17515512: JanRain php-openid library included, normalization fix

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@5137 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-01-30 16:49:58 +09:00 · 2008-12-19 11:00:19 +00:00 · 2008-12-19 11:00:19 +00:00 · 658c0e6dbc
commit 658c0e6dbc
parent f541dd59b9
219 changed files with 41415 additions and 10 deletions
--- a/modules/member/php-openid-1.2.3/Auth/OpenID/DumbStore.php
+++ b/modules/member/php-openid-1.2.3/Auth/OpenID/DumbStore.php
@ -0,0 +1,116 @@
+<?php
+
+/**
+ * This file supplies a dumb store backend for OpenID servers and
+ * consumers.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005 Janrain, Inc.
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL
+ */
+
+/**
+ * Import the interface for creating a new store class.
+ */
+require_once 'Auth/OpenID/Interface.php';
+require_once 'Auth/OpenID/HMACSHA1.php';
+
+/**
+ * This is a store for use in the worst case, when you have no way of
+ * saving state on the consumer site. Using this store makes the
+ * consumer vulnerable to replay attacks, as it's unable to use
+ * nonces. Avoid using this store if it is at all possible.
+ *
+ * Most of the methods of this class are implementation details.
+ * Users of this class need to worry only about the constructor.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
+
+    /**
+     * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
+     * of the tokens generated by the library, this class attempts to
+     * at least have a secure implementation of getAuthKey.
+     *
+     * When you create an instance of this class, pass in a secret
+     * phrase. The phrase is hashed with sha1 to make it the correct
+     * length and form for an auth key. That allows you to use a long
+     * string as the secret phrase, which means you can make it very
+     * difficult to guess.
+     *
+     * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
+     * your consumer site needs to use the same $secret_phrase.
+     *
+     * @param string secret_phrase The phrase used to create the auth
+     * key returned by getAuthKey
+     */
+    function Auth_OpenID_DumbStore($secret_phrase)
+    {
+        $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
+    }
+
+    /**
+     * This implementation does nothing.
+     */
+    function storeAssociation($server_url, $association)
+    {
+    }
+
+    /**
+     * This implementation always returns null.
+     */
+    function getAssociation($server_url, $handle = null)
+    {
+        return null;
+    }
+
+    /**
+     * This implementation always returns false.
+     */
+    function removeAssociation($server_url, $handle)
+    {
+        return false;
+    }
+
+    /**
+     * This implementation does nothing.
+     */
+    function storeNonce($nonce)
+    {
+    }
+
+    /**
+     * In a system truly limited to dumb mode, nonces must all be
+     * accepted. This therefore always returns true, which makes
+     * replay attacks feasible.
+     */
+    function useNonce($nonce)
+    {
+        return true;
+    }
+
+    /**
+     * This method returns the auth key generated by the constructor.
+     */
+    function getAuthKey()
+    {
+        return $this->auth_key;
+    }
+
+    /**
+     * This store is a dumb mode store, so this method is overridden
+     * to return true.
+     */
+    function isDumb()
+    {
+        return true;
+    }
+}
+
+?>