X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=inline;f=modules%2Fopenid.php;h=843effc59e9e4d1d0950e359df5a1a1be1313679;hb=3e53a496dd11e5082bfefc22fc9322d80152edd6;hp=80fd992d022fff487ccd0098da90ef0edabf05a7;hpb=f8a567b5058272cbd22bf1a96ecc0686baf59f15;p=platal.git
diff --git a/modules/openid.php b/modules/openid.php
index 80fd992..843effc 100644
--- a/modules/openid.php
+++ b/modules/openid.php
@@ -63,6 +63,8 @@ class OpenidModule extends PLModule
return array(
'openid' => $this->make_hook('openid', AUTH_PUBLIC),
'openid/trust' => $this->make_hook('trust', AUTH_COOKIE),
+ 'openid/trusted' => $this->make_hook('trusted', AUTH_MDP),
+ 'admin/openid/trusted' => $this->make_hook('admin_trusted', AUTH_MDP),
'openid/idp_xrds' => $this->make_hook('idp_xrds', AUTH_PUBLIC),
'openid/user_xrds' => $this->make_hook('user_xrds', AUTH_PUBLIC),
'openid/melix' => $this->make_hook('melix', AUTH_PUBLIC),
@@ -73,15 +75,13 @@ class OpenidModule extends PLModule
{
$this->load('openid.inc.php');
- // Spec §4.1.2: if "openid.mode" is absent, whe SHOULD assume that
+ // Spec §4.1.2: if "openid.mode" is absent, we SHOULD assume that
// the request is not an OpenId message
- // Thus, we try to render the discovery page
if (!array_key_exists('openid_mode', $_REQUEST)) {
return $this->render_discovery_page($page, get_user($x));
}
// Now, deal with the OpenId message
- // Create a server and decode the request
$server = init_openid_server();
$request = $server->decodeRequest();
@@ -95,7 +95,7 @@ class OpenidModule extends PLModule
// - the user identifier is known by the RP
// - the user is logged in
// - the user identifier matches the user logged in
- // - the user and has whitelisted the site
+ // - the user has whitelisted the site
$answer = !$request->idSelect()
&& S::logged()
&& $request->identity == S::user()->login()
@@ -107,7 +107,7 @@ class OpenidModule extends PLModule
// We redirect to a page where the user will authenticate
// and confirm the use of his/her OpenId
- // Save request in session before jumping to confirmation page
+ // The request is saved in session before redirecting
S::set('openid_request', serialize($request));
pl_redirect('openid/trust');
return;
@@ -117,7 +117,6 @@ class OpenidModule extends PLModule
$response =& $server->handleRequest($request);
}
- // Render response
$webresponse =& $server->encodeResponse($response);
$this->render_openid_response($webresponse);
}
@@ -134,7 +133,6 @@ class OpenidModule extends PLModule
return;
}
- // Unserialize the request
require_once 'Auth/OpenID/Server.php';
$request = unserialize($request);
@@ -162,7 +160,6 @@ class OpenidModule extends PLModule
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
$sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, get_sreg_data($user));
- // Check the whitelist
$whitelisted = is_trusted_site($user, $request->trust_root);
// Ask the user for confirmation
@@ -194,20 +191,39 @@ class OpenidModule extends PLModule
$response =& $request->answer(false);
}
- // Generate a response to send to the user agent.
$webresponse =& $server->encodeResponse($response);
$this->render_openid_response($webresponse);
}
+ function handler_trusted(&$page, $action = 'list', $id = null)
+ {
+ $page->setTitle('Sites tiers de confiance');
+ $page->assign('title', 'Mes sites tiers de confiance pour OpenId');
+ $table_editor = new PLTableEditor('openid/trusted', 'openid_trusted', 'id');
+ $table_editor->set_where_clause('user_id = ' . XDB::escape(S::user()->id()));
+ $table_editor->vars['user_id']['display'] = false;
+ $table_editor->describe('url', 'site tiers', true);
+ $page->assign('deleteonly', true);
+ $table_editor->apply($page, $action, $id);
+ }
+
+ function handler_admin_trusted(&$page, $action = 'list', $id = null)
+ {
+ $page->setTitle('Sites tiers de confiance');
+ $page->assign('title', 'Sites tiers de confiance globaux pour OpenId');
+ $table_editor = new PLTableEditor('admin/openid/trusted', 'openid_trusted', 'id');
+ $table_editor->set_where_clause('user_id IS NULL');
+ $table_editor->vars['user_id']['display'] = false;
+ $table_editor->describe('url', 'site tiers', true);
+ $page->assign('readonly', true);
+ $table_editor->apply($page, $action, $id);
+ }
+
function handler_idp_xrds(&$page)
{
$this->load('openid.inc.php');
-
- // Set XRDS content-type and template
header('Content-type: application/xrds+xml');
$page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
-
- // Set variables
$page->assign('type2', Auth_OpenID_TYPE_2_0_IDP);
$page->assign('sreg', Auth_OpenID_SREG_URI);
$page->assign('provider', get_openid_url());
@@ -217,17 +233,13 @@ class OpenidModule extends PLModule
{
$this->load('openid.inc.php');
- // Make sure the user exists
$user = get_user($x);
if (is_null($user)) {
return PL_NOT_FOUND;
}
- // Set XRDS content-type and template
header('Content-type: application/xrds+xml');
$page->changeTpl('openid/user_xrds.tpl', NO_SKIN);
-
- // Set variables
$page->assign('type2', Auth_OpenID_TYPE_2_0);
$page->assign('type1', Auth_OpenID_TYPE_1_1);
$page->assign('sreg', Auth_OpenID_SREG_URI);
@@ -268,17 +280,11 @@ class OpenidModule extends PLModule
// Include X-XRDS-Location response-header for Yadis discovery
header('X-XRDS-Location: ' . get_user_xrds_url($user));
- // Select template
$page->changeTpl('openid/openid.tpl');
-
- // Sets the title of the html page.
$page->setTitle($user->fullName());
-
- // Sets the tags for HTML-Based Discovery
+ // Set the tags for HTML-Based Discovery
$page->addLink('openid.server openid2.provider', get_openid_url());
$page->addLink('openid.delegate openid2.local_id', $user->hruid);
-
- // Adds the global user property array to the display.
$page->assign_by_ref('user', $user);
return;
@@ -286,19 +292,14 @@ class OpenidModule extends PLModule
function render_openid_response($webresponse)
{
- // Send HTTP response code
if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
header(sprintf("HTTP/1.1 %d ", $webresponse->code),
true, $webresponse->code);
}
-
- // Send headers
foreach ($webresponse->headers as $k => $v) {
header("$k: $v");
}
header('Connection: close');
-
- // Send body
print $webresponse->body;
exit;
}