Commit ac8c96f4 authored by Dries's avatar Dries

- Patch #727650 by Damien Tournoud, c960657: rolled back support for...

- Patch #727650 by Damien Tournoud, c960657: rolled back support for Google-specific OpenID discovery protocol.
parent 77086063
......@@ -71,8 +71,8 @@ function hook_openid_discovery_method_info() {
* Allow modules to alter discovery methods.
*/
function hook_openid_discovery_method_info_alter(&$methods) {
// Remove Google discovery scheme.
unset($methods['google']);
// Remove XRI discovery scheme.
unset($methods['xri']);
}
/**
......
......@@ -65,11 +65,6 @@
*/
define('OPENID_NS_XRD', 'xri://$xrd*($v*2.0)');
/**
* OpenID IDP for Google hosted domains.
*/
define('OPENID_NS_GOOGLE', 'http://namespace.google.com/openid/xmlns');
/**
* Performs an HTTP 302 redirect (for the 1.x protocol).
*/
......@@ -300,34 +295,6 @@ function _openid_url_normalize($url) {
return $normalized_url;
}
/**
* OpenID normalization method: Normalize Google identifiers.
*
* This transforms a Google identifier (user@domain) into an XRDS URL.
*
* @see http://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery#TOC-IdP-Discovery
*/
function _openid_google_idp_normalize($identifier) {
if (!valid_email_address($identifier)) {
return;
}
// If the identifier is a valid email address, try to discover the domain
// with Google Federated Login. We only use the generic URL, because the
// domain-specific URL (http://example.com/.well-known/host-meta) cannot
// be trusted.
list($name, $domain) = explode('@', $identifier, 2);
$response = drupal_http_request('https://www.google.com/accounts/o8/.well-known/host-meta?hd=' . rawurlencode($domain));
if (isset($response->error) || $response->code != 200) {
return;
}
if (preg_match('/Link: <(.*)>/', $response->data, $matches)) {
$xrds_url = $matches[1];
return $xrds_url;
}
}
/**
* Create a serialized message packet as per spec: $key:$value\n .
*/
......
......@@ -387,12 +387,10 @@ function openid_openid_discovery_method_info() {
// The discovery process will stop as soon as one discovery method succeed.
// We first attempt to discover XRI-based identifiers, then standard XRDS
// identifiers via Yadis and HTML-based discovery, conforming to the OpenID 2.0
// specification. If those fail, we attempt to discover services based on
// the Google user discovery scheme.
// specification.
return array(
'xri' => '_openid_xri_discovery',
'xrds' => '_openid_xrds_discovery',
'google' => '_openid_google_user_discovery',
);
}
......@@ -487,52 +485,16 @@ function _openid_xrds_discovery($claimed_id) {
return $services;
}
/**
* OpenID discovery method: Perform an user discovery using Google Discovery protocol.
*
* This transforms a OpenID identifier into an OpenID endpoint.
*
* @see http://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery#TOC-User-Discovery
* @see hook_openid_discovery_method_info()
*/
function _openid_google_user_discovery($claimed_id) {
$xrds_url = $claimed_id;
$url = @parse_url($xrds_url);
if (empty($url['scheme']) || ($url['scheme'] != 'http' && $scheme['scheme'] != 'https') || empty($url['host'])) {
return;
}
$response = drupal_http_request('https://www.google.com/accounts/o8/.well-known/host-meta?hd=' . rawurlencode($url['host']));
if (isset($response->error) || $response->code != 200) {
return;
}
if (preg_match('/Link: <(.*)>/', $response->data, $matches)) {
$xrds_url = $matches[1];
$services = _openid_xrds_discovery($xrds_url);
foreach ($services as $i => $service) {
if (in_array('http://www.iana.org/assignments/relation/describedby', $service['types']) && $service['service']->children(OPENID_NS_GOOGLE)->URITemplate) {
$template = (string)$service['service']->children(OPENID_NS_GOOGLE)->URITemplate;
$xrds_url = str_replace('{%uri}', rawurlencode($claimed_id), $template);
return _openid_xrds_discovery($xrds_url);
}
}
}
}
/**
* Implementation of hook_openid_normalization_method_info().
*
* Define standard normalization methods.
*/
function openid_openid_normalization_method_info() {
// We first try to normalize Google Identifiers (user@domain) into their
// corresponding XRDS URL. If this fail, we proceed with standard OpenID
// normalization by normalizing XRI idenfiers. Finally, normalize the identifier
// into a canonical URL.
// OpenID Authentication 2.0, section 7.2:
// If the User-supplied Identifier looks like an XRI, treat it as such;
// otherwise treat it as an HTTP URL.
return array(
'google_idp' => '_openid_google_idp_normalize',
'xri' => '_openid_xri_normalize',
'url' => '_openid_url_normalize',
);
......
......@@ -509,16 +509,4 @@ class OpenIDUnitTest extends DrupalWebTestCase {
$this->assertEqual(openid_normalize('http://example.com/path#fragment'), 'http://example.com/path', t('openid_normalize() correctly normalized a URL with a fragment.'));
}
/**
* Test _openid_google_idp_normalize().
*/
function testGoogleIdpNormalize() {
// We consider that Gmail will always be Gmail.
$this->assertTrue(valid_url(_openid_google_idp_normalize('testuser@gmail.com'), TRUE), t('_openid_google_idp_normalize() correctly normalized a Google Gmail identifier.'));
// This is a test domain documented on http://sites.google.com/site/oauthgoog/fedlogininterp/saml-idp.
$this->assertTrue(valid_url(_openid_google_idp_normalize('test@lso-test-domain.com'), TRUE), t('_openid_google_idp_normalize() correctly normalized a Google Apps for Domain identifier.'));
// We consider that microsoft.com will never be hosted by Google.
$this->assertFalse(valid_url(_openid_google_idp_normalize('test@microsoft.com'), TRUE), t("_openid_google_idp_normalize() didn't normalized an identifier for a domain that is not Google-enabled."));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment