Changeset 692
- Timestamp:
- 2008-07-24 08:56:26 (3 months ago)
- Files:
-
- 1 modified
-
plugins/openid/trunk/openid.plugin.php (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
plugins/openid/trunk/openid.plugin.php
r61 r692 2 2 class OpenID extends Plugin 3 3 { 4 public function info() { 4 public function info() 5 { 5 6 return array( 6 7 'name' => 'OpenID', … … 14 15 ); 15 16 } 16 17 public function filter_rewrite_rules( $db_rules ) { 18 $db_rules[]= new RewriteRule( array( 17 18 public function filter_rewrite_rules( $db_rules ) 19 { 20 $db_rules[] = new RewriteRule( array( 19 21 'name' => 'openid', 20 22 'parse_regex' => '%^openid/?(?P<user>[^/]*)/?$%i', // For Server, if previous matched, don't look. … … 27 29 'description' => 'OpenID Authentification' 28 30 ) ); 29 31 30 32 return $db_rules; 31 33 } 32 34 33 public function act( $action ) { 35 public function act( $action ) 36 { 34 37 if ( isset( $_GET['openid_mode'] ) ) { 35 38 switch ( $_GET['openid_mode'] ) { … … 38 41 break; 39 42 case 'cancel': 40 throw new Exception( 'Authorization failed: user cancelled the authorization.' ); 43 EventLog::log( 'Authorization failed: User cancelled authorization.', 'info', 'authentication', 'OpenID' ); 44 throw new Exception( 'Authorization failed: User cancelled authorization.' ); 41 45 break; 42 46 } … … 46 50 } 47 51 else { 52 EventLog::log( 'Authorization failed: unknown error.', 'err', 'authentication', 'OpenID' ); 48 53 throw new Exception( 'Authorization failed: unknown error.' ); 49 54 } 50 55 } 51 56 52 public function action_plugin_activation( $file ) { 57 public function action_plugin_activation( $file ) 58 { 53 59 if ( realpath( $file ) == __FILE__ ) { 54 60 if ( !extension_loaded('curl') && !@dl('curl') ) { 55 throw new Exception( 'Could not load CURL, you need CURL for OpenID to work.' ); 61 EventLog::log( 'Could not load CURL, which is needed for OpenID to work.', 'err', 'authentication', 'OpenID' ); 62 throw new Exception( 'Could not load CURL, which is needed for OpenID to work.' ); 56 63 } 57 64 EventLog::register_type( 'authentification', 'OpenID' ); … … 59 66 } 60 67 61 public function action_plugin_deactivation( $file ) { 68 public function action_plugin_deactivation( $file ) 69 { 62 70 if ( realpath( $file ) == __FILE__ ) { 63 71 EventLog::unregister_type( 'OpenID' ); … … 65 73 } 66 74 67 public function action_init() { 75 public function action_init() 76 { 68 77 if ( session_id() == '' ) { 69 78 session_start(); … … 73 82 } 74 83 75 public function action_theme_loginform_before() { 84 public function action_theme_loginform_before() 85 { 76 86 if ( isset( $_GET['openid_url'] ) ) { 77 87 echo '<hr><div class="alert"><strong>If you have an existing account</strong>, sign in so we can assign your OpenID identifer to it.</div>'; 78 88 } 79 89 } 80 81 public function action_theme_loginform_after() { 90 91 public function action_theme_loginform_after() 92 { 82 93 // @todo Remove the !isset( $_GET['openid_url'] ) once registration works in Habari. 83 94 if ( ( Controller::get_action() != 'register' ) && !isset( $_GET['openid_url'] ) ) { … … 96 107 } 97 108 98 public function action_theme_loginform_controls() { 109 public function action_theme_loginform_controls() 110 { 99 111 if ( isset( $_GET['openid_url'] ) ) { 100 112 echo '<input type="hidden" value="'.$_GET['openid_url'].'" name="habari_openid_url">'; 101 113 } 102 114 } 103 115 104 116 /* Uncomment once registration is supported by Habari. 105 public function action_theme_registerform_controls() { 117 public function action_theme_registerform_controls() 118 { 106 119 if ( isset( $_GET['openid_url'] ) ) { 107 120 echo '<input type="hidden" value="'.$_GET['openid_url'].'" name="habari_openid_url">'; … … 109 122 } */ 110 123 111 public function action_theme_admin_user( $user ) { 112 $openid_url= isset( $user->info->openid_url ) ? $user->info->openid_url : ''; 124 public function action_theme_admin_user( $user ) 125 { 126 $openid_url = isset( $user->info->openid_url ) ? $user->info->openid_url : ''; 113 127 echo '<p><label for="openid_url">OpenID Identifier:</label></p>'; 114 128 echo '<p><input type="text" value="'.$openid_url.'" name="habari_openid_url" disabled></p>'; 115 129 } 116 117 public function action_user_identify() { 130 131 public function action_user_identify() 132 { 118 133 if ( ( Controller::get_action() == 'login' ) && !empty( $_POST['openid_url'] ) ) { 119 134 self::openid_start(); … … 122 137 123 138 // TODO: Add more security against form hijacking (for instance, check against server sent data) 124 public function action_user_authenticate_successful( $user ) { 139 public function action_user_authenticate_successful( $user ) 140 { 125 141 if ( !empty( $_POST['habari_openid_url'] ) ) { 126 $user->info->openid_url= $_POST['habari_openid_url']; 127 } 128 } 129 130 function getOpenIDURL() { 142 $user->info->openid_url = $_POST['habari_openid_url']; 143 } 144 } 145 146 function getOpenIDURL() 147 { 131 148 if ( empty( $_POST['openid_url'] ) ) { 149 EventLog::log( 'Expected an OpenID URL.', 'err', 'authentication', 'OpenID' ); 132 150 throw new Exception( 'Expected an OpenID URL.' ); 133 151 } 134 152 135 153 return $_POST['openid_url']; 136 154 } 137 138 function getReturnTo() { 155 156 function getReturnTo() 157 { 139 158 return URL::get('openid'); 140 159 } 141 142 function getTrustRoot() { 160 161 function getTrustRoot() 162 { 143 163 return Site::get_url('habari'); 144 164 } 145 146 function getStore() { 147 $store_path= "/tmp/_php_consumer_test"; 148 165 166 function getStore() 167 { 168 $store_path = "/tmp/_php_consumer_test"; 169 149 170 if ( !file_exists( $store_path ) && !mkdir( $store_path ) ) { 171 EventLog::log( 'Could not create the FileStore directory: ' . $store_path, 'err', 'authentication', 'OpenID' ); 150 172 throw new Exception( 'Could not create the FileStore directory: ' . $store_path . '. Please check the effective permissions.' ); 151 173 } 152 174 153 175 return new Auth_OpenID_FileStore( $store_path ); 154 176 } 155 156 function getConsumer() { 177 178 function getConsumer() 179 { 157 180 require_once "Auth/OpenID/Consumer.php"; 158 181 require_once "Auth/OpenID/FileStore.php"; 159 182 require_once "Auth/OpenID/SReg.php"; 160 $store = self::getStore();183 $store = self::getStore(); 161 184 return new Auth_OpenID_Consumer( $store ); 162 185 } 163 164 function openid_start() { 165 $openid= self::getOpenIDURL(); 166 $consumer= self::getConsumer(); 167 168 $auth_request= $consumer->begin( $openid ); 169 186 187 function openid_start() 188 { 189 $openid = self::getOpenIDURL(); 190 $consumer = self::getConsumer(); 191 192 $auth_request = $consumer->begin( $openid ); 193 170 194 if ( !$auth_request ) { 171 throw new Exception( 'Authentication error; not a valid OpenID.' ); 172 } 173 174 $sreg_request= Auth_OpenID_SRegRequest::build( array( 'nickname' ), array( 'fullname', 'email' ) ); 175 195 EventLog::log( 'Authentication error: Not a valid OpenID.', 'err', 'authentication', 'OpenID' ); 196 throw new Exception( 'Authentication error: Not a valid OpenID.' ); 197 } 198 199 $sreg_request = Auth_OpenID_SRegRequest::build( array( 'nickname' ), array( 'fullname', 'email' ) ); 200 176 201 if ( $sreg_request ) { 177 202 $auth_request->addExtension( $sreg_request ); 178 203 } 179 204 180 205 if ( $auth_request->shouldSendRedirect() ) { 181 $redirect_url = $auth_request->redirectURL( self::getTrustRoot(), self::getReturnTo() );182 206 $redirect_url = $auth_request->redirectURL( self::getTrustRoot(), self::getReturnTo() ); 207 183 208 if ( Auth_OpenID::isFailure( $redirect_url ) ) { 209 EventLog::log( 'Could not redirect to server: ' . $redirect_url->message, 'err', 'authentication', 'OpenID' ); 184 210 throw new Exception( 'Could not redirect to server: ' . $redirect_url->message ); 185 211 } … … 189 215 } 190 216 else { 191 $form_id = 'openid_message';192 $form_html = $auth_request->formMarkup( self::getTrustRoot(), self::getReturnTo(), false, array( 'id' => $form_id ) );193 217 $form_id = 'openid_message'; 218 $form_html = $auth_request->formMarkup( self::getTrustRoot(), self::getReturnTo(), false, array( 'id' => $form_id ) ); 219 194 220 if ( Auth_OpenID::isFailure( $form_html ) ) { 221 EventLog::log( 'Could not prepare redirection form: ' . $form_html->message, 'err', 'authentication', 'OpenID' ); 195 222 throw new Exception( 'Could not prepare redirection form: ' . $form_html->message ); 196 223 } … … 209 236 } 210 237 } 211 212 function openid_end() { 213 $consumer= self::getConsumer(); 214 $return_to= self::getReturnTo(); 215 $response= $consumer->complete( $return_to ); 216 238 239 function openid_end() 240 { 241 $consumer = self::getConsumer(); 242 $return_to = self::getReturnTo(); 243 $response = $consumer->complete( $return_to ); 244 217 245 switch( $response->status ) { 218 246 case Auth_OpenID_CANCEL: 247 EventLog::log( 'Verification cancelled.', 'err', 'authentication', 'OpenID' ); 219 248 throw new Exception( 'Verification cancelled.' ); 220 249 break; 221 250 case Auth_OpenID_FAILURE: 251 EventLog::log( 'OpenID authentication failed: ' . $response->message, 'err', 'authentication', 'OpenID' ); 222 252 throw new Exception( 'OpenID authentication failed: ' . $response->message ); 223 253 break; 224 254 case Auth_OpenID_SUCCESS: 225 $openid = $response->getDisplayIdentifier();226 $esc_identity = htmlspecialchars( $openid, ENT_QUOTES );227 228 $user = Users::get_by_info( 'openid_url', $openid );255 $openid = $response->getDisplayIdentifier(); 256 $esc_identity = htmlspecialchars( $openid, ENT_QUOTES ); 257 258 $user = Users::get_by_info( 'openid_url', $openid ); 229 259 if ( count( $user ) != 0 ) { 230 260 if ( count( $user ) > 1 ) { 231 throw new Exception( 'Authentication error: more than one user have this OpenID.' ); 261 EventLog::log( 'Authentication error: More than one user has this OpenID.', 'err', 'authentication', 'OpenID' ); 262 throw new Exception( 'Authentication error: More than one user has this OpenID.' ); 232 263 } 233 264 $user[0]->remember(); 234 265 EventLog::log( 'Successful login for ' . $user[0]->username, 'info', 'authentication', 'OpenID' ); 235 266 236 267 header( "HTTP/1.1 100 Continue" ); 237 268 header( "Location: " . Site::get_url( 'admin' ) );
