Commit | Line | Data |
---|---|---|
24cfa984 AA |
1 | <?php |
2 | /*************************************************************************** | |
3 | * Copyright (C) 2003-2008 Polytechnique.org * | |
4 | * http://opensource.polytechnique.org/ * | |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
a1af4a99 AA |
22 | |
23 | /* Definitions for the OpenId Specification | |
24 | * http://openid.net/specs/openid-authentication-2_0.html | |
25 | * | |
26 | * OP Endpoint URL: https://www.polytechnique.org/openid | |
27 | * OP Identifier: https://www.polytechnique.org/openid | |
28 | * User-Supplied Identifier: https://www.polytechnique.org/openid/{$hruid} | |
29 | * Identity selection is not supported by this implementation | |
30 | * OP-Local Identifier: {$hruid} | |
31 | */ | |
32 | ||
24cfa984 AA |
33 | class OpenidModule extends PLModule |
34 | { | |
35 | function handlers() | |
36 | { | |
37 | return array( | |
a1af4a99 AA |
38 | 'openid' => $this->make_hook('openid', AUTH_PUBLIC), |
39 | 'openid/trust' => $this->make_hook('trust', AUTH_COOKIE), | |
b69727b4 AA |
40 | 'openid/idp_xrds' => $this->make_hook('idp_xrds', AUTH_PUBLIC), |
41 | 'openid/user_xrds' => $this->make_hook('user_xrds', AUTH_PUBLIC), | |
24cfa984 AA |
42 | ); |
43 | } | |
44 | ||
45 | function handler_openid(&$page, $x = null) | |
46 | { | |
a1af4a99 AA |
47 | $this->load('openid.inc.php'); |
48 | $user = get_user($x); | |
b69727b4 | 49 | |
a1af4a99 AA |
50 | // Display the discovery page |
51 | if ($_SERVER['REQUEST_METHOD'] != 'POST' && !array_key_exists('openid_mode', $_GET)) { | |
52 | return $this->render_discovery_page($page, $user); | |
24cfa984 AA |
53 | } |
54 | ||
a1af4a99 AA |
55 | // Create a server and decode the request |
56 | $server = init_openid_server(); | |
57 | $request = $server->decodeRequest(); | |
58 | ||
59 | if (in_array($request->mode, | |
60 | array('checkid_immediate', 'checkid_setup'))) { | |
61 | ||
62 | // Each user has only one identity to choose from | |
63 | // So we can make automatically the identity selection | |
64 | if ($request->idSelect()) { | |
65 | $request->identity = get_user_openid_url($user); | |
66 | } | |
67 | ||
68 | // If we still don't have an identifier (used or desired), give up | |
69 | if (!$request->identity) { | |
70 | $this->render_no_identifier_page($page, $request); | |
71 | return; | |
72 | } | |
73 | ||
74 | // We always require confirmation before sending information | |
75 | // to third-party websites | |
76 | if ($request->immediate) { | |
77 | $response =& $request->answer(false, get_openid_url()); | |
78 | } else { | |
79 | // Save request in session and jump to confirmation page | |
80 | S::set('request', serialize($request)); | |
81 | pl_redirect('openid/trust'); | |
82 | return; | |
83 | } | |
84 | ||
85 | } else { // Other $request->mode | |
86 | $response =& $server->handleRequest($request); | |
24cfa984 AA |
87 | } |
88 | ||
a1af4a99 AA |
89 | // Render response |
90 | $webresponse =& $server->encodeResponse($response); | |
91 | $this->render_openid_response($webresponse, true); | |
92 | } | |
b69727b4 | 93 | |
a1af4a99 AA |
94 | function handler_trust(&$page, $x = null) |
95 | { | |
96 | $this->load('openid.inc.php'); | |
24cfa984 | 97 | |
a1af4a99 AA |
98 | // Recover request in session |
99 | $request = S::v('request'); | |
100 | if (is_null($request)) { | |
101 | // There is no authentication information, something went wrong | |
102 | pl_redirect('/'); | |
103 | return; | |
104 | } else { | |
105 | // Unserialize the request | |
106 | require_once "Auth/OpenID/Server.php"; | |
107 | $request = unserialize($request); | |
108 | } | |
24cfa984 | 109 | |
a1af4a99 AA |
110 | $server = init_openid_server(); |
111 | $user = S::user(); | |
24cfa984 | 112 | |
a1af4a99 AA |
113 | // Check that the identity matches the user currently logged in |
114 | if ($request->identity != get_user_openid_url($user)) { | |
115 | $response =& $request->answer(false); | |
116 | $webresponse =& $server->encodeResponse($response); | |
117 | $this->render_openid_response($webresponse); | |
118 | return; | |
119 | } | |
120 | ||
121 | if ($_SERVER['REQUEST_METHOD'] != 'POST') { | |
122 | $page->changeTpl('openid/trust.tpl'); | |
123 | $page->assign('relying_party', $request->trust_root); | |
124 | return; | |
125 | } | |
126 | ||
127 | if (isset($_POST['trust'])) { // $_SERVER['REQUEST_METHOD'] == 'POST' | |
128 | unset($_SESSION['request']); | |
129 | $response =& $request->answer(true, null, $request->identity); | |
130 | ||
131 | // Answer with some sample Simple Registration data. | |
132 | // TODO USE REAL USER DATA | |
133 | // $user = S::user(); | |
134 | $sreg_data = array( | |
135 | 'fullname' => 'Example User', | |
136 | 'nickname' => 'example', | |
137 | 'dob' => '1970-01-01', | |
138 | 'email' => 'invalid@example.com', | |
139 | 'gender' => 'F', | |
140 | 'postcode' => '12345', | |
141 | 'country' => 'ES', | |
142 | 'language' => 'eu', | |
143 | 'timezone' => 'America/New_York'); | |
144 | ||
145 | // Add the simple registration response values to the OpenID | |
146 | // response message. | |
147 | require_once 'Auth/OpenID/SReg.php'; | |
148 | $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); | |
149 | $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); | |
150 | $sreg_response->toMessage($response->fields); | |
151 | ||
152 | // Generate a response to send to the user agent. | |
153 | $webresponse =& $server->encodeResponse($response); | |
154 | $this->render_openid_response($webresponse); | |
155 | } else { | |
156 | pl_redirect(''); | |
157 | return; | |
158 | } | |
b69727b4 AA |
159 | } |
160 | ||
161 | function handler_idp_xrds(&$page) | |
162 | { | |
b69727b4 | 163 | // Load constants |
a1af4a99 | 164 | $this->load('openid.inc.php'); |
b69727b4 AA |
165 | |
166 | // Set XRDS content-type and template | |
167 | header('Content-type: application/xrds+xml'); | |
168 | $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN); | |
169 | ||
170 | // Set variables | |
171 | $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN); | |
172 | $page->assign('type', Auth_OpenID_TYPE_2_0_IDP); | |
a1af4a99 | 173 | $page->assign('uri', get_openid_url()); |
b69727b4 AA |
174 | } |
175 | ||
176 | function handler_user_xrds(&$page, $x = null) | |
177 | { | |
b69727b4 | 178 | // Load constants |
a1af4a99 | 179 | $this->load('openid.inc.php'); |
24cfa984 | 180 | |
b69727b4 AA |
181 | // Set XRDS content-type and template |
182 | header('Content-type: application/xrds+xml'); | |
183 | $page->changeTpl('openid/user_xrds.tpl', NO_SKIN); | |
24cfa984 | 184 | |
b69727b4 AA |
185 | // Set variables |
186 | $page->assign('type1', Auth_OpenID_TYPE_2_0); | |
187 | $page->assign('type2', Auth_OpenID_TYPE_1_1); | |
a1af4a99 | 188 | $page->assign('uri', get_openid_url()); |
24cfa984 AA |
189 | } |
190 | ||
a1af4a99 AA |
191 | //--------------------------------------------------------------------// |
192 | ||
193 | function render_discovery_page(&$page, $user) | |
194 | { | |
195 | ||
196 | if (is_null($user)) { | |
197 | return PL_NOT_FOUND; | |
198 | } | |
199 | ||
200 | // Include X-XRDS-Location response-header for Yadis discovery | |
201 | header('X-XRDS-Location: ' . get_user_xrds_url($user)); | |
202 | ||
203 | // Select template | |
204 | $page->changeTpl('openid/openid.tpl'); | |
205 | ||
206 | // Sets the title of the html page. | |
207 | $page->setTitle($user->fullName()); | |
208 | ||
209 | // Sets the <link> tags for HTML-Based Discovery | |
210 | $page->addLink('openid.server openid2.provider', get_openid_url()); | |
211 | $page->addLink('openid.delegate openid2.local_id', $user->hruid); | |
212 | ||
213 | // Adds the global user property array to the display. | |
214 | $page->assign_by_ref('user', $user); | |
215 | ||
216 | return; | |
217 | } | |
218 | ||
219 | function render_no_identifier_page($page, $request) | |
220 | { | |
221 | $page->changeTpl('openid/no_identifier.tpl'); | |
222 | } | |
223 | ||
224 | // TODO determine when to close the connection or not | |
225 | // TODO i don't why it was done that way in the example | |
226 | function render_openid_response($webresponse, $close = false) | |
227 | { | |
228 | if ($webresponse->code != AUTH_OPENID_HTTP_OK) { | |
229 | header(sprintf("HTTP/1.1 %d ", $webresponse->code), | |
230 | true, $webresponse->code); | |
231 | } | |
232 | ||
233 | foreach ($webresponse->headers as $k => $v) { | |
234 | header("$k: $v"); | |
235 | } | |
236 | ||
237 | if ($close) { | |
238 | header('Connection: close'); | |
239 | } | |
240 | print $webresponse->body; | |
241 | exit; | |
242 | } | |
24cfa984 AA |
243 | } |
244 | ||
245 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
246 | ?> |