diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-05-13 17:37:24 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-05-13 17:37:24 +0000 |
| commit | ac8c96f42faf92522a842962679ecf3019d4eec8 (patch) | |
| tree | f092c053df452fe7c0006ced620ed6fa67132657 | |
| parent | 7708606321359ef97c864fd54e5c6ed5c45c1c3e (diff) | |
| download | brdo-ac8c96f42faf92522a842962679ecf3019d4eec8.tar.gz brdo-ac8c96f42faf92522a842962679ecf3019d4eec8.tar.bz2 | |
- Patch #727650 by Damien Tournoud, c960657: rolled back support for Google-specific OpenID discovery protocol.
| -rw-r--r-- | modules/openid/openid.api.php | 4 | ||||
| -rw-r--r-- | modules/openid/openid.inc | 33 | ||||
| -rw-r--r-- | modules/openid/openid.module | 46 | ||||
| -rw-r--r-- | modules/openid/openid.test | 12 |
4 files changed, 6 insertions, 89 deletions
diff --git a/modules/openid/openid.api.php b/modules/openid/openid.api.php index d71638b45..fdb8497b5 100644 --- a/modules/openid/openid.api.php +++ b/modules/openid/openid.api.php @@ -71,8 +71,8 @@ function hook_openid_discovery_method_info() { * Allow modules to alter discovery methods. */ function hook_openid_discovery_method_info_alter(&$methods) { - // Remove Google discovery scheme. - unset($methods['google']); + // Remove XRI discovery scheme. + unset($methods['xri']); } /** diff --git a/modules/openid/openid.inc b/modules/openid/openid.inc index 96c80269d..40ccaa3f9 100644 --- a/modules/openid/openid.inc +++ b/modules/openid/openid.inc @@ -66,11 +66,6 @@ define('OPENID_NS_AX', 'http://openid.net/srv/ax/1.0'); define('OPENID_NS_XRD', 'xri://$xrd*($v*2.0)'); /** - * OpenID IDP for Google hosted domains. - */ -define('OPENID_NS_GOOGLE', 'http://namespace.google.com/openid/xmlns'); - -/** * Performs an HTTP 302 redirect (for the 1.x protocol). */ function openid_redirect_http($url, $message) { @@ -301,34 +296,6 @@ function _openid_url_normalize($url) { } /** - * OpenID normalization method: Normalize Google identifiers. - * - * This transforms a Google identifier (user@domain) into an XRDS URL. - * - * @see http://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery#TOC-IdP-Discovery - */ -function _openid_google_idp_normalize($identifier) { - if (!valid_email_address($identifier)) { - return; - } - - // If the identifier is a valid email address, try to discover the domain - // with Google Federated Login. We only use the generic URL, because the - // domain-specific URL (http://example.com/.well-known/host-meta) cannot - // be trusted. - list($name, $domain) = explode('@', $identifier, 2); - $response = drupal_http_request('https://www.google.com/accounts/o8/.well-known/host-meta?hd=' . rawurlencode($domain)); - if (isset($response->error) || $response->code != 200) { - return; - } - - if (preg_match('/Link: <(.*)>/', $response->data, $matches)) { - $xrds_url = $matches[1]; - return $xrds_url; - } -} - -/** * Create a serialized message packet as per spec: $key:$value\n . */ function _openid_create_message($data) { diff --git a/modules/openid/openid.module b/modules/openid/openid.module index 45b6714b2..ff4cd719c 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -387,12 +387,10 @@ function openid_openid_discovery_method_info() { // The discovery process will stop as soon as one discovery method succeed. // We first attempt to discover XRI-based identifiers, then standard XRDS // identifiers via Yadis and HTML-based discovery, conforming to the OpenID 2.0 - // specification. If those fail, we attempt to discover services based on - // the Google user discovery scheme. + // specification. return array( 'xri' => '_openid_xri_discovery', 'xrds' => '_openid_xrds_discovery', - 'google' => '_openid_google_user_discovery', ); } @@ -488,51 +486,15 @@ function _openid_xrds_discovery($claimed_id) { } /** - * OpenID discovery method: Perform an user discovery using Google Discovery protocol. - * - * This transforms a OpenID identifier into an OpenID endpoint. - * - * @see http://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery#TOC-User-Discovery - * @see hook_openid_discovery_method_info() - */ -function _openid_google_user_discovery($claimed_id) { - $xrds_url = $claimed_id; - $url = @parse_url($xrds_url); - if (empty($url['scheme']) || ($url['scheme'] != 'http' && $scheme['scheme'] != 'https') || empty($url['host'])) { - return; - } - - $response = drupal_http_request('https://www.google.com/accounts/o8/.well-known/host-meta?hd=' . rawurlencode($url['host'])); - if (isset($response->error) || $response->code != 200) { - return; - } - - if (preg_match('/Link: <(.*)>/', $response->data, $matches)) { - $xrds_url = $matches[1]; - $services = _openid_xrds_discovery($xrds_url); - - foreach ($services as $i => $service) { - if (in_array('http://www.iana.org/assignments/relation/describedby', $service['types']) && $service['service']->children(OPENID_NS_GOOGLE)->URITemplate) { - $template = (string)$service['service']->children(OPENID_NS_GOOGLE)->URITemplate; - $xrds_url = str_replace('{%uri}', rawurlencode($claimed_id), $template); - return _openid_xrds_discovery($xrds_url); - } - } - } -} - -/** * Implementation of hook_openid_normalization_method_info(). * * Define standard normalization methods. */ function openid_openid_normalization_method_info() { - // We first try to normalize Google Identifiers (user@domain) into their - // corresponding XRDS URL. If this fail, we proceed with standard OpenID - // normalization by normalizing XRI idenfiers. Finally, normalize the identifier - // into a canonical URL. + // OpenID Authentication 2.0, section 7.2: + // If the User-supplied Identifier looks like an XRI, treat it as such; + // otherwise treat it as an HTTP URL. return array( - 'google_idp' => '_openid_google_idp_normalize', 'xri' => '_openid_xri_normalize', 'url' => '_openid_url_normalize', ); diff --git a/modules/openid/openid.test b/modules/openid/openid.test index f507fcdae..e0670710a 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -509,16 +509,4 @@ class OpenIDUnitTest extends DrupalWebTestCase { $this->assertEqual(openid_normalize('http://example.com/path#fragment'), 'http://example.com/path', t('openid_normalize() correctly normalized a URL with a fragment.')); } - - /** - * Test _openid_google_idp_normalize(). - */ - function testGoogleIdpNormalize() { - // We consider that Gmail will always be Gmail. - $this->assertTrue(valid_url(_openid_google_idp_normalize('testuser@gmail.com'), TRUE), t('_openid_google_idp_normalize() correctly normalized a Google Gmail identifier.')); - // This is a test domain documented on http://sites.google.com/site/oauthgoog/fedlogininterp/saml-idp. - $this->assertTrue(valid_url(_openid_google_idp_normalize('test@lso-test-domain.com'), TRUE), t('_openid_google_idp_normalize() correctly normalized a Google Apps for Domain identifier.')); - // We consider that microsoft.com will never be hosted by Google. - $this->assertFalse(valid_url(_openid_google_idp_normalize('test@microsoft.com'), TRUE), t("_openid_google_idp_normalize() didn't normalized an identifier for a domain that is not Google-enabled.")); - } } |