[Fusionforge-commits] r12887 - in trunk/src/plugins/authopenid: . 3rd-party include www
Olivier Berger
olberger at fusionforge.org
Tue Mar 22 16:18:02 CET 2011
Author: olberger
Date: 2011-03-22 16:18:01 +0100 (Tue, 22 Mar 2011)
New Revision: 12887
Added:
trunk/src/plugins/authopenid/3rd-party/README
Modified:
trunk/src/plugins/authopenid/README
trunk/src/plugins/authopenid/include/AuthOpenIDPlugin.class.php
trunk/src/plugins/authopenid/www/index.php
trunk/src/plugins/authopenid/www/post-login.php
Log:
Finished work on OpenID for now
Added: trunk/src/plugins/authopenid/3rd-party/README
===================================================================
--- trunk/src/plugins/authopenid/3rd-party/README (rev 0)
+++ trunk/src/plugins/authopenid/3rd-party/README 2011-03-22 15:18:01 UTC (rev 12887)
@@ -0,0 +1,3 @@
+This copy of the lightopenid library was downloaded in March 2011.
+
+http://code.google.com/p/lightopenid/
\ No newline at end of file
Modified: trunk/src/plugins/authopenid/README
===================================================================
--- trunk/src/plugins/authopenid/README 2011-03-22 07:45:51 UTC (rev 12886)
+++ trunk/src/plugins/authopenid/README 2011-03-22 15:18:01 UTC (rev 12887)
@@ -3,6 +3,26 @@
This is meant to be the external OpenID authentication plugin for FusionForge.
+If the plugin is activated by a user in its account management page, then
+he/she may login to FusionForge using OpenID (provided that the plugin is
+activated on the whole site/forge, of course).
+
+Any number of OpenID identities (URLs) can be used by a forg user to authenticate.
+
+Only one user may use an OpenID identity simultaneously.
+
+OpenID identities must have been added through the account management's OpenID tab,
+and are associated to the user, provided he/she owns them (i.e. can successfully
+log-in to these URLs).
+
+The logged-in session is granted full privileges of the user, for now.
+This should be improved in a later version, as OpenID may not be trusted for critical
+operations on the forge.
+
+The code depends on the lightopenid library (http://code.google.com/p/lightopenid/)
+
+USE IT AT YOUR OWN RISKS : THIS IS JUST A VERY EARLY PLUGIN, AND NO SECURITY AUDIT WAS CONDUCTED !
+
-- Olivier Berger
Local Variables:
Modified: trunk/src/plugins/authopenid/include/AuthOpenIDPlugin.class.php
===================================================================
--- trunk/src/plugins/authopenid/include/AuthOpenIDPlugin.class.php 2011-03-22 07:45:51 UTC (rev 12886)
+++ trunk/src/plugins/authopenid/include/AuthOpenIDPlugin.class.php 2011-03-22 15:18:01 UTC (rev 12887)
@@ -151,25 +151,7 @@
}
return $user_name;
}
- /**
- * What GFUser is logged in?
- * @param unknown_type $params
- */
- /*
- function closeAuthSession($params) {
- $this->initCAS();
-
- if ($this->isSufficient() || $this->isRequired()) {
- $this->unsetSessionCookie();
- // logs user out from CAS
- // TODO : make it optional to not mess with other apps' SSO sessions with CAS
- phpCAS::logoutWithRedirectService(util_make_url('/'));
- } else {
- return true;
- }
- }
-*/
/**
* Terminate an authentication session
* @param unknown_type $params
@@ -188,6 +170,10 @@
}
+ /**
+ * Displays link to OpenID identities management tab in user's page ('usermenu' hook)
+ * @param unknown_type $params
+ */
public function usermenu($params) {
global $G_SESSION, $HTML;
$text = $this->text; // this is what shows in the tab
Modified: trunk/src/plugins/authopenid/www/index.php
===================================================================
--- trunk/src/plugins/authopenid/www/index.php 2011-03-22 07:45:51 UTC (rev 12886)
+++ trunk/src/plugins/authopenid/www/index.php 2011-03-22 15:18:01 UTC (rev 12887)
@@ -1,9 +1,36 @@
<?php
+/** External authentication via OpenID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge
+ *
+ * This plugin, like FusionForge, is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
+ *
+ */
require_once ('../../../www/env.inc.php');
require_once $gfcommon.'include/pre.php';
+// from lightopenid (http://code.google.com/p/lightopenid/)
+require_once 'openid.php';
session_require_login();
@@ -17,9 +44,40 @@
$openid_identity = htmlspecialchars(trim(getStringFromRequest('openid_identity', 'http://')));
-print_r($_GET);
-print_r($_POST);
+try {
+
+ // initialize the OpenID lib handler which will read the posted args
+ $plugin->openid = new LightOpenID;
+ // check the 'openid_mode' that may be set on returning from OpenID provider
+ if($plugin->openid->mode) {
+
+ // or we are called back by the OpenID provider
+ if($plugin->openid->mode == 'cancel') {
+ $warning_msg .= _('User has canceled authentication. Identity not added.');
+ } else {
+
+ // Authentication should have been attempted by OpenID provider
+ if ($plugin->openid->validate()) {
+ // If user successfully logged in to OpenID provider
+ $res = db_query_params('INSERT INTO plugin_authopenid_user_identities (user_id, openid_identity) VALUES ($1,$2)',
+ array ($u->getID(),
+ $plugin->openid->identity)) ;
+ if (!$res || db_affected_rows($res) < 1) {
+ $error_msg = sprintf(_('Cannot insert new identity: %s'),
+ db_error());
+ } else {
+ $feedback = _('Identity successfully added');
+ $openid_identity = 'http://';
+ }
+ }
+ }
+ }
+} catch(ErrorException $e) {
+ $error_msg = 'OpenID error: '. $e->getMessage();
+ //exit(0);
+}
+// called to add a new identity
if (getStringFromRequest('addidentity') != '') {
if ($openid_identity == '' || $openid_identity == 'http://') {
$error_msg = _('ERROR: Missing URL for the new identity');
@@ -31,15 +89,20 @@
if ($res && db_numrows($res) > 0) {
$error_msg = _('ERROR: identity already used by a forge user.');
} else {
- $res = db_query_params('INSERT INTO plugin_authopenid_user_identities (user_id, openid_identity) VALUES ($1,$2)',
- array ($u->getID(),
- htmlspecialchars_decode($openid_identity))) ;
- if (!$res || db_affected_rows($res) < 1) {
- $error_msg = sprintf(_('Cannot insert new identity: %s'),
- db_error());
- } else {
- $feedback = _('Identity successfully added');
- $openid_identity = 'http://';
+
+ // TODO : redirect and check that the identity is authorized for the user
+ try {
+
+ // initialize the OpenID lib handler which will read the posted args
+ $plugin->openid = new LightOpenID;
+ // check the 'openid_mode' that may be set on returning from OpenID provider
+
+ $plugin->openid->identity = htmlspecialchars_decode($openid_identity);
+ session_redirect_external($plugin->openid->authUrl());
+
+ } catch(ErrorException $e) {
+ $error_msg = 'OpenID error: '. $e->getMessage();
+ //exit(0);
}
}
}
@@ -107,7 +170,6 @@
echo $HTML->boxBottom();
-
site_user_footer(array());
// Local Variables:
Modified: trunk/src/plugins/authopenid/www/post-login.php
===================================================================
--- trunk/src/plugins/authopenid/www/post-login.php 2011-03-22 07:45:51 UTC (rev 12886)
+++ trunk/src/plugins/authopenid/www/post-login.php 2011-03-22 15:18:01 UTC (rev 12887)
@@ -1,22 +1,19 @@
<?php
-/**
- * FusionForge AuthCas login page
+/** External authentication via OpenID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
*
- * This is main login page. It takes care of different account states
- * (by disallowing logging in with non-active account, with appropriate
- * notice).
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
*
- * Copyright 1999-2001 (c) VA Linux Systems
- * Copyright 2011, Roland Mas
- * Copyright 2011 Olivier Berger & Institut Telecom
+ * This file is part of FusionForge
*
- * This file is part of FusionForge.
+ * This plugin, like FusionForge, is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
*
- * FusionForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
* FusionForge is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@@ -24,7 +21,8 @@
*
* You should have received a copy of the GNU General Public License
* along with FusionForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
+ *
*/
// FIXME : WTF ?!?!?!?
@@ -65,8 +63,14 @@
// We're just called by the login form : redirect to the OpenID provider
if(isset($_POST['openid_identifier'])) {
- $plugin->openid->identity = $_POST['openid_identifier'];
- session_redirect_external($plugin->openid->authUrl());
+ $openid_identifier = $_POST['openid_identifier'];
+ if($plugin->getUserNameFromOpenIDIdentity($openid_identifier)) {
+ $plugin->openid->identity = $openid_identifier;
+ session_redirect_external($plugin->openid->authUrl());
+ }
+ else {
+ $warning_msg = _('No such OpenID identity registered yet');
+ }
}
// or we are called back by the OpenID provider
@@ -84,7 +88,13 @@
$username = $plugin->getUserNameFromOpenIDIdentity($plugin->openid->identity);
if ($username) {
- $user = $plugin->startSession($username);
+ $user_tmp = user_get_object_by_name($username);
+ if($user_tmp->usesPlugin($plugin->name)) {
+ $user = $plugin->startSession($username);
+ }
+ else {
+ $warning_msg = _('OpenID plugin not activated for the user account');
+ }
}
if($user) {
@@ -98,7 +108,7 @@
}
}
else {
- $warning_msg .= sprintf (_("Unknown user with identity '%s'"),$plugin->openid->identity);
+ $warning_msg = sprintf (_("Unknown user with identity '%s'"),$plugin->openid->identity);
}
}
}
@@ -108,7 +118,7 @@
display_login_page($return_to, $triggered);
} catch(ErrorException $e) {
- echo $e->getMessage();
+ echo 'OpenID error'. $e->getMessage();
}
// Local Variables:
// mode: php
More information about the Fusionforge-commits
mailing list