Fix: diffrent request resposne from diffrent hosts (#1311)

* Better error throwing for invalid request * Normalize requests to . instead of _ and added missing consts * Corrected const prefix * Normalize with collection and mapWithKeys
SocialiteProviders · Jan 3, 2025 · 6395d69 · 6395d69
1 parent 860cc08
commit 6395d69
Showing 1 changed file with 34 additions and 8 deletions.
diff --git a/Provider.php b/Provider.php
@@ -40,17 +40,17 @@ class Provider extends AbstractProvider
     /**
      * @var string
      */
-    public const OPENID_SIG = 'openid_sig';
+    public const OPENID_SIG = 'openid.sig';
 
     /**
      * @var string
      */
-    public const OPENID_SIGNED = 'openid_signed';
+    public const OPENID_SIGNED = 'openid.signed';
 
     /**
      * @var string
      */
-    public const OPENID_ASSOC_HANDLE = 'openid_assoc_handle';
+    public const OPENID_ASSOC_HANDLE = 'openid.assoc_handle';
 
     /**
      * @var string
@@ -60,7 +60,17 @@ class Provider extends AbstractProvider
     /**
      * @var string
      */
-    public const OPENID_ERROR = 'openid_error';
+    public const OPENID_ERROR = 'openid.error';
+
+    /**
+     * @var string
+     */
+    public const OPENID_RETURN_TO = 'openid.return_to';
+
+    /**
+     * @var string
+     */
+    public const OPENID_CLAIMED_ID = 'openid.claimed_id';
 
     /**
      * {@inheritdoc}
@@ -160,11 +170,13 @@ private function buildUrl()
      */
     public function validate()
     {
+        $this->normalizeOpenidKeys();
+
         if (! $this->requestIsValid()) {
-            return false;
+            throw new OpenIDValidationException('A critical openid parameter is missing from the request');
         }
 
-        if (! $this->validateHost($this->request->get('openid_return_to'))) {
+        if (! $this->validateHost($this->request->get(self::OPENID_RETURN_TO))) {
             throw new OpenIDValidationException('Invalid return_to host');
         }
 
@@ -200,6 +212,20 @@ private function requestIsValid()
             && $this->request->has(self::OPENID_SIG);
     }
 
+    /**
+     * Normlize openid keys from diffrent requests
+     *
+     * @return void
+     */
+    private function normalizeOpenidKeys()
+    {
+        $normalized = $this->request->collect()->mapWithKeys(function ($value, $key) {
+            return [preg_replace('/^openid_/', 'openid.', $key) => $value];
+        })->all();
+
+        $this->request->replace($normalized);
+    }
+
     /**
      * @return array
      */
@@ -238,7 +264,7 @@ public function getParams()
         $signedParams = explode(',', $this->request->get(self::OPENID_SIGNED));
 
         foreach ($signedParams as $item) {
-            $value = $this->request->get('openid_'.str_replace('.', '_', $item));
+            $value = $this->request->get('openid.'.str_replace('.', '_', $item));
             $params['openid.'.$item] = $value;
         }
 
@@ -277,7 +303,7 @@ public function parseSteamID()
     {
         preg_match(
             '#^https?://steamcommunity.com/openid/id/([0-9]{17,25})#',
-            $this->request->get('openid_claimed_id'),
+            $this->request->get(self::OPENID_CLAIMED_ID),
             $matches
         );