<?php
/***************************************************************************
- * Copyright (C) 2003-2008 Polytechnique.org *
+ * Copyright (C) 2003-2009 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
'openid' => $this->make_hook('openid', AUTH_PUBLIC),
'openid/trust' => $this->make_hook('trust', AUTH_COOKIE),
'openid/trusted' => $this->make_hook('trusted', AUTH_MDP),
+ 'admin/openid/trusted' => $this->make_hook('admin_trusted', AUTH_MDP),
'openid/idp_xrds' => $this->make_hook('idp_xrds', AUTH_PUBLIC),
'openid/user_xrds' => $this->make_hook('user_xrds', AUTH_PUBLIC),
'openid/melix' => $this->make_hook('melix', AUTH_PUBLIC),
// We redirect to a page where the user will authenticate
// and confirm the use of his/her OpenId
- // The request is saved in session before redirecting
- S::set('openid_request', serialize($request));
- pl_redirect('openid/trust');
+ $request_id = uniqid('openid-');
+ S::set($request_id, serialize($request));
+ $query = 'request_id=' . urlencode($request_id);
+ pl_redirect('openid/trust', $query);
return;
// Other requests can be automatically handled by the server
$this->load('openid.inc.php');
// Recover request in session
- $request = S::v('openid_request');
- if (is_null($request)) {
+ $request_id = $_GET['request_id'];
+ if (is_null($request_id) || !isset($_SESSION[$request_id])) {
// There is no authentication information, something went wrong
pl_redirect('/');
return;
}
require_once 'Auth/OpenID/Server.php';
- $request = unserialize($request);
+ $request = unserialize($_SESSION[$request_id]);
$server = init_openid_server();
$user = S::user();
$whitelisted = is_trusted_site($user, $request->trust_root);
// Ask the user for confirmation
- if (!$whitelisted && $_SERVER['REQUEST_METHOD'] != 'POST') {
+ $from_trust_page = $_SERVER['REQUEST_METHOD'] == 'POST'
+ && (isset($_POST['openid_trust']) || isset($_POST['openid_cancel']));
+ if (!$whitelisted && !$from_trust_page) {
$page->changeTpl('openid/trust.tpl');
$page->assign('relying_party', $request->trust_root);
$page->assign_by_ref('sreg_data', $sreg_response->data);
+ $query = 'request_id=' . urlencode($request_id);
+ $page->assign('query', $query);
return;
}
- // At this point $_SERVER['REQUEST_METHOD'] == 'POST'
+ // If this point is reached, the user has just validated the form on the 'trust' page
+
+ // Remove the request from session since an answer will be sent
+ S::kill($request_id);
// Add 'always trusted' sites to whitelist
- if (isset($_POST['trust']) && @$_POST['always']) {
+ if (isset($_POST['openid_trust']) && @$_POST['openid_always']) {
add_trusted_site($user, $request->trust_root);
}
// Answer to the Relying Party
- if ($whitelisted || isset($_POST['trust'])) {
- S::kill('openid_request');
+ if ($whitelisted || isset($_POST['openid_trust'])) {
$response =& $request->answer(true, null, $identity, $claimed_id);
// Add the simple registration response values to the OpenID
// response message.
$sreg_response->toMessage($response->fields);
- } else { // !$whitelisted && !isset($_POST['trust'])
- S::kill('openid_request');
+ } else { // !$whitelisted && isset($_POST['openid_cancel'])
$response =& $request->answer(false);
}
function handler_trusted(&$page, $action = 'list', $id = null)
{
- $this->load('openid.inc.php');
$page->setTitle('Sites tiers de confiance');
$page->assign('title', 'Mes sites tiers de confiance pour OpenId');
$table_editor = new PLTableEditor('openid/trusted', 'openid_trusted', 'id');
$table_editor->set_where_clause('user_id = ' . XDB::escape(S::user()->id()));
- // Display only URLs
$table_editor->vars['user_id']['display'] = false;
$table_editor->describe('url', 'site tiers', true);
$page->assign('deleteonly', true);
$table_editor->apply($page, $action, $id);
}
+ function handler_admin_trusted(&$page, $action = 'list', $id = null)
+ {
+ $page->setTitle('Sites tiers de confiance');
+ $page->assign('title', 'Sites tiers de confiance globaux pour OpenId');
+ $table_editor = new PLTableEditor('admin/openid/trusted', 'openid_trusted', 'id');
+ $table_editor->set_where_clause('user_id IS NULL');
+ $table_editor->vars['user_id']['display'] = false;
+ $table_editor->describe('url', 'site tiers', true);
+ $page->assign('readonly', true);
+ $table_editor->apply($page, $action, $id);
+ }
+
function handler_idp_xrds(&$page)
{
$this->load('openid.inc.php');
projects / platal.git / blobdiff