X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fopenid.php;h=843effc59e9e4d1d0950e359df5a1a1be1313679;hb=cf81c359b80ad4280a0b3719e0a32c8adba2549d;hp=7c66b8cafc78312f765481dd048e8663844eed9e;hpb=2e5fbf5e95af6df07bf7b52f78a4bec325c1af41;p=platal.git

diff --git a/modules/openid.php b/modules/openid.php
index 7c66b8c..843effc 100644
--- a/modules/openid.php
+++ b/modules/openid.php
@@ -63,6 +63,8 @@ class OpenidModule extends PLModule
         return array(
             'openid'            => $this->make_hook('openid', AUTH_PUBLIC),
             'openid/trust'      => $this->make_hook('trust', AUTH_COOKIE),
+            'openid/trusted'    => $this->make_hook('trusted', AUTH_MDP),
+            'admin/openid/trusted'  => $this->make_hook('admin_trusted', AUTH_MDP),
             'openid/idp_xrds'   => $this->make_hook('idp_xrds', AUTH_PUBLIC),
             'openid/user_xrds'  => $this->make_hook('user_xrds', AUTH_PUBLIC),
             'openid/melix'      => $this->make_hook('melix', AUTH_PUBLIC),
@@ -73,15 +75,13 @@ class OpenidModule extends PLModule
     {
         $this->load('openid.inc.php');
 
-        // Spec Â§4.1.2: if "openid.mode" is absent, whe SHOULD assume that
+        // Spec Â§4.1.2: if "openid.mode" is absent, we SHOULD assume that
         // the request is not an OpenId message
-        // Thus, we try to render the discovery page
         if (!array_key_exists('openid_mode', $_REQUEST)) {
             return $this->render_discovery_page($page, get_user($x));
         }
 
         // Now, deal with the OpenId message
-        // Create a server and decode the request
         $server = init_openid_server();
         $request = $server->decodeRequest();
 
@@ -95,7 +95,7 @@ class OpenidModule extends PLModule
             //   - the user identifier is known by the RP
             //   - the user is logged in
             //   - the user identifier matches the user logged in
-            //   - the user and has whitelisted the site
+            //   - the user has whitelisted the site
             $answer = !$request->idSelect()
                       && S::logged()
                       && $request->identity == S::user()->login()
@@ -107,7 +107,7 @@ class OpenidModule extends PLModule
 
             // We redirect to a page where the user will authenticate
             // and confirm the use of his/her OpenId
-            // Save request in session before jumping to confirmation page
+            // The request is saved in session before redirecting
             S::set('openid_request', serialize($request));
             pl_redirect('openid/trust');
             return;
@@ -117,7 +117,6 @@ class OpenidModule extends PLModule
             $response =& $server->handleRequest($request);
         }
 
-        // Render response
         $webresponse =& $server->encodeResponse($response);
         $this->render_openid_response($webresponse);
     }
@@ -134,7 +133,6 @@ class OpenidModule extends PLModule
             return;
         }
 
-        // Unserialize the request
         require_once 'Auth/OpenID/Server.php';
         $request = unserialize($request);
 
@@ -162,8 +160,7 @@ class OpenidModule extends PLModule
         $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
         $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, get_sreg_data($user));
 
-        // Check the whitelist
-        $whitelisted = false;//is_trusted_site($user, $request->trust_root);
+        $whitelisted = is_trusted_site($user, $request->trust_root);
 
         // Ask the user for confirmation
         if (!$whitelisted && $_SERVER['REQUEST_METHOD'] != 'POST') {
@@ -194,20 +191,39 @@ class OpenidModule extends PLModule
             $response =& $request->answer(false);
         }
 
-        // Generate a response to send to the user agent.
         $webresponse =& $server->encodeResponse($response);
         $this->render_openid_response($webresponse);
     }
 
+    function handler_trusted(&$page, $action = 'list', $id = null)
+    {
+        $page->setTitle('Sites tiers de confiance');
+        $page->assign('title', 'Mes sites tiers de confiance pour OpenId');
+        $table_editor = new PLTableEditor('openid/trusted', 'openid_trusted', 'id');
+        $table_editor->set_where_clause('user_id = ' . XDB::escape(S::user()->id()));
+        $table_editor->vars['user_id']['display'] = false;
+        $table_editor->describe('url', 'site tiers', true);
+        $page->assign('deleteonly', true);
+        $table_editor->apply($page, $action, $id);
+    }
+
+    function handler_admin_trusted(&$page, $action = 'list', $id = null)
+    {
+        $page->setTitle('Sites tiers de confiance');
+        $page->assign('title', 'Sites tiers de confiance globaux pour OpenId');
+        $table_editor = new PLTableEditor('admin/openid/trusted', 'openid_trusted', 'id');
+        $table_editor->set_where_clause('user_id IS NULL');
+        $table_editor->vars['user_id']['display'] = false;
+        $table_editor->describe('url', 'site tiers', true);
+        $page->assign('readonly', true);
+        $table_editor->apply($page, $action, $id);
+    }
+
     function handler_idp_xrds(&$page)
     {
         $this->load('openid.inc.php');
-
-        // Set XRDS content-type and template
         header('Content-type: application/xrds+xml');
         $page->changeTpl('openid/idp_xrds.tpl', NO_SKIN);
-
-        // Set variables
         $page->assign('type2', Auth_OpenID_TYPE_2_0_IDP);
         $page->assign('sreg', Auth_OpenID_SREG_URI);
         $page->assign('provider', get_openid_url());
@@ -217,17 +233,13 @@ class OpenidModule extends PLModule
     {
         $this->load('openid.inc.php');
 
-        // Make sure the user exists
         $user = get_user($x);
         if (is_null($user)) {
             return PL_NOT_FOUND;
         }
 
-        // Set XRDS content-type and template
         header('Content-type: application/xrds+xml');
         $page->changeTpl('openid/user_xrds.tpl', NO_SKIN);
-
-        // Set variables
         $page->assign('type2', Auth_OpenID_TYPE_2_0);
         $page->assign('type1', Auth_OpenID_TYPE_1_1);
         $page->assign('sreg', Auth_OpenID_SREG_URI);
@@ -268,17 +280,11 @@ class OpenidModule extends PLModule
         // Include X-XRDS-Location response-header for Yadis discovery
         header('X-XRDS-Location: ' . get_user_xrds_url($user));
 
-        // Select template
         $page->changeTpl('openid/openid.tpl');
-
-        // Sets the title of the html page.
         $page->setTitle($user->fullName());
-
-        // Sets the <link> tags for HTML-Based Discovery
+        // Set the <link> tags for HTML-Based Discovery
         $page->addLink('openid.server openid2.provider', get_openid_url());
         $page->addLink('openid.delegate openid2.local_id', $user->hruid);
-
-        // Adds the global user property array to the display.
         $page->assign_by_ref('user', $user);
 
         return;
@@ -286,19 +292,14 @@ class OpenidModule extends PLModule
 
     function render_openid_response($webresponse)
     {
-        // Send HTTP response code
         if ($webresponse->code != AUTH_OPENID_HTTP_OK) {
             header(sprintf("HTTP/1.1 %d ", $webresponse->code),
                    true, $webresponse->code);
         }
-
-        // Send headers
         foreach ($webresponse->headers as $k => $v) {
             header("$k: $v");
         }
         header('Connection: close');
-
-        // Send body
         print $webresponse->body;
         exit;
     }