Auth_OpenID_GenericConsumer::_extractAssociation PHP Method

Auth_OpenID_GenericConsumer Class Documentation Show file Open project: openid/php-openid

_extractAssociation() public method

public _extractAssociation ( $assoc_response, $assoc_session ) 
    function _extractAssociation($assoc_response, $assoc_session)
    {
        // Extract the common fields from the response, raising an
        // exception if they are not found
        $assoc_type = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT);
        if (Auth_OpenID::isFailure($assoc_type)) {
            return $assoc_type;
        }
        $assoc_handle = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT);
        if (Auth_OpenID::isFailure($assoc_handle)) {
            return $assoc_handle;
        }
        // expires_in is a base-10 string. The Python parsing will
        // accept literals that have whitespace around them and will
        // accept negative values. Neither of these are really in-spec,
        // but we think it's OK to accept them.
        $expires_in_str = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT);
        if (Auth_OpenID::isFailure($expires_in_str)) {
            return $expires_in_str;
        }
        $expires_in = Auth_OpenID::intval($expires_in_str);
        if ($expires_in === false) {
            $err = sprintf("Could not parse expires_in from association " . "response %s", print_r($assoc_response, true));
            return new Auth_OpenID_FailureResponse(null, $err);
        }
        // OpenID 1 has funny association session behaviour.
        if ($assoc_response->isOpenID1()) {
            $session_type = $this->_getOpenID1SessionType($assoc_response);
        } else {
            $session_type = $assoc_response->getArg(Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT);
            if (Auth_OpenID::isFailure($session_type)) {
                return $session_type;
            }
        }
        // Session type mismatch
        if ($assoc_session->session_type != $session_type) {
            if ($assoc_response->isOpenID1() && $session_type == 'no-encryption') {
                // In OpenID 1, any association request can result in
                // a 'no-encryption' association response. Setting
                // assoc_session to a new no-encryption session should
                // make the rest of this function work properly for
                // that case.
                $assoc_session = new Auth_OpenID_PlainTextConsumerSession();
            } else {
                // Any other mismatch, regardless of protocol version
                // results in the failure of the association session
                // altogether.
                return null;
            }
        }
        // Make sure assoc_type is valid for session_type
        if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) {
            return null;
        }
        // Delegate to the association session to extract the secret
        // from the response, however is appropriate for that session
        // type.
        $secret = $assoc_session->extractSecret($assoc_response);
        if ($secret === null) {
            return null;
        }
        return Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type);
    }
Auth_OpenID_GenericConsumer
__construct
_checkAuth
_checkReturnTo
_checkSetupNeeded
_completeInvalid
_complete_cancel
_complete_error
_complete_id_res
_complete_setup_needed
_createAssociateRequest
_createCheckAuthRequest
_discoverAndVerify
_doIdRes
_extractAssociation
_extractSupportedAssociationType
_getAssociation
_getOpenID1SessionType
_httpResponseToMessage
_idResCheckForFields
_idResCheckNonce
_idResCheckSignature
_idResGetNonceOpenID1
_makeKVPost
_negotiateAssociation
_processCheckAuthResponse
_requestAssociation
_verifyDiscoveryResults
_verifyDiscoveryResultsOpenID1
_verifyDiscoveryResultsOpenID2
_verifyDiscoveryServices
_verifyDiscoverySingle
_verifyReturnToArgs
begin
complete