[platal.git] / modules / openid.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/


/* Definitions for the OpenId Specification
 * http://openid.net/specs/openid-authentication-2_0.html
 * 
 * OP Endpoint URL:             https://www.polytechnique.org/openid
 * OP Identifier:               https://www.polytechnique.org/openid
 * User-Supplied Identifier:    https://www.polytechnique.org/openid/{$hruid}
 *    Identity selection is not supported by this implementation
 * OP-Local Identifier:         {$hruid}
 */

class OpenidModule extends PLModule
{
    function handlers()
    {
        return array(
            'openid'            => $this->make_hook('openid', AUTH_PUBLIC),
            'openid/trust'      => $this->make_hook('trust', AUTH_COOKIE),
            'openid/idp_xrds'   => $this->make_hook('idp_xrds', AUTH_PUBLIC),
            'openid/user_xrds'  => $this->make_hook('user_xrds', AUTH_PUBLIC),
        );
    }

    function handler_openid(&$page, $x = null)
    {
        $this->load('openid.inc.php');
        $user = get_user($x);

        // Display the discovery page
        if ($_SERVER['REQUEST_METHOD'] != 'POST' && !array_key_exists('openid_mode', $_GET)) {
            return $this->render_discovery_page($page, $user);
        }

        // Create a server and decode the request
        $server = init_openid_server();
        $request = $server->decodeRequest();

        if (in_array($request->mode,
                     array('checkid_immediate', 'checkid_setup'))) {

            // Each user has only one identity to choose from
            // So we can make automatically the identity selection
            if ($request->idSelect()) {
                $request->identity = get_user_openid_url($user);
            }

            // If we still don't have an identifier (used or desired), give up
            if (!$request->identity) {
                $this->render_no_identifier_page($page, $request);
                return;
            }

            // We always require confirmation before sending information
            // to third-party websites
            if ($request->immediate) {
                $response =& $request->answer(false, get_openid_url());
            } else {
                // Save request in session and jump to confirmation page
                S::set('request', serialize($request));
                pl_redirect('openid/trust');
                return;
            }

        } else { // Other $request->mode
            $response =& $server->handleRequest($request);
        }

        // Render response
        $webresponse =& $server->encodeResponse($response);
        $this->render_openid_response($webresponse, true);
    }

    function handler_trust(&$page, $x = null)
    {
        $this->load('openid.inc.php');

        // Recover request in session
        $request = S::v('request');
        if (is_null($request)) {
            // There is no authentication information, something went wrong
            pl_redirect('/');
            return;
        } else {
            // Unserialize the request
            require_once "Auth/OpenID/Server.php";
            $request = unserialize($request);
        }

        $server = init_openid_server();
        $user = S::user();

        // Check that the identity matches the user currently logged in
        if ($request->identity != get_user_openid_url($user)) {
            $response =& $request->answer(false);
            $webresponse =& $server->encodeResponse($response);
            $this->render_openid_response($webresponse);
            return;
        }

        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
            $page->changeTpl('openid/trust.tpl');
            $page->assign('relying_party', $request->trust_root);
            return;
        }

        if (isset($_POST['trust'])) { // $_SERVER['REQUEST_METHOD'] == 'POST'
            unset($_SESSION['request']);
            $response =& $request->answer(true, null, $request->identity);

            // Answer with some sample Simple Registration data.
            // TODO USE REAL USER DATA
            // $user = S::user();
            $sreg_data = array(
                               'fullname' => 'Example User',
                               'nickname' => 'example',
                               'dob' => '1970-01-01',
                               'email' => 'invalid@example.com',
                               'gender' => 'F',
                               'postcode' => '12345',
                               'country' => 'ES',
                               'language' => 'eu',
                               'timezone' => 'America/New_York');

            // Add the simple registration response values to the OpenID
            // response message.
            require_once 'Auth/OpenID/SReg.php';
            $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
            $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
            $sreg_response->toMessage($response->fields);

            // Generate a response to send to the user agent.
            $webresponse =& $server->encodeResponse($response);
            $this->render_openid_response($webresponse);
        } else {
            pl_redirect('');
            return;
        }
    }

    function handler_idp_xrds(&$page)
    {
        // Load constants
        $this->load('openid.inc.php');

        // Set XRDS content-type and template
        header('Content-type: application/xrds+xml');
        $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);

        // Set variables
        $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
        $page->assign('type', Auth_OpenID_TYPE_2_0_IDP);
        $page->assign('uri', get_openid_url());
    }

    function handler_user_xrds(&$page, $x = null)
    {
        // Load constants
        $this->load('openid.inc.php');

        // Set XRDS content-type and template
        header('Content-type: application/xrds+xml');
        $page->changeTpl('openid/user_xrds.tpl', NO_SKIN);

        // Set variables
        $page->assign('type1', Auth_OpenID_TYPE_2_0);
        $page->assign('type2', Auth_OpenID_TYPE_1_1);
        $page->assign('uri', get_openid_url());
    }

    //--------------------------------------------------------------------//

    function render_discovery_page(&$page, $user)
    {

        if (is_null($user)) {
            return PL_NOT_FOUND;
        }

        // Include X-XRDS-Location response-header for Yadis discovery
        header('X-XRDS-Location: ' . get_user_xrds_url($user));

        // Select template
        $page->changeTpl('openid/openid.tpl');

        // Sets the title of the html page.
        $page->setTitle($user->fullName());

        // Sets the <link> tags for HTML-Based Discovery
        $page->addLink('openid.server openid2.provider', get_openid_url());
        $page->addLink('openid.delegate openid2.local_id', $user->hruid);

        // Adds the global user property array to the display.
        $page->assign_by_ref('user', $user);

        return;
    }

    function render_no_identifier_page($page, $request)
    {
        $page->changeTpl('openid/no_identifier.tpl');
    }

    // TODO determine when to close the connection or not
    // TODO i don't why it was done that way in the example
    function render_openid_response($webresponse, $close = false)
    {
        if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
            header(sprintf("HTTP/1.1 %d ", $webresponse->code),
                   true, $webresponse->code);
        }

        foreach ($webresponse->headers as $k => $v) {
            header("$k: $v");
        }

        if ($close) {
            header('Connection: close');
        }
        print $webresponse->body;
        exit;
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
24cfa984 AA	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2008 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
a1af4a99 AA	22
	23	/* Definitions for the OpenId Specification
	24	* http://openid.net/specs/openid-authentication-2_0.html
	25	*
	26	* OP Endpoint URL: https://www.polytechnique.org/openid
	27	* OP Identifier: https://www.polytechnique.org/openid
	28	* User-Supplied Identifier: https://www.polytechnique.org/openid/{$hruid}
	29	* Identity selection is not supported by this implementation
	30	* OP-Local Identifier: {$hruid}
	31	*/
	32
24cfa984 AA	33	class OpenidModule extends PLModule
	34	{
	35	function handlers()
	36	{
	37	return array(
a1af4a99 AA	38	'openid' => $this->make_hook('openid', AUTH_PUBLIC),
a1af4a99 AA	39	'openid/trust' => $this->make_hook('trust', AUTH_COOKIE),
b69727b4 AA	40	'openid/idp_xrds' => $this->make_hook('idp_xrds', AUTH_PUBLIC),
b69727b4 AA	41	'openid/user_xrds' => $this->make_hook('user_xrds', AUTH_PUBLIC),
24cfa984 AA	42	);
	43	}
	44
	45	function handler_openid(&$page, $x = null)
	46	{
a1af4a99 AA	47	$this->load('openid.inc.php');
a1af4a99 AA	48	$user = get_user($x);
b69727b4	49
a1af4a99 AA	50	// Display the discovery page
	51	if ($_SERVER['REQUEST_METHOD'] != 'POST' && !array_key_exists('openid_mode', $_GET)) {
	52	return $this->render_discovery_page($page, $user);
24cfa984 AA	53	}
24cfa984 AA	54
a1af4a99 AA	55	// Create a server and decode the request
	56	$server = init_openid_server();
	57	$request = $server->decodeRequest();
	58
	59	if (in_array($request->mode,
	60	array('checkid_immediate', 'checkid_setup'))) {
	61
	62	// Each user has only one identity to choose from
	63	// So we can make automatically the identity selection
	64	if ($request->idSelect()) {
	65	$request->identity = get_user_openid_url($user);
	66	}
	67
	68	// If we still don't have an identifier (used or desired), give up
	69	if (!$request->identity) {
	70	$this->render_no_identifier_page($page, $request);
	71	return;
	72	}
	73
	74	// We always require confirmation before sending information
	75	// to third-party websites
	76	if ($request->immediate) {
	77	$response =& $request->answer(false, get_openid_url());
	78	} else {
	79	// Save request in session and jump to confirmation page
	80	S::set('request', serialize($request));
	81	pl_redirect('openid/trust');
	82	return;
	83	}
	84
	85	} else { // Other $request->mode
	86	$response =& $server->handleRequest($request);
24cfa984 AA	87	}
24cfa984 AA	88
a1af4a99 AA	89	// Render response
	90	$webresponse =& $server->encodeResponse($response);
	91	$this->render_openid_response($webresponse, true);
	92	}
b69727b4	93
a1af4a99 AA	94	function handler_trust(&$page, $x = null)
	95	{
	96	$this->load('openid.inc.php');
24cfa984	97
a1af4a99 AA	98	// Recover request in session
	99	$request = S::v('request');
	100	if (is_null($request)) {
	101	// There is no authentication information, something went wrong
	102	pl_redirect('/');
	103	return;
	104	} else {
	105	// Unserialize the request
	106	require_once "Auth/OpenID/Server.php";
	107	$request = unserialize($request);
	108	}
24cfa984	109
a1af4a99 AA	110	$server = init_openid_server();
a1af4a99 AA	111	$user = S::user();
24cfa984	112
a1af4a99 AA	113	// Check that the identity matches the user currently logged in
	114	if ($request->identity != get_user_openid_url($user)) {
	115	$response =& $request->answer(false);
	116	$webresponse =& $server->encodeResponse($response);
	117	$this->render_openid_response($webresponse);
	118	return;
	119	}
	120
	121	if ($_SERVER['REQUEST_METHOD'] != 'POST') {
	122	$page->changeTpl('openid/trust.tpl');
	123	$page->assign('relying_party', $request->trust_root);
	124	return;
	125	}
	126
	127	if (isset($_POST['trust'])) { // $_SERVER['REQUEST_METHOD'] == 'POST'
	128	unset($_SESSION['request']);
	129	$response =& $request->answer(true, null, $request->identity);
	130
	131	// Answer with some sample Simple Registration data.
	132	// TODO USE REAL USER DATA
	133	// $user = S::user();
	134	$sreg_data = array(
	135	'fullname' => 'Example User',
	136	'nickname' => 'example',
	137	'dob' => '1970-01-01',
	138	'email' => 'invalid@example.com',
	139	'gender' => 'F',
	140	'postcode' => '12345',
	141	'country' => 'ES',
	142	'language' => 'eu',
	143	'timezone' => 'America/New_York');
	144
	145	// Add the simple registration response values to the OpenID
	146	// response message.
	147	require_once 'Auth/OpenID/SReg.php';
	148	$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
	149	$sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
	150	$sreg_response->toMessage($response->fields);
	151
	152	// Generate a response to send to the user agent.
	153	$webresponse =& $server->encodeResponse($response);
	154	$this->render_openid_response($webresponse);
	155	} else {
	156	pl_redirect('');
	157	return;
	158	}
b69727b4 AA	159	}
	160
	161	function handler_idp_xrds(&$page)
	162	{
b69727b4	163	// Load constants
a1af4a99	164	$this->load('openid.inc.php');
b69727b4 AA	165
	166	// Set XRDS content-type and template
	167	header('Content-type: application/xrds+xml');
	168	$page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
	169
	170	// Set variables
	171	$page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
	172	$page->assign('type', Auth_OpenID_TYPE_2_0_IDP);
a1af4a99	173	$page->assign('uri', get_openid_url());
b69727b4 AA	174	}
	175
	176	function handler_user_xrds(&$page, $x = null)
	177	{
b69727b4	178	// Load constants
a1af4a99	179	$this->load('openid.inc.php');
24cfa984	180
b69727b4 AA	181	// Set XRDS content-type and template
	182	header('Content-type: application/xrds+xml');
	183	$page->changeTpl('openid/user_xrds.tpl', NO_SKIN);
24cfa984	184
b69727b4 AA	185	// Set variables
	186	$page->assign('type1', Auth_OpenID_TYPE_2_0);
	187	$page->assign('type2', Auth_OpenID_TYPE_1_1);
a1af4a99	188	$page->assign('uri', get_openid_url());
24cfa984 AA	189	}
24cfa984 AA	190
a1af4a99 AA	191	//--------------------------------------------------------------------//
	192
	193	function render_discovery_page(&$page, $user)
	194	{
	195
	196	if (is_null($user)) {
	197	return PL_NOT_FOUND;
	198	}
	199
	200	// Include X-XRDS-Location response-header for Yadis discovery
	201	header('X-XRDS-Location: ' . get_user_xrds_url($user));
	202
	203	// Select template
	204	$page->changeTpl('openid/openid.tpl');
	205
	206	// Sets the title of the html page.
	207	$page->setTitle($user->fullName());
	208
	209	// Sets the <link> tags for HTML-Based Discovery
	210	$page->addLink('openid.server openid2.provider', get_openid_url());
	211	$page->addLink('openid.delegate openid2.local_id', $user->hruid);
	212
	213	// Adds the global user property array to the display.
	214	$page->assign_by_ref('user', $user);
	215
	216	return;
	217	}
	218
	219	function render_no_identifier_page($page, $request)
	220	{
	221	$page->changeTpl('openid/no_identifier.tpl');
	222	}
	223
	224	// TODO determine when to close the connection or not
	225	// TODO i don't why it was done that way in the example
	226	function render_openid_response($webresponse, $close = false)
	227	{
	228	if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
	229	header(sprintf("HTTP/1.1 %d ", $webresponse->code),
	230	true, $webresponse->code);
	231	}
	232
	233	foreach ($webresponse->headers as $k => $v) {
	234	header("$k: $v");
	235	}
	236
	237	if ($close) {
	238	header('Connection: close');
	239	}
	240	print $webresponse->body;
	241	exit;
	242	}
24cfa984 AA	243	}
	244
	245	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
	246	?>