($query) { @@ -936,6 +964,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return Auth_OpenID_FailureResponse|null */ function _idResCheckSignature($message, $server_url) { @@ -983,20 +1014,24 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint|null $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResults($message, $endpoint=null) { if ($message->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS) { - return $this->_verifyDiscoveryResultsOpenID2($message, - $endpoint); + return $this->_verifyDiscoveryResultsOpenID2($message, $endpoint); } else { - return $this->_verifyDiscoveryResultsOpenID1($message, - $endpoint); + return $this->_verifyDiscoveryResultsOpenID1($message, $endpoint); } } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResultsOpenID1($message, $endpoint) { @@ -1054,6 +1089,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_ServiceEndpoint $to_match + * @return Auth_OpenID_FailureResponse|null */ function _verifyDiscoverySingle($endpoint, $to_match) { @@ -1069,8 +1107,7 @@ class Auth_OpenID_GenericConsumer { // Fragments do not influence discovery, so we can't compare a // claimed identifier with a fragment to discovered // information. - list($defragged_claimed_id, $_) = - Auth_OpenID::urldefrag($to_match->claimed_id); + list($defragged_claimed_id) = Auth_OpenID::urldefrag($to_match->claimed_id); if ($defragged_claimed_id != $endpoint->claimed_id) { return new Auth_OpenID_FailureResponse($endpoint, @@ -1106,6 +1143,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryResultsOpenID2($message, $endpoint) { @@ -1182,11 +1222,14 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param string $claimed_id + * @param Auth_OpenID_ServiceEndpoint[] $to_match_endpoints + * @return Auth_OpenID_FailureResponse */ function _discoverAndVerify($claimed_id, $to_match_endpoints) { // oidutil.log('Performing discovery on %s' % (claimed_id,)) - list($unused, $services) = call_user_func_array($this->discoverMethod, + list(, $services) = call_user_func_array($this->discoverMethod, array( $claimed_id, $this->fetcher, @@ -1204,6 +1247,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param string $claimed_id + * @param Auth_OpenID_ServiceEndpoint[] $services + * @param Auth_OpenID_ServiceEndpoint[] $to_match_endpoints + * @return Auth_OpenID_FailureResponse|Auth_OpenID_ServiceEndpoint */ function _verifyDiscoveryServices($claimed_id, $services, $to_match_endpoints) @@ -1211,10 +1258,10 @@ class Auth_OpenID_GenericConsumer { // Search the services resulting from discovery to find one // that matches the information from the assertion + $result = null; foreach ($services as $endpoint) { foreach ($to_match_endpoints as $to_match_endpoint) { - $result = $this->_verifyDiscoverySingle($endpoint, - $to_match_endpoint); + $result = $this->_verifyDiscoverySingle($endpoint, $to_match_endpoint); if (!Auth_OpenID::isFailure($result)) { // It matches, so discover verification has @@ -1224,9 +1271,10 @@ class Auth_OpenID_GenericConsumer { } } + $message = $result instanceof Auth_OpenID_FailureResponse ? $result->message : ''; + return new Auth_OpenID_FailureResponse(null, - sprintf('No matching endpoint found after discovering %s: %s', - $claimed_id, $result->message)); + sprintf('No matching endpoint found after discovering %s: %s', $claimed_id, $message)); } /** @@ -1236,24 +1284,27 @@ class Auth_OpenID_GenericConsumer { * * See the openid1_nonce_query_arg_name class variable * - * @returns $nonce The nonce as a string or null + * @param Auth_OpenID_Message $message + * @return string The nonce as a string or null * * @access private */ - function _idResGetNonceOpenID1($message, $endpoint) + function _idResGetNonceOpenID1($message) { - return $message->getArg(Auth_OpenID_BARE_NS, - $this->openid1_nonce_query_arg_name); + return $message->getArg(Auth_OpenID_BARE_NS, $this->openid1_nonce_query_arg_name); } /** * @access private + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_FailureResponse|null */ function _idResCheckNonce($message, $endpoint) { if ($message->isOpenID1()) { // This indicates that the nonce was generated by the consumer - $nonce = $this->_idResGetNonceOpenID1($message, $endpoint); + $nonce = $this->_idResGetNonceOpenID1($message); $server_url = ''; } else { $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, @@ -1286,6 +1337,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_FailureResponse|mixed|null|string */ function _idResCheckForFields($message) { @@ -1339,6 +1392,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return bool */ function _checkAuth($message, $server_url) { @@ -1358,6 +1414,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_Message|null */ function _createCheckAuthRequest($message) { @@ -1378,6 +1436,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $response + * @param string $server_url + * @return bool */ function _processCheckAuthResponse($response, $server_url) { @@ -1402,11 +1463,11 @@ class Auth_OpenID_GenericConsumer { /** * Adapt a POST response to a Message. * - * @param $response Result of a POST to an OpenID endpoint. - * + * @param Auth_Yadis_HTTPResponse $response Result of a POST to an OpenID endpoint. * @access private + * @return Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ - static function _httpResponseToMessage($response, $server_url) + static function _httpResponseToMessage($response) { // Should this function be named Message.fromHTTPResponse instead? $response_message = Auth_OpenID_Message::fromKVForm($response->body); @@ -1423,6 +1484,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $message + * @param string $server_url + * @return Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _makeKVPost($message, $server_url) { @@ -1433,11 +1497,13 @@ class Auth_OpenID_GenericConsumer { return null; } - return $this->_httpResponseToMessage($resp, $server_url); + return $this->_httpResponseToMessage($resp); } /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_Association|Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _getAssociation($endpoint) { @@ -1453,8 +1519,7 @@ class Auth_OpenID_GenericConsumer { $assoc = $this->_negotiateAssociation($endpoint); if ($assoc !== null) { - $this->store->storeAssociation($endpoint->server_url, - $assoc); + $this->store->storeAssociation($endpoint->server_url, $assoc); } } @@ -1464,14 +1529,13 @@ class Auth_OpenID_GenericConsumer { /** * Handle ServerErrors resulting from association requests. * - * @return $result If server replied with an C{unsupported-type} + * @param $server_error + * @return array|null $result If server replied with an C{unsupported-type} * error, return a tuple of supported C{association_type}, * C{session_type}. Otherwise logs the error and returns null. - * * @access private */ - function _extractSupportedAssociationType($server_error, $endpoint, - $assoc_type) + function _extractSupportedAssociationType($server_error) { // Any error message whose code is not 'unsupported-type' // should be considered a total failure. @@ -1504,6 +1568,8 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @return Auth_OpenID_Association|null */ function _negotiateAssociation($endpoint) { @@ -1518,10 +1584,7 @@ class Auth_OpenID_GenericConsumer { } if (is_a($assoc, 'Auth_OpenID_ServerErrorContainer')) { - $why = $assoc; - - $supportedTypes = $this->_extractSupportedAssociationType( - $why, $endpoint, $assoc_type); + $supportedTypes = $this->_extractSupportedAssociationType($assoc); if ($supportedTypes !== null) { list($assoc_type, $session_type) = $supportedTypes; @@ -1553,6 +1616,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $assoc_type + * @param string $session_type + * @return Auth_OpenID_Association|Auth_OpenID_Message|Auth_OpenID_ServerErrorContainer|null */ function _requestAssociation($endpoint, $assoc_type, $session_type) { @@ -1574,6 +1641,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_Message $assoc_response + * @param Auth_OpenID_PlainTextConsumerSession $assoc_session + * @return Auth_OpenID_Association|Auth_OpenID_FailureResponse|null */ function _extractAssociation($assoc_response, $assoc_session) { @@ -1666,6 +1736,10 @@ class Auth_OpenID_GenericConsumer { /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $assoc_type + * @param string $session_type + * @return array|null */ function _createAssociateRequest($endpoint, $assoc_type, $session_type) { @@ -1673,6 +1747,7 @@ class Auth_OpenID_GenericConsumer { $session_type_class = $this->session_types[$session_type]; if (is_callable($session_type_class)) { + /** @var Auth_OpenID_PlainTextConsumerSession $assoc_session */ $assoc_session = $session_type_class(); } else { $assoc_session = new $session_type_class(); @@ -1712,7 +1787,8 @@ class Auth_OpenID_GenericConsumer { * return 'no-encryption' * * @access private - * @return $typ The association type for this message + * @param Auth_OpenID_Message $assoc_response + * @return string The association type for this message */ function _getOpenID1SessionType($assoc_response) { @@ -1756,21 +1832,23 @@ class Auth_OpenID_AuthRequest { * Users of this library should not create instances of this * class. Instances of this class are created by the library when * needed. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_Association $assoc */ function __construct($endpoint, $assoc) { $this->assoc = $assoc; $this->endpoint = $endpoint; $this->return_to_args = array(); - $this->message = new Auth_OpenID_Message( - $endpoint->preferredNamespace()); + $this->message = new Auth_OpenID_Message($endpoint->preferredNamespace()); $this->_anonymous = false; } /** * Add an extension to this checkid request. * - * $extension_request: An object that implements the extension + * @param Auth_OpenID_Extension $extension_request An object that implements the extension * request interface for adding arguments to an OpenID message. */ function addExtension($extension_request) @@ -1796,6 +1874,8 @@ class Auth_OpenID_AuthRequest { * * @param string $value The value to provide to the server for * this argument. + * + * @return Auth_OpenID_FailureResponse|bool|null|string */ function addExtensionArg($namespace, $key, $value) { @@ -1810,6 +1890,9 @@ class Auth_OpenID_AuthRequest { * * Anonymous requests are not allowed when the request is made * with OpenID 1. + * + * @param bool $is_anonymous + * @return bool */ function setAnonymous($is_anonymous) { @@ -1840,6 +1923,8 @@ class Auth_OpenID_AuthRequest { * engage the user before providing a response. This is the * default case, as the user may need to provide credentials or * approve the request before a positive response can be sent. + * + * @return Auth_OpenID_Message|Auth_OpenID_FailureResponse */ function getMessage($realm, $return_to=null, $immediate=false) { @@ -1933,6 +2018,12 @@ class Auth_OpenID_AuthRequest { * tag. 'accept-charset' and 'enctype' have defaults that can be * overridden. If a value is supplied for 'action' or 'method', it * will be replaced. + * + * @param string $realm + * @param null|string $return_to + * @param bool $immediate + * @param null|array $form_tag_attrs + * @return Auth_OpenID_FailureResponse|Auth_OpenID_Message|string */ function formMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) @@ -1943,8 +2034,7 @@ class Auth_OpenID_AuthRequest { return $message; } - return $message->toFormMarkup($this->endpoint->server_url, - $form_tag_attrs); + return $message->toFormMarkup($this->endpoint->server_url, $form_tag_attrs); } /** @@ -1952,6 +2042,12 @@ class Auth_OpenID_AuthRequest { * to the IDP. * * Wraps formMarkup. See the documentation for that function. + * + * @param string $realm + * @param string $return_to + * @param bool $immediate + * @param array $form_tag_attrs + * @return Auth_OpenID_FailureResponse|Auth_OpenID_Message|string */ function htmlMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) @@ -1977,8 +2073,17 @@ class Auth_OpenID_AuthRequest { * @package OpenID */ class Auth_OpenID_ConsumerResponse { - var $status = null; + public $status = null; + + /** @var null|string */ + public $identity_url = null; + /** @var Auth_OpenID_ServiceEndpoint */ + public $endpoint; + + /** + * @param Auth_OpenID_ServiceEndpoint|null $endpoint + */ function setEndpoint($endpoint) { $this->endpoint = $endpoint; @@ -2031,27 +2136,37 @@ class Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_SUCCESS; + public $status = Auth_OpenID_SUCCESS; + + /** @var array */ + public $signed_args = array(); + /** @var Auth_OpenID_Message */ + public $message; /** * @access private + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param Auth_OpenID_Message $message + * @param array|null $signed_args */ function __construct($endpoint, $message, $signed_args=null) { $this->endpoint = $endpoint; $this->identity_url = $endpoint->claimed_id; - $this->signed_args = $signed_args; $this->message = $message; - if ($this->signed_args === null) { - $this->signed_args = array(); + if ($this->signed_args !== null) { + $this->signed_args = $signed_args; } } /** * Extract signed extension data from the server's response. * - * @param string $prefix The extension namespace from which to + * @param $namespace_uri + * @param $require_signed + * @return array|Auth_OpenID_FailureResponse|null|string + * @internal param string $prefix The extension namespace from which to * extract the extension data. */ function extensionResponse($namespace_uri, $require_signed) @@ -2089,8 +2204,6 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { function getSignedNS($ns_uri) { - $args = array(); - $msg_args = $this->message->getArgs($ns_uri); if (Auth_OpenID::isFailure($msg_args)) { return null; @@ -2137,10 +2250,16 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_FailureResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_FAILURE; + public $status = Auth_OpenID_FAILURE; - function __construct($endpoint, $message = null, - $contact = null, $reference = null) + /** @var string */ + public $message; + + public $contact; + + public $reference; + + function __construct($endpoint, $message = null, $contact = null, $reference = null) { $this->setEndpoint($endpoint); $this->message = $message; @@ -2164,9 +2283,23 @@ class Auth_OpenID_TypeURIMismatch extends Auth_OpenID_FailureResponse { * @package OpenID */ class Auth_OpenID_ServerErrorContainer { - function __construct($error_text, - $error_code, - $message) + + /** @var Auth_OpenID_Message */ + private $message; + + /** @var string */ + private $error_code; + /** @var string */ + private $error_text; + + /** + * Auth_OpenID_ServerErrorContainer constructor. + * + * @param string $error_text + * @param string $error_code + * @param Auth_OpenID_Message $message + */ + function __construct($error_text, $error_code, $message) { $this->error_text = $error_text; $this->error_code = $error_code; @@ -2175,6 +2308,8 @@ class Auth_OpenID_ServerErrorContainer { /** * @access private + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_ServerErrorContainer */ static function fromMessage($message) { @@ -2200,8 +2335,13 @@ class Auth_OpenID_ServerErrorContainer { * @package OpenID */ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_CANCEL; + public $status = Auth_OpenID_CANCEL; + /** + * Auth_OpenID_CancelResponse constructor. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + */ function __construct($endpoint) { $this->setEndpoint($endpoint); @@ -2226,14 +2366,20 @@ class Auth_OpenID_CancelResponse extends Auth_OpenID_ConsumerResponse { * @package OpenID */ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse { - var $status = Auth_OpenID_SETUP_NEEDED; + public $status = Auth_OpenID_SETUP_NEEDED; - function __construct($endpoint, - $setup_url = null) + /** @var string */ + public $setup_url = ''; + + /** + * Auth_OpenID_SetupNeededResponse constructor. + * + * @param Auth_OpenID_ServiceEndpoint $endpoint + * @param string $setup_url + */ + function __construct($endpoint, $setup_url = null) { $this->setEndpoint($endpoint); $this->setup_url = $setup_url; } } - - diff --git a/plugins/openid/lib/Auth/OpenID/CryptUtil.php b/plugins/openid/lib/Auth/OpenID/CryptUtil.php index 3c60cea1..15c77f51 100644 --- a/plugins/openid/lib/Auth/OpenID/CryptUtil.php +++ b/plugins/openid/lib/Auth/OpenID/CryptUtil.php @@ -40,7 +40,6 @@ class Auth_OpenID_CryptUtil { static function getBytes($num_bytes) { static $f = null; - $bytes = ''; if ($f === null) { if (Auth_OpenID_RAND_SOURCE === null) { $f = false; @@ -72,7 +71,7 @@ class Auth_OpenID_CryptUtil { * * @param integer $length The length of the resulting * randomly-generated string - * @param string $chrs A string of characters from which to choose + * @param string|null $population A string of characters from which to choose * to build the new string * @return string $result A string of randomly-chosen characters * from $chrs diff --git a/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php b/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php index 0c7d08f9..b74f0afe 100644 --- a/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php +++ b/plugins/openid/lib/Auth/OpenID/DatabaseConnection.php @@ -50,6 +50,7 @@ class Auth_OpenID_DatabaseConnection { */ function query($sql, $params = array()) { + return null; } /** @@ -90,6 +91,7 @@ class Auth_OpenID_DatabaseConnection { */ function getOne($sql, $params = array()) { + return false; } /** @@ -103,11 +105,12 @@ class Auth_OpenID_DatabaseConnection { * @param array $params An array of parameters to insert into the * SQL string using this connection's escaping mechanism. * - * @return array $result The first row of the result set, if any, + * @return array|bool $result The first row of the result set, if any, * keyed on column name. False if no such result was found. */ function getRow($sql, $params = array()) { + return false; } /** @@ -125,6 +128,7 @@ class Auth_OpenID_DatabaseConnection { */ function getAll($sql, $params = array()) { + return array(); } } diff --git a/plugins/openid/lib/Auth/OpenID/DiffieHellman.php b/plugins/openid/lib/Auth/OpenID/DiffieHellman.php index 27759a52..fa334ed1 100644 --- a/plugins/openid/lib/Auth/OpenID/DiffieHellman.php +++ b/plugins/openid/lib/Auth/OpenID/DiffieHellman.php @@ -42,10 +42,11 @@ function Auth_OpenID_getDefaultGen() */ class Auth_OpenID_DiffieHellman { - var $mod; - var $gen; - var $private; - var $lib = null; + public $mod; + public $gen; + public $private; + /** @var Auth_OpenID_BcMathWrapper */ + public $lib = null; function __construct($mod = null, $gen = null, $private = null, $lib = null) diff --git a/plugins/openid/lib/Auth/OpenID/Discover.php b/plugins/openid/lib/Auth/OpenID/Discover.php index 569402e3..95c32f45 100644 --- a/plugins/openid/lib/Auth/OpenID/Discover.php +++ b/plugins/openid/lib/Auth/OpenID/Discover.php @@ -56,6 +56,7 @@ function Auth_OpenID_getOpenIDTypeName($type_uri) { case Auth_OpenID_RP_RETURN_TO_URL_TYPE: return 'OpenID relying party'; } + return 'unknown'; } /** @@ -235,11 +236,11 @@ class Auth_OpenID_ServiceEndpoint { return null; } - /* + /** * Create endpoints from a DiscoveryResult. * - * @param discoveryResult Auth_Yadis_DiscoveryResult - * @return array of Auth_OpenID_ServiceEndpoint or null if + * @param Auth_Yadis_DiscoveryResult $discoveryResult + * @return Auth_OpenID_ServiceEndpoint[]|null null if * endpoints cannot be created. */ static function fromDiscoveryResult($discoveryResult) @@ -305,6 +306,11 @@ class Auth_OpenID_ServiceEndpoint { } } +/** + * @param Auth_Yadis_Service $service + * @param array $type_uris + * @return bool|null + */ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) { // Extract a openid:Delegate value from a Yadis Service element. @@ -350,6 +356,10 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) return $local_id; } +/** + * @param Auth_Yadis_Service $service + * @return bool + */ function filter_MatchesAnyOpenIDType($service) { $uris = $service->getTypes(); @@ -363,6 +373,10 @@ function filter_MatchesAnyOpenIDType($service) return false; } +/** + * @param Auth_Yadis_Service $service + * @return bool + */ function filter_MatchesAnyOpenIDConsumerType(&$service) { $uris = $service->getTypes(); @@ -442,6 +456,11 @@ function Auth_OpenID_getOPOrUserServices($openid_services) } } +/** + * @param string $uri + * @param Auth_Yadis_Service[] $yadis_services + * @return array + */ function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services) { $s = array(); @@ -488,13 +507,10 @@ function Auth_OpenID_discoverWithYadis($uri, $fetcher, $discover_function = array('Auth_Yadis_Yadis', 'discover'); } - $openid_services = array(); - $response = call_user_func_array($discover_function, array($uri, $fetcher)); $yadis_url = $response->normalized_uri; - $yadis_services = array(); if ($response->isFailure() && !$response->isXRDS()) { return array($uri, array()); @@ -529,6 +545,11 @@ function Auth_OpenID_discoverURI($uri, $fetcher) return Auth_OpenID_discoverWithYadis($uri, $fetcher); } +/** + * @param string $uri + * @param Auth_Yadis_PlainHTTPFetcher $fetcher + * @return array + */ function Auth_OpenID_discoverWithoutYadis($uri, $fetcher) { $http_resp = @$fetcher->get($uri); @@ -571,6 +592,11 @@ function Auth_OpenID_discoverXRI($iname, $fetcher) return array($iname, $openid_services); } +/** + * @param string $uri + * @param Auth_Yadis_PlainHTTPFetcher $fetcher + * @return array + */ function Auth_OpenID_discover($uri, $fetcher) { // If the fetcher (i.e., PHP) doesn't support SSL, we can't do diff --git a/plugins/openid/lib/Auth/OpenID/DumbStore.php b/plugins/openid/lib/Auth/OpenID/DumbStore.php index b79bf658..01c7abff 100644 --- a/plugins/openid/lib/Auth/OpenID/DumbStore.php +++ b/plugins/openid/lib/Auth/OpenID/DumbStore.php @@ -32,6 +32,7 @@ require_once 'Auth/OpenID/HMAC.php'; * @package OpenID */ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { + protected $auth_key; /** * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security @@ -47,7 +48,7 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { * Each {@link Auth_OpenID_DumbStore} instance that is created for use by * your consumer site needs to use the same $secret_phrase. * - * @param string secret_phrase The phrase used to create the auth + * @param string $secret_phrase The phrase used to create the auth * key returned by getAuthKey */ function __construct($secret_phrase) @@ -57,6 +58,9 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation does nothing. + * + * @param string $server_url + * @param Auth_OpenID_Association $association */ function storeAssociation($server_url, $association) { @@ -64,6 +68,10 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation always returns null. + * + * @param string $server_url + * @param null $handle + * @return Auth_OpenID_Association|null */ function getAssociation($server_url, $handle = null) { @@ -72,6 +80,10 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { /** * This implementation always returns false. + * + * @param string $server_url + * @param string $handle + * @return bool|mixed */ function removeAssociation($server_url, $handle) { @@ -82,6 +94,11 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { * In a system truly limited to dumb mode, nonces must all be * accepted. This therefore always returns true, which makes * replay attacks feasible. + * + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function useNonce($server_url, $timestamp, $salt) { diff --git a/plugins/openid/lib/Auth/OpenID/Extension.php b/plugins/openid/lib/Auth/OpenID/Extension.php index 542a1da2..61d2f375 100644 --- a/plugins/openid/lib/Auth/OpenID/Extension.php +++ b/plugins/openid/lib/Auth/OpenID/Extension.php @@ -22,14 +22,17 @@ class Auth_OpenID_Extension { * ns_uri: The namespace to which to add the arguments for this * extension */ - var $ns_uri = null; - var $ns_alias = null; + public $ns_uri = null; + public $ns_alias = null; /** * Get the string arguments that should be added to an OpenID * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null */ - function getExtensionArgs() + function getExtensionArgs($request = null) { return null; } @@ -38,6 +41,10 @@ class Auth_OpenID_Extension { * Add the arguments from this extension to the provided message. * * Returns the message with the extension arguments added. + * + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_Request $request + * @return null */ function toMessage($message, $request = null) { diff --git a/plugins/openid/lib/Auth/OpenID/FileStore.php b/plugins/openid/lib/Auth/OpenID/FileStore.php index 730225e0..afeaf2b2 100644 --- a/plugins/openid/lib/Auth/OpenID/FileStore.php +++ b/plugins/openid/lib/Auth/OpenID/FileStore.php @@ -38,6 +38,13 @@ require_once 'Auth/OpenID/Nonce.php'; */ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { + protected $directory = ''; + protected $active = false; + protected $nonce_dir = ''; + protected $association_dir = ''; + protected $temp_dir = ''; + protected $max_nonce_age = 0; + /** * Initializes a new {@link Auth_OpenID_FileStore}. This * initializes the nonce and association directories, which are @@ -114,6 +121,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { } else { Auth_OpenID_FileStore::_removeIfPresent($name); } + return array(); } function cleanupNonces() @@ -145,6 +153,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * contain the domain name from the server URL for ease of human * inspection of the data directory. * + * @param string $server_url + * @param string $handle * @return string $filename */ function getAssociationFilename($server_url, $handle) @@ -178,6 +188,10 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * Store an association in the association directory. + * + * @param string $server_url + * @param Auth_OpenID_Association $association + * @return bool */ function storeAssociation($server_url, $association) { @@ -227,7 +241,9 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * Retrieve an association. If no handle is specified, return the * association with the most recent issue time. * - * @return mixed $association + * @param string $server_url + * @param string|null $handle + * @return Auth_OpenID_Association|mixed|null */ function getAssociation($server_url, $handle = null) { @@ -282,7 +298,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { // return the most recently issued one. if ($matching_associations) { - list($issued, $assoc) = $matching_associations[0]; + list(, $assoc) = $matching_associations[0]; return $assoc; } else { return null; @@ -292,6 +308,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $filename + * @return Auth_OpenID_Association|null */ function _getAssociation($filename) { @@ -342,6 +360,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * Remove an association if it exists. Do nothing if it does not. * + * @param string $server_url + * @param string $handle * @return bool $success */ function removeAssociation($server_url, $handle) @@ -364,6 +384,9 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * Return whether this nonce is present. As a side effect, mark it * as no longer present. * + * @param string $server_url + * @param int $timestamp + * @param string $salt * @return bool $present */ function useNonce($server_url, $timestamp, $salt) @@ -466,6 +489,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; + /** @var Auth_OpenID_Association $assoc */ if ($assoc->getExpiresIn() == 0) { Auth_OpenID_FileStore::_removeIfPresent($assoc_filename); } @@ -474,6 +498,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool */ function _rmtree($dir) { @@ -512,6 +538,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool|string */ function _mkstemp($dir) { @@ -527,6 +555,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return bool|string */ static function _mkdtemp($dir) { @@ -544,6 +574,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $dir + * @return array */ function _listdir($dir) { @@ -559,6 +591,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $char + * @return bool */ function _isFilenameSafe($char) { @@ -569,6 +603,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $str + * @return mixed|string */ function _safe64($str) { @@ -581,6 +617,8 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $str + * @return string */ function _filenameEscape($str) { @@ -603,6 +641,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { * the time of the call. * * @access private + * @param string $filename * @return bool $result True if the file was present, false if not. */ function _removeIfPresent($filename) @@ -615,6 +654,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { $removed = 0; foreach ($this->_allAssocs() as $pair) { list($assoc_filename, $assoc) = $pair; + /** @var Auth_OpenID_Association $assoc */ if ($assoc->getExpiresIn() == 0) { $this->_removeIfPresent($assoc_filename); $removed += 1; diff --git a/plugins/openid/lib/Auth/OpenID/HMAC.php b/plugins/openid/lib/Auth/OpenID/HMAC.php index e6c4bdfd..d83a1569 100644 --- a/plugins/openid/lib/Auth/OpenID/HMAC.php +++ b/plugins/openid/lib/Auth/OpenID/HMAC.php @@ -43,6 +43,7 @@ function Auth_OpenID_SHA1($text) } else { // Explode. trigger_error('No SHA1 function found', E_USER_ERROR); + return false; } } @@ -57,7 +58,7 @@ function Auth_OpenID_SHA1($text) function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { - $key = Auth_OpenID_SHA1($key, true); + $key = Auth_OpenID_SHA1($key); } if (function_exists('hash_hmac') && @@ -70,8 +71,8 @@ function Auth_OpenID_HMACSHA1($key, $text) $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); - $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); - $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); + $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text); + $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1); return $hmac; } diff --git a/plugins/openid/lib/Auth/OpenID/Interface.php b/plugins/openid/lib/Auth/OpenID/Interface.php index eca6b9c5..a8a335d5 100644 --- a/plugins/openid/lib/Auth/OpenID/Interface.php +++ b/plugins/openid/lib/Auth/OpenID/Interface.php @@ -39,15 +39,14 @@ class Auth_OpenID_OpenIDStore { * particular, expect to see unescaped non-url-safe characters in * the server_url field. * - * @param Association $association The Association to store. + * @param Auth_OpenID_Association $association The Association to store. */ function storeAssociation($server_url, $association) { - trigger_error("Auth_OpenID_OpenIDStore::storeAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::storeAssociation not implemented", E_USER_ERROR); } - /* + /** * Remove expired nonces from the store. * * Discards any nonce from storage that is old enough that its @@ -57,40 +56,40 @@ class Auth_OpenID_OpenIDStore { * library. It provides a way for store admins to keep their * storage from filling up with expired data. * - * @return the number of nonces expired + * @return int the number of nonces expired */ function cleanupNonces() { - trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::cleanupNonces not implemented", E_USER_ERROR); + return 0; } - /* + /** * Remove expired associations from the store. * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. * - * @return the number of associations expired. + * @return int the number of associations expired. */ function cleanupAssociations() { - trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::cleanupAssociations not implemented", E_USER_ERROR); + return 0; } - /* + /** * Shortcut for cleanupNonces(), cleanupAssociations(). * * This method is not called in the normal operation of the * library. It provides a way for store admins to keep their * storage from filling up with expired data. + * @return array */ function cleanup() { - return array($this->cleanupNonces(), - $this->cleanupAssociations()); + return array($this->cleanupNonces(), $this->cleanupAssociations()); } /** @@ -128,13 +127,12 @@ class Auth_OpenID_OpenIDStore { * provided, any valid association matching the server URL is * returned. * - * @return Association The Association for the given identity - * server. + * @return Auth_OpenID_Association The Association for the given identity server. */ function getAssociation($server_url, $handle = null) { - trigger_error("Auth_OpenID_OpenIDStore::getAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::getAssociation not implemented", E_USER_ERROR); + return null; } /** @@ -157,8 +155,8 @@ class Auth_OpenID_OpenIDStore { */ function removeAssociation($server_url, $handle) { - trigger_error("Auth_OpenID_OpenIDStore::removeAssociation ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::removeAssociation not implemented", E_USER_ERROR); + return null; } /** @@ -176,14 +174,15 @@ class Auth_OpenID_OpenIDStore { * storeNonce call. (storeNonce is no longer part of the * interface. * - * @param string $nonce The nonce to use. - * + * @param string $server_url + * @param int $timestamp + * @param string $salt * @return bool Whether or not the nonce was valid. */ function useNonce($server_url, $timestamp, $salt) { - trigger_error("Auth_OpenID_OpenIDStore::useNonce ". - "not implemented", E_USER_ERROR); + trigger_error("Auth_OpenID_OpenIDStore::useNonce not implemented", E_USER_ERROR); + return false; } /** @@ -192,5 +191,4 @@ class Auth_OpenID_OpenIDStore { function reset() { } - } diff --git a/plugins/openid/lib/Auth/OpenID/KVForm.php b/plugins/openid/lib/Auth/OpenID/KVForm.php index dd02661d..f7806533 100644 --- a/plugins/openid/lib/Auth/OpenID/KVForm.php +++ b/plugins/openid/lib/Auth/OpenID/KVForm.php @@ -25,6 +25,9 @@ class Auth_OpenID_KVForm { * * @static * @access private + * @param string $kvs + * @param bool $strict + * @return array|bool */ static function toArray($kvs, $strict=false) { @@ -77,6 +80,8 @@ class Auth_OpenID_KVForm { * * @static * @access private + * @param null|array $values + * @return null|string */ static function fromArray($values) { diff --git a/plugins/openid/lib/Auth/OpenID/MemcachedStore.php b/plugins/openid/lib/Auth/OpenID/MemcachedStore.php index 10785860..5badd0ab 100644 --- a/plugins/openid/lib/Auth/OpenID/MemcachedStore.php +++ b/plugins/openid/lib/Auth/OpenID/MemcachedStore.php @@ -22,10 +22,10 @@ require_once 'Auth/OpenID/Interface.php'; /** * This is a memcached-based store for OpenID associations and - * nonces. - * - * As memcache has limit of 250 chars for key length, - * server_url, handle and salt are hashed with sha1(). + * nonces. + * + * As memcache has limit of 250 chars for key length, + * server_url, handle and salt are hashed with sha1(). * * Most of the methods of this class are implementation details. * People wishing to just use this store need only pay attention to @@ -34,12 +34,18 @@ require_once 'Auth/OpenID/Interface.php'; * @package OpenID */ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { + /** @var int */ + private $compress = 0; + + /** @var Memcache */ + private $connection; /** * Initializes a new {@link Auth_OpenID_MemcachedStore} instance. * Just saves memcached object as property. * - * @param resource connection Memcache connection resourse + * @param Memcache $connection Memcache connection resource + * @param bool $compress */ function __construct($connection, $compress = false) { @@ -48,29 +54,32 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { } /** - * Store association until its expiration time in memcached. - * Overwrites any existing association with same server_url and - * handle. Handles list of associations for every server. + * Store association until its expiration time in memcached. + * Overwrites any existing association with same server_url and + * handle. Handles list of associations for every server. + * + * @param string $server_url + * @param Auth_OpenID_Association $association */ function storeAssociation($server_url, $association) { - // create memcached keys for association itself + // create memcached keys for association itself // and list of associations for this server - $associationKey = $this->associationKey($server_url, + $associationKey = $this->associationKey($server_url, $association->handle); $serverKey = $this->associationServerKey($server_url); - - // get list of associations + + // get list of associations $serverAssociations = $this->connection->get($serverKey); - + // if no such list, initialize it with empty array if (!$serverAssociations) { $serverAssociations = array(); } // and store given association key in it $serverAssociations[$association->issued] = $associationKey; - - // save associations' keys list + + // save associations' keys list $this->connection->set( $serverKey, $serverAssociations, @@ -79,14 +88,18 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { // save association itself $this->connection->set( $associationKey, - $association, - $this->compress, + $association, + $this->compress, $association->issued + $association->lifetime); } /** - * Read association from memcached. If no handle given + * Read association from memcached. If no handle given * and multiple associations found, returns latest issued + * + * @param string $server_url + * @param null $handle + * @return Auth_OpenID_Association|null */ function getAssociation($server_url, $handle = null) { @@ -97,23 +110,23 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { $this->associationKey($server_url, $handle)); return $association ? $association : null; } - + // no handle given, working with list // create key for list of associations $serverKey = $this->associationServerKey($server_url); - + // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return null; } - + // get key of most recently issued association $keys = array_keys($serverAssociations); sort($keys); $lastKey = $serverAssociations[array_pop($keys)]; - + // get association, return null if failed $association = $this->connection->get($lastKey); return $association ? $association : null; @@ -121,32 +134,36 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { /** * Immediately delete association from memcache. + * + * @param string $server_url + * @param string $handle + * @return bool|mixed */ function removeAssociation($server_url, $handle) { - // create memcached keys for association itself + // create memcached keys for association itself // and list of associations for this server $serverKey = $this->associationServerKey($server_url); - $associationKey = $this->associationKey($server_url, + $associationKey = $this->associationKey($server_url, $handle); - + // get list of associations $serverAssociations = $this->connection->get($serverKey); // return null if failed or got empty list if (!$serverAssociations) { return false; } - + // ensure that given association key exists in list $serverAssociations = array_flip($serverAssociations); if (!array_key_exists($associationKey, $serverAssociations)) { return false; } - + // remove given association key from list unset($serverAssociations[$associationKey]); $serverAssociations = array_flip($serverAssociations); - + // save updated list $this->connection->set( $serverKey, @@ -154,48 +171,60 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { $this->compress ); - // delete association + // delete association return $this->connection->delete($associationKey); } /** - * Create nonce for server and salt, expiring after + * Create nonce for server and salt, expiring after * $Auth_OpenID_SKEW seconds. + * + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function useNonce($server_url, $timestamp, $salt) { global $Auth_OpenID_SKEW; - - // save one request to memcache when nonce obviously expired + + // save one request to memcache when nonce obviously expired if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { return false; } - + // returns false when nonce already exists // otherwise adds nonce return $this->connection->add( - 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), - 1, // any value here - $this->compress, + 'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), + 1, // any value here + $this->compress, $Auth_OpenID_SKEW); } - + /** - * Memcache key is prefixed with 'openid_association_' string. + * Memcache key is prefixed with 'openid_association_' string. + * + * @param string $server_url + * @param null $handle + * @return string */ - function associationKey($server_url, $handle = null) + function associationKey($server_url, $handle = null) { return 'openid_association_' . sha1($server_url) . '_' . sha1($handle); } - + /** - * Memcache key is prefixed with 'openid_association_' string. + * Memcache key is prefixed with 'openid_association_' string. + * + * @param string $server_url + * @return string */ - function associationServerKey($server_url) + function associationServerKey($server_url) { return 'openid_association_server_' . sha1($server_url); } - + /** * Report that this storage doesn't support cleanup */ diff --git a/plugins/openid/lib/Auth/OpenID/Message.php b/plugins/openid/lib/Auth/OpenID/Message.php index 41a8a316..f2cbb3b6 100644 --- a/plugins/openid/lib/Auth/OpenID/Message.php +++ b/plugins/openid/lib/Auth/OpenID/Message.php @@ -74,6 +74,10 @@ $Auth_OpenID_registered_aliases = array(); * namespace URI or alias has already been registered with a different * value. This function is required if you want to use a namespace * with an OpenID 1 message. + * + * @param string $namespace_uri + * @param string $alias + * @return bool */ function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias) { @@ -101,6 +105,10 @@ function Auth_OpenID_registerNamespaceAlias($namespace_uri, $alias) * Removes a (namespace_uri, alias) registration from the global * namespace alias map. Returns true if the removal succeeded; false * if not (if the mapping did not exist). + * + * @param string $namespace_uri + * @param string $alias + * @return bool */ function Auth_OpenID_removeNamespaceAlias($namespace_uri, $alias) { @@ -126,6 +134,8 @@ class Auth_OpenID_Mapping { /** * Initialize a mapping. If $classic_array is specified, its keys * and values are used to populate the mapping. + * + * @param array|null $classic_array */ function __construct($classic_array = null) { @@ -142,6 +152,9 @@ class Auth_OpenID_Mapping { /** * Returns true if $thing is an Auth_OpenID_Mapping object; false * if not. + * + * @param Auth_OpenID_Mapping $thing + * @return bool */ static function isA($thing) { @@ -190,6 +203,9 @@ class Auth_OpenID_Mapping { /** * Sets a key-value pair in the mapping. If the key already * exists, its value is replaced with the new value. + * + * @param string $key + * @param mixed $value */ function set($key, $value) { @@ -207,6 +223,10 @@ class Auth_OpenID_Mapping { * Gets a specified value from the mapping, associated with the * specified key. If the key does not exist in the mapping, * $default is returned instead. + * + * @param string $key + * @param mixed $default + * @return mixed|null */ function get($key, $default = null) { @@ -244,6 +264,9 @@ class Auth_OpenID_Mapping { /** * Deletes a key-value pair from the mapping with the specified * key. + * + * @param string $key + * @return bool */ function del($key) { @@ -261,6 +284,9 @@ class Auth_OpenID_Mapping { /** * Returns true if the specified value has a key in the mapping; * false if not. + * + * @param string $value + * @return bool */ function contains($value) { @@ -442,6 +468,10 @@ class Auth_OpenID_Message { return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS; } + /** + * @param array $args + * @return Auth_OpenID_Message|null + */ static function fromPostArgs($args) { // Construct a Message containing a set of POST arguments @@ -457,6 +487,7 @@ class Auth_OpenID_Message { $parts = explode('.', $key, 2); + $rest = ''; if (count($parts) == 2) { list($prefix, $rest) = $parts; } else { @@ -492,11 +523,11 @@ class Auth_OpenID_Message { /** * @access private + * @param Auth_OpenID_Mapping|array $openid_args + * @return bool */ function _fromOpenIDArgs($openid_args) { - global $Auth_OpenID_registered_aliases; - // Takes an Auth_OpenID_Mapping instance OR an array. if (!Auth_OpenID_Mapping::isA($openid_args)) { @@ -601,6 +632,9 @@ class Auth_OpenID_Message { Auth_OpenID_KVForm::toArray($kvform_string)); } + /** + * @return Auth_OpenID_Message + */ function copy() { return $this; @@ -657,8 +691,13 @@ class Auth_OpenID_Message { return $kvargs; } - function toFormMarkup($action_url, $form_tag_attrs = null, - $submit_text = "Continue") + /** + * @param string $action_url + * @param null|array $form_tag_attrs + * @param string $submit_text + * @return string + */ + function toFormMarkup($action_url, $form_tag_attrs = null, $submit_text = "Continue") { $form = "<form accept-charset=\"UTF-8\" ". "enctype=\"application/x-www-form-urlencoded\""; @@ -725,6 +764,8 @@ class Auth_OpenID_Message { /** * @access private + * @param string $namespace + * @return Auth_OpenID_FailureResponse|null|string */ function _fixNS($namespace) { @@ -802,6 +843,12 @@ class Auth_OpenID_Message { return 'openid.' . $tail; } + /** + * @param string $namespace + * @param string $key + * @param mixed $default + * @return Auth_OpenID_FailureResponse|mixed|null|string + */ function getArg($namespace, $key, $default = null) { // Get a value for a namespaced key. @@ -894,6 +941,7 @@ class Auth_OpenID_Message { $parts = explode('.', $aliased_key, 2); + $key = null; if (count($parts) != 2) { $ns = null; } else { diff --git a/plugins/openid/lib/Auth/OpenID/Nonce.php b/plugins/openid/lib/Auth/OpenID/Nonce.php index b83c5911..41bb3c32 100644 --- a/plugins/openid/lib/Auth/OpenID/Nonce.php +++ b/plugins/openid/lib/Auth/OpenID/Nonce.php @@ -37,7 +37,7 @@ function Auth_OpenID_splitNonce($nonce_string) return null; } - list($unused, + list(, $tm_year, $tm_mon, $tm_mday, diff --git a/plugins/openid/lib/Auth/OpenID/PAPE.php b/plugins/openid/lib/Auth/OpenID/PAPE.php index a910fd69..f3db7774 100644 --- a/plugins/openid/lib/Auth/OpenID/PAPE.php +++ b/plugins/openid/lib/Auth/OpenID/PAPE.php @@ -34,8 +34,11 @@ define('PAPE_TIME_VALIDATOR', */ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { - var $ns_alias = 'pape'; - var $ns_uri = Auth_OpenID_PAPE_NS_URI; + public $ns_alias = 'pape'; + public $ns_uri = Auth_OpenID_PAPE_NS_URI; + + private $max_auth_age = 0; + private $preferred_auth_policies = array(); function __construct($preferred_auth_policies=null, $max_auth_age=null) @@ -56,6 +59,8 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { * * policy_uri: The identifier for the preferred type of * authentication. + * + * @param string $policy_uri */ function addPolicyURI($policy_uri) { @@ -64,7 +69,14 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { } } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { $ns_args = array( 'preferred_auth_policies' => @@ -81,6 +93,9 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { /** * Instantiate a Request object from the arguments in a checkid_* * OpenID message + * + * @param Auth_OpenID_Request $request + * @return Auth_OpenID_PAPE_Request|null */ static function fromOpenIDRequest($request) { @@ -158,8 +173,12 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { */ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { - var $ns_alias = 'pape'; - var $ns_uri = Auth_OpenID_PAPE_NS_URI; + public $ns_alias = 'pape'; + public $ns_uri = Auth_OpenID_PAPE_NS_URI; + + private $auth_time = 0; + private $nist_auth_level = 0; + private $auth_policies = array(); function __construct($auth_policies=null, $auth_time=null, $nist_auth_level=null) @@ -195,10 +214,10 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { * Create an Auth_OpenID_PAPE_Response object from a successful * OpenID library response. * - * @param success_response $success_response A SuccessResponse + * @param Auth_OpenID_SuccessResponse $success_response A SuccessResponse * from Auth_OpenID_Consumer::complete() * - * @returns: A provider authentication policy response from the + * @return Auth_OpenID_PAPE_Response A provider authentication policy response from the * data that was supplied with the id_res response. */ static function fromSuccessResponse($success_response) @@ -225,13 +244,13 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { * Parse the provider authentication policy arguments into the * internal state of this object * - * @param args: unqualified provider authentication policy + * @param array $args unqualified provider authentication policy * arguments * - * @param strict: Whether to return false when bad data is + * @param bool $strict Whether to return false when bad data is * encountered * - * @return null The data is parsed into the internal fields of + * @return null|bool The data is parsed into the internal fields of * this object. */ function parseExtensionArgs($args, $strict=false) @@ -268,9 +287,17 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { return false; } } + return null; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { $ns_args = array(); if (count($this->auth_policies) > 0) { diff --git a/plugins/openid/lib/Auth/OpenID/Parse.php b/plugins/openid/lib/Auth/OpenID/Parse.php index 9c0a255e..2e830e9c 100644 --- a/plugins/openid/lib/Auth/OpenID/Parse.php +++ b/plugins/openid/lib/Auth/OpenID/Parse.php @@ -89,24 +89,24 @@ class Auth_OpenID_Parse { /** * Specify some flags for use with regex matching. */ - var $_re_flags = "si"; + public $_re_flags = "si"; /** * Stuff to remove before we start looking for tags */ - var $_removed_re = + public $_removed_re = "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>"; /** * Starts with the tag name at a word boundary, where the tag name * is not a namespace */ - var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))"; + public $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))"; - var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)'; + public $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)'; - var $_open_tag_expr = "<%s\b"; - var $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>"; + public $_open_tag_expr = "<%s\b"; + public $_close_tag_expr = "<((\/%s\b)|(%s[^>\/]*\/))>"; function __construct() { @@ -136,6 +136,10 @@ class Auth_OpenID_Parse { /** * Returns a regular expression that will match a given tag in an * SGML string. + * + * @param string $tag_name + * @param array $close_tags + * @return string */ function tagMatcher($tag_name, $close_tags = null) { @@ -215,24 +219,13 @@ class Auth_OpenID_Parse { return $str; } } - + function match($regexp, $text, &$match) { - if (!is_callable('mb_ereg_search_init')) { - if (!preg_match($regexp, $text, $match)) { - return false; - } - $match = $match[0]; - return true; + if (preg_match($regexp, $text, $match)) { + return true; } - - $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags)); - mb_ereg_search_init($text); - if (!mb_ereg_search($regexp)) { - return false; - } - $match = mb_ereg_search_getregs(); - return true; + return false; } /** diff --git a/plugins/openid/lib/Auth/OpenID/SQLStore.php b/plugins/openid/lib/Auth/OpenID/SQLStore.php index a9e2ad53..9069771e 100644 --- a/plugins/openid/lib/Auth/OpenID/SQLStore.php +++ b/plugins/openid/lib/Auth/OpenID/SQLStore.php @@ -56,12 +56,27 @@ require_once 'Auth/OpenID/Nonce.php'; */ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { + /** @var string */ + protected $associations_table_name = ''; + + /** @var string */ + protected $nonces_table_name = ''; + + /** @var Auth_OpenID_DatabaseConnection|db_common */ + protected $connection; + + /** @var int */ + protected $max_nonce_age = 0; + + /** @var array */ + protected $sql = array(); + /** * This creates a new SQLStore instance. It requires an * established database connection be given to it, and it allows * overriding the default table names. * - * @param connection $connection This must be an established + * @param Auth_OpenID_DatabaseConnection $connection This must be an established * connection to a database of the correct type for the SQLStore * subclass you're using. This must either be an PEAR DB * connection handle or an instance of a subclass of @@ -75,9 +90,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * the name of the table used for storing nonces. The default * value is 'oid_nonces'. */ - function __construct($connection, - $associations_table = null, - $nonces_table = null) + function __construct($connection, $associations_table = null, $nonces_table = null) { $this->associations_table_name = "oid_associations"; $this->nonces_table_name = "oid_nonces"; @@ -317,6 +330,13 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $handle + * @param string $secret + * @param string $issued + * @param int $lifetime + * @param string $assoc_type + * @return mixed */ function _set_assoc($server_url, $handle, $secret, $issued, $lifetime, $assoc_type) @@ -350,6 +370,9 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $handle + * @return array|bool|null */ function _get_assoc($server_url, $handle) { @@ -364,6 +387,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @return array */ function _get_assocs($server_url) { @@ -440,7 +465,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { $associations); // return the most recently issued one. - list($issued, $assoc) = $associations[0]; + list($assoc) = $associations[0]; return $assoc; } else { return null; @@ -450,6 +475,10 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { /** * @access private + * @param string $server_url + * @param int $timestamp + * @param string $salt + * @return bool */ function _add_nonce($server_url, $timestamp, $salt) { @@ -482,6 +511,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * PostgreSQL BYTEA fields. * * @access private + * @param string $str + * @return string */ function _octify($str) { @@ -504,6 +535,8 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { * resulting ASCII (possibly binary) string. * * @access private + * @param string $str + * @return string */ function _unoctify($str) { @@ -546,8 +579,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { function cleanupAssociations() { - $this->connection->query($this->sql['clean_assoc'], - array(time())); + $this->connection->query($this->sql['clean_assoc'], array(time())); $num = $this->connection->affectedRows(); $this->connection->commit(); return $num; diff --git a/plugins/openid/lib/Auth/OpenID/SReg.php b/plugins/openid/lib/Auth/OpenID/SReg.php index ae1eb91a..78259f3a 100644 --- a/plugins/openid/lib/Auth/OpenID/SReg.php +++ b/plugins/openid/lib/Auth/OpenID/SReg.php @@ -61,6 +61,9 @@ $Auth_OpenID_sreg_data_fields = array( /** * Check to see that the given value is a valid simple registration * data field name. Return true if so, false if not. + * + * @param string $field_name + * @return bool */ function Auth_OpenID_checkFieldName($field_name) { @@ -91,8 +94,9 @@ Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg'); * Does the given endpoint advertise support for simple * registration? * - * $endpoint: The endpoint object as returned by OpenID discovery. + * @param Auth_OpenID_ServiceEndpoint $endpoint The endpoint object as returned by OpenID discovery. * returns whether an sreg type was advertised by the endpoint + * @return bool */ function Auth_OpenID_supportsSReg($endpoint) { @@ -121,6 +125,8 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension { * namespace. * * @access private + * @param Auth_OpenID_Message $message + * @return mixed|null|string */ static function _getSRegNS($message) { @@ -168,16 +174,31 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension { */ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { - var $ns_alias = 'sreg'; + /** @var string */ + public $ns_alias = 'sreg'; + /** @var array */ + public $required = array(); + /** @var array */ + public $optional = array(); + /** @var string */ + public $policy_url = ''; /** * Initialize an empty simple registration request. + * + * @param null $required + * @param null $optional + * @param null $policy_url + * @param string $sreg_ns_uri + * @param string $cls + * @return null */ static function build($required=null, $optional=null, $policy_url=null, $sreg_ns_uri=Auth_OpenID_SREG_NS_URI, $cls='Auth_OpenID_SRegRequest') { + /** @var Auth_OpenID_SRegRequest $obj */ $obj = new $cls(); $obj->required = array(); @@ -212,6 +233,10 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * Used for testing. * * Returns the newly created simple registration request + * + * @param Auth_OpenID_Request $request + * @param string $cls + * @return Auth_OpenID_SRegRequest|null */ static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest') { @@ -258,6 +283,10 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * strict: Whether requests with fields that are not defined in * the simple registration specification should be tolerated (and * ignored) + * + * @param array $args + * @param bool $strict + * @return bool */ function parseExtensionArgs($args, $strict=false) { @@ -299,6 +328,9 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { /** * Was this field in the request? + * + * @param string $field_name + * @return bool */ function contains($field_name) { @@ -316,6 +348,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * * strict: whether to raise an exception when a field is added to * a request more than once + * + * @param string $field_name + * @param bool $required + * @param bool $strict + * @return bool */ function requestField($field_name, $required=false, $strict=false) @@ -362,6 +399,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * * strict: whether to raise an exception when a field is added to * a request more than once + * + * @param string $field_names + * @param bool $required + * @param bool $strict + * @return bool */ function requestFields($field_names, $required=false, $strict=false) { @@ -370,7 +412,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { } foreach ($field_names as $field_name) { - if (!$this->requestField($field_name, $required, $strict=$strict)) { + if (!$this->requestField($field_name, $required, $strict)) { return false; } } @@ -385,8 +427,11 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * This method is essentially the inverse of * C{L{parseExtensionArgs}}. This method serializes the simple * registration request fields. + * + * @param Auth_OpenID_Request|null $request + * @return array|null */ - function getExtensionArgs() + function getExtensionArgs($request = null) { $args = array(); @@ -416,14 +461,15 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { */ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { - var $ns_alias = 'sreg'; + /** @var string */ + public $ns_alias = 'sreg'; - function __construct($data=null, - $sreg_ns_uri=Auth_OpenID_SREG_NS_URI) + /** @var array */ + public $data = array(); + + function __construct($data=null, $sreg_ns_uri=Auth_OpenID_SREG_NS_URI) { - if ($data === null) { - $this->data = array(); - } else { + if ($data !== null) { $this->data = $data; } @@ -441,6 +487,10 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * dictionary from unqualified simple registration field name to * string (unicode) value. For instance, the nickname should be * stored under the key 'nickname'. + * + * @param Auth_OpenID_SRegRequest $request + * @param array $data + * @return Auth_OpenID_SRegResponse */ static function extractResponse($request, $data) { @@ -470,6 +520,10 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * * Returns a simple registration response containing the data that * was supplied with the C{id_res} response. + * + * @param Auth_OpenID_SuccessResponse $success_response + * @param bool $signed_only + * @return Auth_OpenID_SRegResponse|null */ static function fromSuccessResponse($success_response, $signed_only=true) { @@ -497,7 +551,14 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { return $obj; } - function getExtensionArgs() + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + * + * @param Auth_OpenID_Request|null $request + * @return null + */ + function getExtensionArgs($request = null) { return $this->data; } diff --git a/plugins/openid/lib/Auth/OpenID/Server.php b/plugins/openid/lib/Auth/OpenID/Server.php index 5984c002..df8550a0 100644 --- a/plugins/openid/lib/Auth/OpenID/Server.php +++ b/plugins/openid/lib/Auth/OpenID/Server.php @@ -2,7 +2,7 @@ /** * OpenID server protocol and logic. - * + * * Overview * * An OpenID server must perform three tasks: @@ -10,7 +10,7 @@ * 1. Examine the incoming request to determine its nature and validity. * 2. Make a decision about how to respond to this request. * 3. Format the response according to the protocol. - * + * * The first and last of these tasks may performed by the {@link * Auth_OpenID_Server::decodeRequest()} and {@link * Auth_OpenID_Server::encodeResponse} methods. Who gets to do the @@ -37,7 +37,7 @@ * {@link Auth_OpenID_Server::handleRequest()}. * * OpenID Extensions - * + * * Do you want to provide other information for your users in addition * to authentication? Version 1.2 of the OpenID protocol allows * consumers to add extensions to their requests. For example, with @@ -131,6 +131,9 @@ define('Auth_OpenID_ENCODE_HTML_FORM', 'HTML form'); /** * @access private + * @param object|string $obj + * @param string $cls + * @return bool */ function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError') { @@ -145,8 +148,26 @@ function Auth_OpenID_isError($obj, $cls = 'Auth_OpenID_ServerError') * @package OpenID */ class Auth_OpenID_ServerError { + + /** @var Auth_OpenID_Message|null */ + private $message = null; + + /** @var null|string */ + private $text; + + /** @var null|string */ + private $contact; + + /** @var null|string */ + private $reference; + /** - * @access private + * Auth_OpenID_ServerError constructor. + * + * @param Auth_OpenID_Message $message + * @param string $text + * @param string $reference + * @param string $contact */ function __construct($message = null, $text = null, $reference = null, $contact = null) @@ -310,6 +331,9 @@ class Auth_OpenID_NoReturnToError extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_MalformedReturnURL extends Auth_OpenID_ServerError { + + private $return_to; + function __construct($message, $return_to) { $this->return_to = $return_to; @@ -341,7 +365,20 @@ class Auth_OpenID_MalformedTrustRoot extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_Request { - var $mode = null; + + public $mode = null; + + /** @var Auth_OpenID_Message|null */ + public $message = null; + + /** + * The OpenID namespace for this request. + * deprecated since version 2.0.2 + */ + public $namespace = ''; + + /** @var string */ + public $return_to = ''; } /** @@ -350,11 +387,15 @@ class Auth_OpenID_Request { * @package OpenID */ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { - var $mode = "check_authentication"; - var $invalidate_handle = null; + public $mode = "check_authentication"; + public $invalidate_handle = null; + + private $sig = ''; + private $assoc_handle = ''; + private $signed = ''; + - function __construct($assoc_handle, $signed, - $invalidate_handle = null) + function __construct($assoc_handle, $signed, $invalidate_handle = null) { $this->assoc_handle = $assoc_handle; $this->signed = $signed; @@ -362,27 +403,26 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { $this->invalidate_handle = $invalidate_handle; } $this->namespace = Auth_OpenID_OPENID2_NS; - $this->message = null; } - static function fromMessage($message, $server=null) + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_CheckAuthRequest|Auth_OpenID_ServerError + */ + static function fromMessage($message) { $required_keys = array('assoc_handle', 'sig', 'signed'); foreach ($required_keys as $k) { if (!$message->getArg(Auth_OpenID_OPENID_NS, $k)) { return new Auth_OpenID_ServerError($message, - sprintf("%s request missing required parameter %s from \ - query", "check_authentication", $k)); + sprintf("%s request missing required parameter %s from query", "check_authentication", $k)); } } $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); - $signed_list = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); - $signed_list = explode(",", $signed_list); - $signed = $message; if ($signed->hasKey(Auth_OpenID_OPENID_NS, 'mode')) { $signed->setArg(Auth_OpenID_OPENID_NS, 'mode', 'id_res'); @@ -396,6 +436,10 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { return $result; } + /** + * @param Auth_OpenID_Signatory $signatory + * @return Auth_OpenID_ServerResponse + */ function answer($signatory) { $is_valid = $signatory->verify($this->assoc_handle, $this->signed); @@ -432,11 +476,11 @@ class Auth_OpenID_PlainTextServerSession { * An object that knows how to handle association requests with no * session type. */ - var $session_type = 'no-encryption'; - var $needs_math = false; - var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); + public $session_type = 'no-encryption'; + public $needs_math = false; + public $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); - static function fromMessage($unused_request) + static function fromMessage() { return new Auth_OpenID_PlainTextServerSession(); } @@ -458,17 +502,32 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { * the Diffie-Hellman session type. */ - var $session_type = 'DH-SHA1'; - var $needs_math = true; - var $allowed_assoc_types = array('HMAC-SHA1'); - var $hash_func = 'Auth_OpenID_SHA1'; + public $session_type = 'DH-SHA1'; + public $needs_math = true; + public $allowed_assoc_types = array('HMAC-SHA1'); + public $hash_func = 'Auth_OpenID_SHA1'; + /** @var Auth_OpenID_DiffieHellman */ + private $dh; + + private $consumer_pubkey = ''; + + /** + * Auth_OpenID_DiffieHellmanSHA1ServerSession constructor. + * + * @param Auth_OpenID_DiffieHellman $dh + * @param string $consumer_pubkey + */ function __construct($dh, $consumer_pubkey) { $this->dh = $dh; $this->consumer_pubkey = $consumer_pubkey; } + /** + * @param Auth_OpenID_Message $message + * @return array|Auth_OpenID_ServerError + */ static function getDH($message) { $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus'); @@ -556,9 +615,9 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { class Auth_OpenID_DiffieHellmanSHA256ServerSession extends Auth_OpenID_DiffieHellmanSHA1ServerSession { - var $session_type = 'DH-SHA256'; - var $hash_func = 'Auth_OpenID_SHA256'; - var $allowed_assoc_types = array('HMAC-SHA256'); + public $session_type = 'DH-SHA256'; + public $hash_func = 'Auth_OpenID_SHA256'; + public $allowed_assoc_types = array('HMAC-SHA256'); static function fromMessage($message) { @@ -580,7 +639,12 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession * @package OpenID */ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { - var $mode = "associate"; + public $mode = "associate"; + + /** @var Auth_OpenID_PlainTextServerSession */ + public $session; + + public $assoc_type = ''; static function getSessionClasses() { @@ -590,6 +654,12 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession'); } + /** + * Auth_OpenID_AssociateRequest constructor. + * + * @param Auth_OpenID_PlainTextServerSession $session + * @param string $assoc_type + */ function __construct($session, $assoc_type) { $this->session = $session; @@ -597,7 +667,11 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { $this->assoc_type = $assoc_type; } - static function fromMessage($message, $server=null) + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_AssociateRequest|Auth_OpenID_ServerError|mixed + */ + static function fromMessage($message) { if ($message->isOpenID1()) { $session_type = $message->getArg(Auth_OpenID_OPENID_NS, @@ -649,6 +723,10 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { return $obj; } + /** + * @param Auth_OpenID_Association $assoc + * @return Auth_OpenID_ServerResponse + */ function answer($assoc) { $response = new Auth_OpenID_ServerResponse($this); @@ -661,7 +739,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { $response->fields->updateArgs(Auth_OpenID_OPENID_NS, $this->session->answer($assoc->secret)); - if (! ($this->session->session_type == 'no-encryption' + if (! ($this->session->session_type == 'no-encryption' && $this->message->isOpenID1())) { $response->fields->setArg(Auth_OpenID_OPENID_NS, 'session_type', @@ -711,29 +789,42 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { * Return-to verification callback. Default is * Auth_OpenID_verifyReturnTo from TrustRoot.php. */ - var $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'; + public $verifyReturnTo = 'Auth_OpenID_verifyReturnTo'; /** * The mode of this request. */ - var $mode = "checkid_setup"; // or "checkid_immediate" + public $mode = "checkid_setup"; // or "checkid_immediate" /** * Whether this request is for immediate mode. */ - var $immediate = false; + public $immediate = false; /** * The trust_root value for this request. */ - var $trust_root = null; + public $trust_root = null; + + public $assoc_handle = ''; + + /** @var Auth_OpenID_Server */ + private $server; + + private $claimed_id = ''; + + private $identity = ''; /** - * The OpenID namespace for this request. - * deprecated since version 2.0.2 + * @param Auth_OpenID_Message $message + * @param string $identity + * @param string $return_to + * @param string $trust_root + * @param bool $immediate + * @param string $assoc_handle + * @param Auth_OpenID_Server $server + * @return Auth_OpenID_CheckIDRequest|Auth_OpenID_MalformedReturnURL|Auth_OpenID_ServerError|Auth_OpenID_UntrustedReturnURL */ - var $namespace; - static function make($message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null) { @@ -763,6 +854,17 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } } + /** + * Auth_OpenID_CheckIDRequest constructor. + * + * @param $identity + * @param $return_to + * @param string $trust_root + * @param bool $immediate + * @param string $assoc_handle + * @param Auth_OpenID_Server $server + * @param string $claimed_id + */ function __construct($identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null, @@ -789,6 +891,10 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } } + /** + * @param Auth_OpenID_CheckIDRequest $other + * @return bool + */ function equals($other) { return ( @@ -822,17 +928,18 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { array($this->trust_root, $this->return_to, $fetcher)); } + /** + * @param Auth_OpenID_Message $message + * @param Auth_OpenID_Server $server + * @return Auth_OpenID_CheckIDRequest|Auth_OpenID_MalformedReturnURL|Auth_OpenID_ServerError|Auth_OpenID_UntrustedReturnURL + */ static function fromMessage($message, $server) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); - $immediate = null; - if ($mode == "checkid_immediate") { $immediate = true; - $mode = "checkid_immediate"; } else { $immediate = false; - $mode = "checkid_setup"; } $return_to = $message->getArg(Auth_OpenID_OPENID_NS, @@ -872,13 +979,13 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } else { $trust_root_param = 'realm'; } - $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, + $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, $trust_root_param); if (! $trust_root) { $trust_root = $return_to; } - if (! $message->isOpenID1() && + if (! $message->isOpenID1() && ($return_to === null) && ($trust_root === null)) { return new Auth_OpenID_ServerError($message, @@ -1025,7 +1132,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } if ($allow) { - + $response_claimed_id = ''; if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) { if (!$identity) { return new Auth_OpenID_ServerError(null, @@ -1165,9 +1272,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if ($this->immediate) { return new Auth_OpenID_ServerError(null, - "Cancel is not an appropriate \ - response to immediate mode \ - requests."); + "Cancel is not an appropriate response to immediate mode requests."); } $response = new Auth_OpenID_Message( @@ -1184,6 +1289,16 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { */ class Auth_OpenID_ServerResponse { + public $code; + + /** @var Auth_OpenID_Request */ + public $request; + + /** + * Auth_OpenID_ServerResponse constructor. + * + * @param Auth_OpenID_Request $request + */ function __construct($request) { $this->request = $request; @@ -1244,6 +1359,9 @@ class Auth_OpenID_ServerResponse { return $this->fields->toURL($this->request->return_to); } + /** + * @param Auth_OpenID_Extension $extension_response + */ function addExtension($extension_response) { $extension_response->toMessage($this->fields); @@ -1268,8 +1386,8 @@ class Auth_OpenID_ServerResponse { * @package OpenID */ class Auth_OpenID_WebResponse { - var $code = AUTH_OPENID_HTTP_OK; - var $body = ""; + public $code = AUTH_OPENID_HTTP_OK; + public $body = ""; function __construct($code = null, $headers = null, $body = null) @@ -1299,17 +1417,22 @@ class Auth_OpenID_WebResponse { class Auth_OpenID_Signatory { // = 14 * 24 * 60 * 60; # 14 days, in seconds - var $SECRET_LIFETIME = 1209600; + public $SECRET_LIFETIME = 1209600; // keys have a bogus server URL in them because the filestore // really does expect that key to be a URL. This seems a little // silly for the server store, since I expect there to be only one // server URL. - var $normal_key = 'http://localhost/|normal'; - var $dumb_key = 'http://localhost/|dumb'; + public $normal_key = 'http://localhost/|normal'; + public $dumb_key = 'http://localhost/|dumb'; + + /** @var Auth_OpenID_OpenIDStore */ + private $store; /** * Create a new signatory using a given store. + * + * @param Auth_OpenID_OpenIDStore $store */ function __construct($store) { @@ -1320,6 +1443,10 @@ class Auth_OpenID_Signatory { /** * Verify, using a given association handle, a signature with * signed key-value pairs from an HTTP request. + * + * @param string $assoc_handle + * @param Auth_OpenID_Message $message + * @return bool */ function verify($assoc_handle, $message) { @@ -1336,11 +1463,16 @@ class Auth_OpenID_Signatory { /** * Given a response, sign the fields in the response's 'signed' * list, and insert the signature into the response. + * + * @param Auth_OpenID_ServerResponse $response + * @return mixed */ function sign($response) { $signed_response = $response; - $assoc_handle = $response->request->assoc_handle; + /** @var Auth_OpenID_CheckIDRequest $request */ + $request = $response->request; + $assoc_handle = $request->assoc_handle; if ($assoc_handle) { // normal mode @@ -1369,6 +1501,10 @@ class Auth_OpenID_Signatory { /** * Make a new association. + * + * @param bool $dumb + * @param string $assoc_type + * @return Auth_OpenID_Association */ function createAssociation($dumb = true, $assoc_type = 'HMAC-SHA1') { @@ -1394,6 +1530,11 @@ class Auth_OpenID_Signatory { /** * Given an association handle, get the association from the * store, or return a ServerError or null if something goes wrong. + * + * @param string $assoc_handle + * @param bool $dumb + * @param bool $check_expiration + * @return Auth_OpenID_Association|Auth_OpenID_ServerError|null */ function getAssociation($assoc_handle, $dumb, $check_expiration=true) { @@ -1422,6 +1563,9 @@ class Auth_OpenID_Signatory { /** * Invalidate a given association handle. + * + * @param string $assoc_handle + * @param bool $dumb */ function invalidate($assoc_handle, $dumb) { @@ -1442,11 +1586,14 @@ class Auth_OpenID_Signatory { */ class Auth_OpenID_Encoder { - var $responseFactory = 'Auth_OpenID_WebResponse'; + public $responseFactory = 'Auth_OpenID_WebResponse'; /** * Encode an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_EncodingError */ function encode($response) { @@ -1483,6 +1630,14 @@ class Auth_OpenID_Encoder { */ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { + /** @var Auth_OpenID_Signatory */ + private $signatory; + + /** + * Auth_OpenID_SigningEncoder constructor. + * + * @param Auth_OpenID_Signatory $signatory + */ function __construct($signatory) { $this->signatory = $signatory; @@ -1491,6 +1646,9 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { /** * Sign an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_AlreadySigned|Auth_OpenID_EncodingError|Auth_OpenID_ServerError */ function encode($response) { @@ -1521,21 +1679,32 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { */ class Auth_OpenID_Decoder { + /** @var Auth_OpenID_Server */ + private $server; + + private $handlers = array( + 'checkid_setup' => 'Auth_OpenID_CheckIDRequest', + 'checkid_immediate' => 'Auth_OpenID_CheckIDRequest', + 'check_authentication' => 'Auth_OpenID_CheckAuthRequest', + 'associate' => 'Auth_OpenID_AssociateRequest' + ); + + /** + * Auth_OpenID_Decoder constructor. + * + * @param Auth_OpenID_Server $server + */ function __construct($server) { $this->server = $server; - - $this->handlers = array( - 'checkid_setup' => 'Auth_OpenID_CheckIDRequest', - 'checkid_immediate' => 'Auth_OpenID_CheckIDRequest', - 'check_authentication' => 'Auth_OpenID_CheckAuthRequest', - 'associate' => 'Auth_OpenID_AssociateRequest' - ); } /** * Given an HTTP query in an array (key-value pairs), decode it * into an Auth_OpenID_Request object. + * + * @param array $query + * @return Auth_OpenID_ServerError|mixed */ function decode($query) { @@ -1584,6 +1753,10 @@ class Auth_OpenID_Decoder { } } + /** + * @param Auth_OpenID_Message $message + * @return Auth_OpenID_ServerError + */ function defaultDecoder($message) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); @@ -1628,8 +1801,18 @@ class Auth_OpenID_AlreadySigned extends Auth_OpenID_EncodingError { * @package OpenID */ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { - function __construct($message, $return_to, - $trust_root) + + private $return_to = ''; + private $trust_root = ''; + + /** + * Auth_OpenID_UntrustedReturnURL constructor. + * + * @param Auth_OpenID_Message|null $message + * @param null|string $return_to + * @param null|string $trust_root + */ + function __construct($message, $return_to, $trust_root) { parent::__construct($message, "Untrusted return_to URL"); $this->return_to = $return_to; @@ -1681,6 +1864,27 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_Server { + + /** @var Auth_OpenID_OpenIDStore */ + private $store; + /** @var Auth_OpenID_Signatory */ + private $signatory; + /** @var Auth_OpenID_SigningEncoder */ + private $encoder; + /** @var Auth_OpenID_Decoder */ + private $decoder; + /** @var Auth_OpenID_SessionNegotiator */ + private $negotiator; + + /** @var Auth_OpenID_ServiceEndpoint|null */ + public $op_endpoint; + + /** + * Auth_OpenID_Server constructor. + * + * @param Auth_OpenID_OpenIDStore $store + * @param Auth_OpenID_ServiceEndpoint|null $op_endpoint + */ function __construct($store, $op_endpoint=null) { $this->store = $store; @@ -1713,6 +1917,9 @@ class Auth_OpenID_Server { /** * The callback for 'check_authentication' messages. + * + * @param Auth_OpenID_CheckAuthRequest $request + * @return mixed */ function openid_check_authentication($request) { @@ -1721,6 +1928,9 @@ class Auth_OpenID_Server { /** * The callback for 'associate' messages. + * + * @param Auth_OpenID_AssociateRequest $request + * @return mixed */ function openid_associate($request) { @@ -1744,6 +1954,9 @@ class Auth_OpenID_Server { /** * Encodes as response in the appropriate format suitable for * sending to the user agent. + * + * @param Auth_OpenID_ServerResponse $response + * @return Auth_OpenID_AlreadySigned|Auth_OpenID_EncodingError|Auth_OpenID_ServerError */ function encodeResponse($response) { @@ -1753,6 +1966,9 @@ class Auth_OpenID_Server { /** * Decodes a query args array into the appropriate * {@link Auth_OpenID_Request} object. + * + * @param array|null $query + * @return Auth_OpenID_ServerError|mixed */ function decodeRequest($query=null) { diff --git a/plugins/openid/lib/Auth/OpenID/ServerRequest.php b/plugins/openid/lib/Auth/OpenID/ServerRequest.php index 84c7758e..5dffff84 100644 --- a/plugins/openid/lib/Auth/OpenID/ServerRequest.php +++ b/plugins/openid/lib/Auth/OpenID/ServerRequest.php @@ -28,9 +28,6 @@ require_once "Auth/OpenID.php"; * @package OpenID */ class Auth_OpenID_ServerRequest { - function __construct() - { - $this->mode = null; - } + public $mode = null; } diff --git a/plugins/openid/lib/Auth/OpenID/TrustRoot.php b/plugins/openid/lib/Auth/OpenID/TrustRoot.php index 5e694907..379366b7 100644 --- a/plugins/openid/lib/Auth/OpenID/TrustRoot.php +++ b/plugins/openid/lib/Auth/OpenID/TrustRoot.php @@ -325,7 +325,7 @@ class Auth_OpenID_TrustRoot { } } -/* +/** * If the endpoint is a relying party OpenID return_to endpoint, * return the endpoint URL. Otherwise, return None. * @@ -335,10 +335,10 @@ class Auth_OpenID_TrustRoot { * @see: C{L{openid.yadis.services}} * @see: C{L{openid.yadis.filters}} * - * @param endpoint: An XRDS BasicServiceEndpoint, as returned by + * @param Auth_OpenID_ServiceEndpoint $endpoint An XRDS BasicServiceEndpoint, as returned by * performing Yadis dicovery. * - * @returns: The endpoint URL or None if the endpoint is not a + * @return Auth_OpenID_ServiceEndpoint|null The endpoint URL or None if the endpoint is not a * relying party endpoint. */ function filter_extractReturnURL($endpoint) diff --git a/plugins/openid/lib/Auth/OpenID/URINorm.php b/plugins/openid/lib/Auth/OpenID/URINorm.php index 32e84588..f8c73ada 100644 --- a/plugins/openid/lib/Auth/OpenID/URINorm.php +++ b/plugins/openid/lib/Auth/OpenID/URINorm.php @@ -84,11 +84,8 @@ function Auth_OpenID_pct_encoded_replace_unreserved($mo) $i = intval($mo[1], 16); if ($_unreserved[$i]) { return chr($i); - } else { - return strtoupper($mo[0]); } - - return $mo[0]; + return strtoupper($mo[0]); } function Auth_OpenID_pct_encoded_replace($mo) @@ -168,11 +165,6 @@ function Auth_OpenID_urinorm($uri) } $scheme = $uri_matches[2]; - if ($scheme) { - $scheme = strtolower($scheme); - } - - $scheme = $uri_matches[2]; if ($scheme === '') { // No scheme specified return null; @@ -204,13 +196,13 @@ function Auth_OpenID_urinorm($uri) } } - list($_whole, $userinfo, $host, $port) = $authority_matches; + list(, $userinfo, $host, $port) = $authority_matches; if ($userinfo === null) { $userinfo = ''; } - if (strpos($host, '%') !== -1) { + if (strpos($host, '%') !== false) { $host = strtolower($host); $host = preg_replace_callback( Auth_OpenID_getEncodedPattern(), diff --git a/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php index 76bc3239..a6e6814e 100644 --- a/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/HTTPFetcher.php @@ -19,10 +19,16 @@ require_once "Auth/OpenID.php"; define('Auth_OpenID_FETCHER_MAX_RESPONSE_KB', 1024); -define('Auth_OpenID_USER_AGENT', +define('Auth_OpenID_USER_AGENT', 'php-openid/'.Auth_OpenID_VERSION.' (php/'.phpversion().')'); class Auth_Yadis_HTTPResponse { + + public $final_url = ''; + public $status = ''; + public $body = ''; + public $headers = array(); + function __construct($final_url = null, $status = null, $headers = null, $body = null) { @@ -43,13 +49,14 @@ class Auth_Yadis_HTTPResponse { */ class Auth_Yadis_HTTPFetcher { - var $timeout = 20; // timeout in seconds. + public $timeout = 20; // timeout in seconds. /** * Return whether a URL can be fetched. Returns false if the URL * scheme is not allowed or is not supported by this fetcher * implementation; returns true otherwise. * + * @param string $url * @return bool */ function canFetchURL($url) @@ -74,6 +81,9 @@ class Auth_Yadis_HTTPFetcher { * conform to your local policy. * * By default, will attempt to fetch any http or https URL. + * + * @param string $url + * @return bool */ function allowedURL($url) { @@ -90,12 +100,15 @@ class Auth_Yadis_HTTPFetcher { function supportsSSL() { trigger_error("not implemented", E_USER_ERROR); + return false; } /** * Is this an https URL? * * @access private + * @param string $url + * @return bool */ function isHTTPS($url) { @@ -106,6 +119,8 @@ class Auth_Yadis_HTTPFetcher { * Is this an http or https URL? * * @access private + * @param string $url + * @return bool */ function URLHasAllowedScheme($url) { @@ -114,6 +129,9 @@ class Auth_Yadis_HTTPFetcher { /** * @access private + * @param array $headers + * @param string $url + * @return null|string */ function _findRedirect($headers, $url) { @@ -159,16 +177,13 @@ class Auth_Yadis_HTTPFetcher { * returns the server's response. * * @param string $url The URL to be fetched. - * @param array $extra_headers An array of header strings - * (e.g. "Accept: text/html"). - * @return mixed $result An array of ($code, $url, $headers, - * $body) if the URL could be fetched; null if the URL does not - * pass the URLHasAllowedScheme check or if the server's response - * is malformed. + * @param array $headers + * @return Auth_Yadis_HTTPResponse|null */ function get($url, $headers = null) { trigger_error("not implemented", E_USER_ERROR); + return null; } } diff --git a/plugins/openid/lib/Auth/Yadis/Manager.php b/plugins/openid/lib/Auth/Yadis/Manager.php index 8c8c3e5a..8aae2da4 100644 --- a/plugins/openid/lib/Auth/Yadis/Manager.php +++ b/plugins/openid/lib/Auth/Yadis/Manager.php @@ -32,7 +32,7 @@ class Auth_Yadis_PHPSession { * @param string $name The name of the key to retrieve. * @param string $default The optional value to return if the key * is not found in the session. - * @return string $result The key's value in the session or + * @return mixed $result The key's value in the session or * $default if it isn't found. */ function get($name, $default=null) @@ -73,17 +73,21 @@ class Auth_Yadis_PHPSession { * * @package OpenID */ -class Auth_Yadis_SessionLoader { +abstract class Auth_Yadis_SessionLoader { /** * Override this. * * @access private + * @param array $data + * @return bool */ function check($data) { return true; } + public abstract function requiredKeys(); + /** * Given a session data value (an array), this creates an object * (returned by $this->newObject()) whose attributes and values @@ -93,6 +97,8 @@ class Auth_Yadis_SessionLoader { * evaluates to false. * * @access private + * @param array $data + * @return null */ function fromSession($data) { @@ -132,6 +138,8 @@ class Auth_Yadis_SessionLoader { * the original data array before calling $this->newObject($data). * * @access private + * @param array $data + * @return array */ function prepareForLoad($data) { @@ -145,6 +153,8 @@ class Auth_Yadis_SessionLoader { * the object's attributes. * * @access private + * @param array $data + * @return null */ function newObject($data) { @@ -158,6 +168,8 @@ class Auth_Yadis_SessionLoader { * from $obj. * * @access private + * @param object $obj + * @return array */ function toSession($obj) { @@ -181,6 +193,8 @@ class Auth_Yadis_SessionLoader { * Override this. * * @access private + * @param object $obj + * @return array */ function prepareForSave($obj) { @@ -275,10 +289,29 @@ class Auth_Yadis_ManagerLoader extends Auth_Yadis_SessionLoader { */ class Auth_Yadis_Manager { + /** @var string */ + public $starting_url; + + /** @var string */ + public $yadis_url; + + /** @var array */ + public $services; + + /** @var string */ + public $session_key; + + /** @var Auth_OpenID_ServiceEndpoint */ + public $_current; + /** * Intialize a new yadis service manager. * * @access private + * @param string $starting_url + * @param string $yadis_url + * @param array $services + * @param string $session_key */ function __construct($starting_url, $yadis_url, $services, $session_key) @@ -340,6 +373,8 @@ class Auth_Yadis_Manager { /** * @access private + * @param string $url + * @return bool */ function forURL($url) { @@ -371,12 +406,12 @@ class Auth_Yadis_Discovery { /** * @access private */ - var $DEFAULT_SUFFIX = 'auth'; + public $DEFAULT_SUFFIX = 'auth'; /** * @access private */ - var $PREFIX = '_yadis_services_'; + public $PREFIX = '_yadis_services_'; /** * Initialize a discovery object. @@ -404,6 +439,10 @@ class Auth_Yadis_Discovery { /** * Return the next authentication service for the pair of * user_input and session. This function handles fallback. + * + * @param callback $discover_cb + * @param object $fetcher + * @return null|Auth_OpenID_ServiceEndpoint */ function getNextService($discover_cb, $fetcher) { @@ -437,8 +476,9 @@ class Auth_Yadis_Discovery { * most-recently-attempted service from the manager, if one * exists. * - * @param $force True if the manager should be deleted regardless + * @param bool $force True if the manager should be deleted regardless * of whether it's a manager for $this->url. + * @return null|Auth_OpenID_ServiceEndpoint */ function cleanup($force=false) { @@ -465,8 +505,9 @@ class Auth_Yadis_Discovery { /** * @access private * - * @param $force True if the manager should be returned regardless + * @param bool $force True if the manager should be returned regardless * of whether it's a manager for $this->url. + * @return null|Auth_Yadis_Manager */ function getManager($force=false) { @@ -474,6 +515,7 @@ class Auth_Yadis_Discovery { // suffix from the session. $manager_str = $this->session->get($this->getSessionKey()); + /** @var Auth_Yadis_Manager $manager */ $manager = null; if ($manager_str !== null) { @@ -484,10 +526,14 @@ class Auth_Yadis_Discovery { if ($manager && ($manager->forURL($this->url) || $force)) { return $manager; } + return null; } /** * @access private + * @param array $services + * @param null|string $yadis_url + * @return Auth_Yadis_Manager|null */ function createManager($services, $yadis_url = null) { @@ -504,12 +550,13 @@ class Auth_Yadis_Discovery { serialize($loader->toSession($manager))); return $manager; } + return null; } /** * @access private * - * @param $force True if the manager should be deleted regardless + * @param bool $force True if the manager should be deleted regardless * of whether it's a manager for $this->url. */ function destroyManager($force=false) diff --git a/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php index d15969be..29acf3b1 100644 --- a/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/ParanoidHTTPFetcher.php @@ -27,6 +27,10 @@ require_once "Auth/OpenID.php"; * @package OpenID */ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { + + private $headers = array(); + private $data = ''; + function __construct() { $this->reset(); @@ -40,6 +44,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { /** * @access private + * @param string $ch + * @param string $header + * @return int */ function _writeHeader($ch, $header) { @@ -49,6 +56,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { /** * @access private + * @param string $ch + * @param string $data + * @return int */ function _writeData($ch, $data) { @@ -75,6 +85,11 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { } } + /** + * @param string $url + * @param array|null $extra_headers + * @return Auth_Yadis_HTTPResponse|null + */ function get($url, $extra_headers = null) { if (!$this->canFetchURL($url)) { @@ -153,6 +168,7 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { if (defined('Auth_OpenID_HTTP_PROXY')) { curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY); } + curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); diff --git a/plugins/openid/lib/Auth/Yadis/ParseHTML.php b/plugins/openid/lib/Auth/Yadis/ParseHTML.php index e0e9043c..8b8b33f2 100644 --- a/plugins/openid/lib/Auth/Yadis/ParseHTML.php +++ b/plugins/openid/lib/Auth/Yadis/ParseHTML.php @@ -25,23 +25,22 @@ class Auth_Yadis_ParseHTML { /** * @access private */ - var $_re_flags = "si"; + public $_re_flags = "si"; /** * @access private */ - var $_removed_re = - "<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>"; + public $_removed_re = '<!--.*?-->|<!\[CDATA\[.*?\]\]>|<script\b(?!:)[^>]*>.*?<\/script>'; /** * @access private */ - var $_tag_expr = "<%s%s(?:\s.*?)?%s>"; + public $_tag_expr = '<%s%s(?:\s.*?)?%s>'; /** * @access private */ - var $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]'; + public $_attr_find = '\b([-\w]+)=(".*?"|\'.*?\'|.+?)[\/\s>]'; function __construct() { @@ -78,7 +77,7 @@ class Auth_Yadis_ParseHTML { { $matches = array(); $double = '/^"(.*)"$/'; - $single = "/^\'(.*)\'$/"; + $single = "/^'(.*)'$/"; if (preg_match($double, $str, $matches)) { return $matches[1]; @@ -90,7 +89,7 @@ class Auth_Yadis_ParseHTML { } /** - * Create a regular expression that will match an opening + * Create a regular expression that will match an opening * or closing tag from a set of names. * * @access private @@ -181,7 +180,7 @@ class Auth_Yadis_ParseHTML { $link_data = array(); $link_matches = array(); - + if (!preg_match_all($this->tagPattern('meta', false, 'maybe'), $html_string, $link_matches)) { return array(); diff --git a/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php b/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php index 26890539..7a1bbba9 100644 --- a/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php +++ b/plugins/openid/lib/Auth/Yadis/PlainHTTPFetcher.php @@ -34,6 +34,11 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher { return function_exists('openssl_open'); } + /** + * @param string $url + * @param array|null $extra_headers + * @return Auth_Yadis_HTTPResponse|null|bool + */ function get($url, $extra_headers = null) { if (!$this->canFetchURL($url)) { @@ -44,6 +49,9 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher { $stop = time() + $this->timeout; $off = $this->timeout; + $headers = array(); + $code = ''; + $body = ''; while ($redir && ($off > 0)) { diff --git a/plugins/openid/lib/Auth/Yadis/XML.php b/plugins/openid/lib/Auth/Yadis/XML.php index c96b2a90..3039d54e 100644 --- a/plugins/openid/lib/Auth/Yadis/XML.php +++ b/plugins/openid/lib/Auth/Yadis/XML.php @@ -61,6 +61,7 @@ class Auth_Yadis_XMLParser { function registerNamespace($prefix, $uri) { // Not implemented. + return false; } /** @@ -76,6 +77,7 @@ class Auth_Yadis_XMLParser { function setXML($xml_string) { // Not implemented. + return false; } /** @@ -94,6 +96,7 @@ class Auth_Yadis_XMLParser { function &evalXPath($xpath, $node = null) { // Not implemented. + return array(); } /** @@ -107,6 +110,7 @@ class Auth_Yadis_XMLParser { function content($node) { // Not implemented. + return ''; } /** @@ -115,12 +119,13 @@ class Auth_Yadis_XMLParser { * @param mixed $node A node object from a previous call to * $this->evalXPath(). * - * @return array $attrs An array mapping attribute names to + * @return array An array mapping attribute names to * values. */ function attributes($node) { // Not implemented. + return array(); } } @@ -217,13 +222,16 @@ class Auth_Yadis_domxml extends Auth_Yadis_XMLParser { * @package OpenID */ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { - function __construct() - { - $this->xml = null; - $this->doc = null; - $this->xpath = null; - $this->errors = array(); - } + + /** @var string */ + protected $xml = ''; + + protected $doc = null; + + /** @var DOMXPath */ + protected $xpath = null; + + protected $errors = array(); function setXML($xml_string) { @@ -294,11 +302,17 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { if ($node) { return $node->textContent; } + return ''; } + /** + * @param DOMNode $node + * @return array + */ function attributes($node) { if ($node) { + /** @var DOMNamedNodeMap $arr */ $arr = $node->attributes; $result = array(); @@ -311,6 +325,7 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return $result; } + return array(); } } @@ -343,6 +358,8 @@ function Auth_Yadis_getSupportedExtensions() * the availability of PHP extensions for XML parsing. If * Auth_Yadis_setDefaultParser has been called, the parser used in * that call will be returned instead. + * + * @return Auth_Yadis_XMLParser|bool */ function Auth_Yadis_getXMLParser() { diff --git a/plugins/openid/lib/Auth/Yadis/XRDS.php b/plugins/openid/lib/Auth/Yadis/XRDS.php index 4f1ede07..81e0c91b 100644 --- a/plugins/openid/lib/Auth/Yadis/XRDS.php +++ b/plugins/openid/lib/Auth/Yadis/XRDS.php @@ -54,6 +54,8 @@ function Auth_Yadis_getNSMap() /** * @access private + * @param array $arr + * @return array */ function Auth_Yadis_array_scramble($arr) { @@ -82,14 +84,10 @@ function Auth_Yadis_array_scramble($arr) */ class Auth_Yadis_Service { - /** - * Creates an empty service object. - */ - function __construct() - { - $this->element = null; - $this->parser = null; - } + public $element = null; + + /** @var Auth_Yadis_XMLParser */ + public $parser = null; /** * Return the URIs in the "Type" elements, if any, of this Service @@ -213,7 +211,7 @@ class Auth_Yadis_Service { */ function Auth_Yadis_getXRDExpiration($xrd_element, $default=null) { - $expires_element = $xrd_element->$parser->evalXPath('/xrd:Expires'); + $expires_element = $xrd_element->parser->evalXPath('/xrd:Expires'); if ($expires_element === null) { return $default; } else { @@ -251,9 +249,22 @@ function Auth_Yadis_getXRDExpiration($xrd_element, $default=null) */ class Auth_Yadis_XRDS { + /** @var Auth_Yadis_XMLParser */ + public $parser; + + public $xrdNode; + + public $allXrdNodes; + + /** @var Auth_Yadis_Service[][] */ + public $serviceList; + /** * Instantiate a Auth_Yadis_XRDS object. Requires an XPath * instance which has been used to parse a valid XRDS document. + * + * @param Auth_Yadis_XMLParser $xmlParser + * @param array $xrdNodes */ function __construct($xmlParser, $xrdNodes) { @@ -270,6 +281,7 @@ class Auth_Yadis_XRDS { * XRDS XML is valid. * * @param string $xml_string An XRDS XML string. + * @param array|null $extra_ns_map * @return mixed $xrds An instance of Auth_Yadis_XRDS or null, * depending on the validity of $xml_string */ @@ -321,12 +333,13 @@ class Auth_Yadis_XRDS { return $_null; } - $xrds = new Auth_Yadis_XRDS($parser, $xrd_nodes); - return $xrds; + return new Auth_Yadis_XRDS($parser, $xrd_nodes); } /** * @access private + * @param int $priority + * @param string $service */ function _addService($priority, $service) { diff --git a/plugins/openid/lib/Auth/Yadis/XRI.php b/plugins/openid/lib/Auth/Yadis/XRI.php index 0143a692..50c291f9 100644 --- a/plugins/openid/lib/Auth/Yadis/XRI.php +++ b/plugins/openid/lib/Auth/Yadis/XRI.php @@ -184,6 +184,11 @@ function Auth_Yadis_XRI($xri) return $xri; } +/** + * @param string $iname + * @param Auth_Yadis_XRDS $xrds + * @return bool|string + */ function Auth_Yadis_getCanonicalID($iname, $xrds) { // Returns false or a canonical ID value. diff --git a/plugins/openid/lib/Auth/Yadis/XRIRes.php b/plugins/openid/lib/Auth/Yadis/XRIRes.php index b484beec..cdf7ef58 100644 --- a/plugins/openid/lib/Auth/Yadis/XRIRes.php +++ b/plugins/openid/lib/Auth/Yadis/XRIRes.php @@ -8,6 +8,10 @@ require_once 'Auth/Yadis/XRDS.php'; require_once 'Auth/Yadis/XRI.php'; class Auth_Yadis_ProxyResolver { + + /** @var Auth_Yadis_HTTPFetcher */ + protected $fetcher; + function __construct($fetcher, $proxy_url = null) { $this->fetcher = $fetcher; diff --git a/plugins/openid/lib/Auth/Yadis/Yadis.php b/plugins/openid/lib/Auth/Yadis/Yadis.php index 5be56da1..70dc944d 100644 --- a/plugins/openid/lib/Auth/Yadis/Yadis.php +++ b/plugins/openid/lib/Auth/Yadis/Yadis.php @@ -48,25 +48,28 @@ define('Auth_Yadis_HEADER_NAME', 'X-XRDS-Location'); class Auth_Yadis_DiscoveryResult { // The URI that was passed to the fetcher - var $request_uri = null; + public $request_uri = null; // The result of following redirects from the request_uri - var $normalized_uri = null; + public $normalized_uri = null; // The URI from which the response text was returned (set to // None if there was no XRDS document found) - var $xrds_uri = null; + public $xrds_uri = null; - var $xrds = null; + /** + * @var Auth_Yadis_XRDS + */ + public $xrds = null; // The content-type returned with the response_text - var $content_type = null; + public $content_type = null; // The document returned from the xrds_uri - var $response_text = null; + public $response_text = null; // Did the discovery fail miserably? - var $failed = false; + public $failed = false; function __construct($request_uri) { @@ -123,7 +126,11 @@ class Auth_Yadis_DiscoveryResult { * * input_url: The URL on which to perform the Yadis protocol * - * @return: The normalized identity URL and an iterable of endpoint + * @param string $input_url + * @param $xrds_parse_func + * @param null $discover_func + * @param null $fetcher + * @return string The normalized identity URL and an iterable of endpoint * objects generated by the filter function. * * xrds_parse_func: a callback which will take (uri, xrds_text) and @@ -137,7 +144,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func, $discover_func=null, $fetcher=null) { if ($discover_func === null) { - $discover_function = array('Auth_Yadis_Yadis', 'discover'); + $discover_func = array('Auth_Yadis_Yadis', 'discover'); } $yadis_result = call_user_func_array($discover_func, @@ -249,6 +256,9 @@ class Auth_Yadis_Yadis { * * If Auth_Yadis_CURL_OVERRIDE is defined, this method will always * return a {@link Auth_Yadis_PlainHTTPFetcher}. + * + * @param int $timeout + * @return Auth_Yadis_ParanoidHTTPFetcher|Auth_Yadis_PlainHTTPFetcher */ static function getHTTPFetcher($timeout = 20) { @@ -268,6 +278,9 @@ class Auth_Yadis_Yadis { /** * @access private + * @param array $header_list + * @param array $names + * @return string */ static function _getHeader($header_list, $names) { @@ -284,6 +297,8 @@ class Auth_Yadis_Yadis { /** * @access private + * @param string $content_type_header + * @return string */ static function _getContentType($content_type_header) { @@ -291,6 +306,7 @@ class Auth_Yadis_Yadis { $parts = explode(";", $content_type_header); return strtolower($parts[0]); } + return ''; } /** @@ -300,16 +316,12 @@ class Auth_Yadis_Yadis { * * @param string $uri The URI on which to perform Yadis discovery. * - * @param array $http_response An array reference where the HTTP - * response object will be stored (see {@link - * Auth_Yadis_HTTPResponse}. - * * @param Auth_Yadis_HTTPFetcher $fetcher An instance of a * Auth_Yadis_HTTPFetcher subclass. * * @param array $extra_ns_map An array which maps namespace names * to namespace URIs to be used when parsing the Yadis XRDS - * document. + * document. UNUSED. * * @param integer $timeout An optional fetcher timeout, in seconds. * @@ -322,7 +334,6 @@ class Auth_Yadis_Yadis { { $result = new Auth_Yadis_DiscoveryResult($uri); - $request_uri = $uri; $headers = array("Accept: " . Auth_Yadis_CONTENT_TYPE . ', text/html; q=0.3, application/xhtml+xml; q=0.5'); diff --git a/plugins/openid/openid.php b/plugins/openid/openid.php index 5ad309fe..027512d3 100644 --- a/plugins/openid/openid.php +++ b/plugins/openid/openid.php @@ -1,11 +1,11 @@ <?php /** * Plugin Name: OpenID - * Plugin URI: http://wordpress.org/extend/plugins/openid + * Plugin URI: https://wordpress.org/plugins/openid * Description: Allows the use of OpenID for account registration, authentication, and commenting. Also includes an OpenID provider which can turn WordPress author URLs into OpenIDs. * Author: DiSo Development Team * Author URI: http://diso-project.org/ - * Version: 3.4.2 + * Version: 3.4.4 * License: Apache 2.0 * License URI: https://www.apache.org/licenses/LICENSE-2.0 * Text Domain: openid diff --git a/plugins/openid/readme.txt b/plugins/openid/readme.txt index a7b350ec..c0656989 100644 --- a/plugins/openid/readme.txt +++ b/plugins/openid/readme.txt @@ -2,8 +2,8 @@ Contributors: willnorris, factoryjoe, pfefferle Tags: openid, authentication, login, comments Requires at least: 2.8 -Tested up to: 4.6.1 -Stable tag: 3.4.2 +Tested up to: 4.9.1 +Stable tag: 3.4.4 License: Apache 2.0 License URI: https://www.apache.org/licenses/LICENSE-2.0 @@ -11,16 +11,9 @@ Allows WordPress to provide and consumer OpenIDs for authentication of users and == Description == -OpenID is an [open standard][] that allows users to authenticate to websites -without having to create a new password. This plugin allows users to login to -their local WordPress account using an OpenID, as well as enabling commenters -to leave authenticated comments with OpenID. The plugin also includes an OpenID -provider, enabling users to login to OpenID-enabled sites using their -own personal WordPress account. [XRDS-Simple][] is required for the OpenID -Provider and some features of the OpenID Consumer. +OpenID is an [open standard][] that allows users to authenticate to websites without having to create a new password. This plugin allows users to login to their local WordPress account using an OpenID, as well as enabling commenters to leave authenticated comments with OpenID. The plugin also includes an OpenID provider, enabling users to login to OpenID-enabled sites using their own personal WordPress account. [XRDS-Simple][] is required for the OpenID Provider and some features of the OpenID Consumer. -Developer documentation, which includes all of the public methods and hooks for -integrating with and extending the plugin, can be found [here][dev-doc]. +Developer documentation, which includes all of the public methods and hooks for integrating with and extending the plugin, can be found [here][dev-doc]. [open standard]: http://openid.net/ [XRDS-Simple]: http://wordpress.org/plugins/xrds-simple/ @@ -105,6 +98,12 @@ report at <http://code.google.com/p/diso/issues/list>. Project maintined on github at [diso/wordpress-openid](https://github.com/diso/wordpress-openid). += version 3.4.4 (Jan 12, 2018) = + - fixed bug with latest OpenID library + += version 3.4.3 (Jan 12, 2018) = + - update to latest OpenID library + = version 3.4.2 (Nov 20, 2016) = - update to latest OpenID library - fixed error response if nonce doesn't match https://github.com/diso/wordpress-openid/pull/46 diff --git a/plugins/openid/server.php b/plugins/openid/server.php index 2746de47..15e64d39 100644 --- a/plugins/openid/server.php +++ b/plugins/openid/server.php @@ -245,16 +245,11 @@ function openid_server_auth_request($request) { // get some user data $user = wp_get_current_user(); $author_url = get_author_posts_url($user->ID); - $id_select = ($request->identity == 'http://specs.openid.net/auth/2.0/identifier_select'); + $id_select = $request->idSelect(); // bail if user does not have access to OpenID provider if (!$user->has_cap('use_openid_provider')) return $request->answer(false); - // bail if user doesn't own identity and not using id select - if (!$id_select && ($author_url != $request->identity)) { - return $request->answer(false); - } - // if using id select but user is delegating, display error to user (unless checkid_immediate) if ($id_select && get_user_meta($user->ID, 'openid_delegate', true)) { if ($request->mode != 'checkid_immediate') { |