[Fusionforge-commits] r15985 - in trunk/src/plugins: . authwebid authwebid/3rd-party authwebid/bin authwebid/db authwebid/etc authwebid/include authwebid/packaging authwebid/packaging/control authwebid/packaging/dirs authwebid/packaging/docs authwebid/packaging/install authwebid/packaging/links authwebid/www

Olivier Berger olberger at fusionforge.org
Thu Jul 12 16:06:34 CEST 2012


Author: olberger
Date: 2012-07-12 16:06:33 +0200 (Thu, 12 Jul 2012)
New Revision: 15985

Added:
   trunk/src/plugins/authwebid/
   trunk/src/plugins/authwebid/3rd-party/
   trunk/src/plugins/authwebid/3rd-party/README
   trunk/src/plugins/authwebid/NAME
   trunk/src/plugins/authwebid/README
   trunk/src/plugins/authwebid/bin/
   trunk/src/plugins/authwebid/bin/db-delete.pl
   trunk/src/plugins/authwebid/bin/db-upgrade.pl
   trunk/src/plugins/authwebid/db/
   trunk/src/plugins/authwebid/db/authwebid-init.sql
   trunk/src/plugins/authwebid/etc/
   trunk/src/plugins/authwebid/etc/authwebid.ini
   trunk/src/plugins/authwebid/include/
   trunk/src/plugins/authwebid/include/AuthWebIDPlugin.class.php
   trunk/src/plugins/authwebid/include/authwebid-init.php
   trunk/src/plugins/authwebid/packaging/
   trunk/src/plugins/authwebid/packaging/control/
   trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid
   trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid.shortdesc
   trunk/src/plugins/authwebid/packaging/dirs/
   trunk/src/plugins/authwebid/packaging/dirs/plugin-authwebid
   trunk/src/plugins/authwebid/packaging/docs/
   trunk/src/plugins/authwebid/packaging/docs/plugin-authwebid
   trunk/src/plugins/authwebid/packaging/install/
   trunk/src/plugins/authwebid/packaging/install/plugin-authwebid
   trunk/src/plugins/authwebid/packaging/links/
   trunk/src/plugins/authwebid/packaging/links/plugin-authwebid
   trunk/src/plugins/authwebid/www/
   trunk/src/plugins/authwebid/www/index.php
   trunk/src/plugins/authwebid/www/post-login.php
Log:
Initial contribution of a delebated WebID auth plugin

Added: trunk/src/plugins/authwebid/3rd-party/README
===================================================================
--- trunk/src/plugins/authwebid/3rd-party/README	                        (rev 0)
+++ trunk/src/plugins/authwebid/3rd-party/README	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,3 @@
+The plugin relies on WebIDDelegatedAuth, downloaded from https://github.com/WebIDauth/WebIDDelegatedAuth
+
+Attention, it uses ARC2 internally, which may be also included by other plugins but with different paths
\ No newline at end of file

Added: trunk/src/plugins/authwebid/NAME
===================================================================
--- trunk/src/plugins/authwebid/NAME	                        (rev 0)
+++ trunk/src/plugins/authwebid/NAME	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1 @@
+Authentication via WebID

Added: trunk/src/plugins/authwebid/README
===================================================================
--- trunk/src/plugins/authwebid/README	                        (rev 0)
+++ trunk/src/plugins/authwebid/README	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,39 @@
+fusionforge-plugin-authwebid
+-----------------------------
+
+This is meant to be the external WebID authentication plugin for FusionForge.
+
+It allows the forge to delegate authentication to a third party WebID "Identity Provider" 
+which will check the validity of the WebID profile of the user (checking that 
+the SSL cert used to access the IdP is the same as the one mentioned in the 
+FOAF profile it points to).
+That IdP must be trusted by the forge administrators to do so, of course. 
+
+If the plugin is activated by a user in its account management page, then 
+he/she may login to FusionForge using WebID (provided that the plugin is 
+activated on the whole site/forge, of course).
+
+Any number of WebID identities (URLs) can be used by a forge user to authenticate.
+
+Only one user may use one particular WebID identity simultaneously.
+
+WebID identities must have been added through the account management's WebID tab, 
+and are associated to the user, provided he/she owns them (i.e. can successfully 
+log-in to these URLs).
+
+The logged-in session is granted full privileges of the user, for now. 
+This should be improved in a later version, as WebID may not be trusted for critical 
+operations on the forge.
+
+The code depends on the WebIDDelegatedAuth library : https://github.com/WebIDauth/WebIDDelegatedAuth (a scaled down version of libAuthentication).
+
+This plugin's code is distributed under the conditions of the GNU GPL v2+ license.
+  
+
+USE IT AT YOUR OWN RISKS : THIS IS JUST A VERY EARLY PLUGIN, AND NO SECURITY AUDIT WAS CONDUCTED !
+ 
+-- Olivier Berger
+
+Local Variables:
+mode: readme-debian
+End:

Added: trunk/src/plugins/authwebid/bin/db-delete.pl
===================================================================
--- trunk/src/plugins/authwebid/bin/db-delete.pl	                        (rev 0)
+++ trunk/src/plugins/authwebid/bin/db-delete.pl	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,187 @@
+#!/usr/bin/perl -w
+#
+# Debian-specific script to delete plugin-specific tables
+# Roland Mas <lolando at debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+    $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+    $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+    $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+    $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+    $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+    $domain_name $newsadmin_groupid $statsadmin_groupid
+    $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/share/gforge/lib/include.pl") ; # Include a few predefined functions 
+require ("/usr/share/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "authwebid" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+    my ($sth, @array, $version, $action, $path, $target, $rname) ;
+
+    my $pattern = "plugin_" . $pluginname . '_%' ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='v'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_view_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='r'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_table_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='i'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_index_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='s'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_sequence_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $dbh->commit ();
+
+
+    debug "It seems your database deletion went well and smoothly.  That's cool." ;
+    debug "Please enjoy using Debian GForge." ;
+
+    # There should be a commit at the end of every block above.
+    # If there is not, then it might be symptomatic of a problem.
+    # For safety, we roll back.
+    $dbh->rollback ();
+};
+
+if ($@) {
+    warn "Transaction aborted because $@" ;
+    debug "Transaction aborted because $@" ;
+    debug "Last SQL query was:\n$query\n(end of query)" ;
+    $dbh->rollback ;
+    debug "Please report this bug on the Debian bug-tracking system." ;
+    debug "Please include the previous messages as well to help debugging." ;
+    debug "You should not worry too much about this," ;
+    debug "your DB is still in a consistent state and should be usable." ;
+    exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub debug ( $ ) {
+    my $v = shift ;
+    chomp $v ;
+    print STDERR "$v\n" ;
+}
+
+sub drop_table_if_exists ( $ ) {
+    my $tname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping table $tname" ;
+	$query = "DROP TABLE $tname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+    my $sname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping sequence $sname" ;
+	$query = "DROP SEQUENCE $sname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_index_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping index $iname" ;
+	$query = "DROP INDEX $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_view_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping view $iname" ;
+	$query = "DROP VIEW $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}

Added: trunk/src/plugins/authwebid/bin/db-upgrade.pl
===================================================================
--- trunk/src/plugins/authwebid/bin/db-upgrade.pl	                        (rev 0)
+++ trunk/src/plugins/authwebid/bin/db-upgrade.pl	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,299 @@
+#!/usr/bin/perl -w
+#
+# Debian-specific script to upgrade the database between releases
+# Roland Mas <lolando at debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+    $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+    $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+    $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+    $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+    $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+    $domain_name $newsadmin_groupid $statsadmin_groupid
+    $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/share/gforge/lib/include.pl") ; # Include a few predefined functions 
+require ("/usr/share/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "authwebid" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+    my ($sth, @array, $version, $path, $target) ;
+
+    &create_metadata_table ("0") ;
+    
+    $version = &get_db_version ;
+    $target = "0.1" ;
+    if (is_lesser $version, $target) {
+	my @filelist = ( "/usr/share/gforge/plugins/$pluginname/db/$pluginname-init.sql" ) ;
+	
+	foreach my $file (@filelist) {
+	    debug "Processing $file" ;
+	    @reqlist = @{ &parse_sql_file ($file) } ;
+	    
+	    foreach my $s (@reqlist) {
+		$query = $s ;
+		# debug $query ;
+		$sth = $dbh->prepare ($query) ;
+		$sth->execute () ;
+		$sth->finish () ;
+	    }
+	}
+	@reqlist = () ;
+	
+	&update_db_version ($target) ;
+	debug "Committing." ;
+	$dbh->commit () ;
+    }
+    
+    
+#    $version = &get_db_version ;
+#    $target = "0.2" ;
+#    if (is_lesser $version, $target) {
+#     	my @filelist = ( "/usr/share/gforge/plugins/$pluginname/db/20101203-add_type_for_iframe.sql" ) ;
+	
+#     	foreach my $file (@filelist) {
+#     	    debug "Processing $file" ;
+#     	    @reqlist = @{ &parse_sql_file ($file) } ;
+	    
+#     	    foreach my $s (@reqlist) {
+#     		$query = $s ;
+#     		# debug $query ;
+#     		$sth = $dbh->prepare ($query) ;
+#     		$sth->execute () ;
+#     		$sth->finish () ;
+#     	    }
+#     	}
+#     	@reqlist = () ;
+	
+#     	&update_db_version ($target) ;
+#     	debug "Committing." ;
+#     	$dbh->commit () ;
+#     }
+
+    debug "It seems your database install/upgrade went well and smoothly.  That's cool." ;
+    debug "Please enjoy using Debian GForge." ;
+
+    # There should be a commit at the end of every block above.
+    # If there is not, then it might be symptomatic of a problem.
+    # For safety, we roll back.
+    $dbh->rollback ();
+};
+
+if ($@) {
+    warn "Transaction aborted because $@" ;
+    debug "Transaction aborted because $@" ;
+    debug "Last SQL query was:\n$query\n(end of query)" ;
+    $dbh->rollback ;
+    debug "Please report this bug on the Debian bug-tracking system." ;
+    debug "Please include the previous messages as well to help debugging." ;
+    debug "You should not worry too much about this," ;
+    debug "your DB is still in a consistent state and should be usable." ;
+    exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub is_lesser ( $$ ) {
+    my $v1 = shift || 0 ;
+    my $v2 = shift || 0 ;
+
+    my $rc = system "dpkg --compare-versions $v1 lt $v2" ;
+
+    return (! $rc) ;
+}
+
+sub is_greater ( $$ ) {
+    my $v1 = shift || 0 ;
+    my $v2 = shift || 0 ;
+
+    my $rc = system "dpkg --compare-versions $v1 gt $v2" ;
+
+    return (! $rc) ;
+}
+
+sub debug ( $ ) {
+    my $v = shift ;
+    chomp $v ;
+    print STDERR "$v\n" ;
+}
+
+sub create_metadata_table ( $ ) {
+    my $v = shift || "0" ;
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+    # Do we have the metadata table?
+
+    $query = "SELECT count(*) FROM pg_class WHERE relname = '$tablename' and relkind = 'r'";
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    # Let's create this table if we have it not
+
+    if ($array [0] == 0) {
+	debug "Creating $tablename table." ;
+	$query = "CREATE TABLE $tablename (key varchar primary key, value text not null)" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+
+    $query = "SELECT count(*) FROM $tablename WHERE key = 'db-version'";
+    # debug $query ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    # Empty table?  We'll have to fill it up a bit
+
+    if ($array [0] == 0) {
+	debug "Inserting first data into $tablename table." ;
+	$query = "INSERT INTO $tablename (key, value) VALUES ('db-version', '$v')" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub update_db_version ( $ ) {
+    my $v = shift or die "Not enough arguments" ;
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+    debug "Updating $tablename table." ;
+    $query = "UPDATE $tablename SET value = '$v' WHERE key = 'db-version'" ;
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    $sth->finish () ;
+}
+
+sub get_db_version () {
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+    $query = "SELECT value FROM $tablename WHERE key = 'db-version'" ;
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    my $version = $array [0] ;
+
+    return $version ;
+}
+
+sub drop_table_if_exists ( $ ) {
+    my $tname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping table $tname" ;
+	$query = "DROP TABLE $tname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+    my $sname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping sequence $sname" ;
+	$query = "DROP SEQUENCE $sname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_index_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping index $iname" ;
+	$query = "DROP INDEX $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_view_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping view $iname" ;
+	$query = "DROP VIEW $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub bump_sequence_to ( $$ ) {
+    my ($sth, @array, $seqname, $targetvalue) ;
+
+    $seqname = shift ;
+    $targetvalue = shift ;
+
+    do {
+	$query = "select nextval ('$seqname')" ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	@array = $sth->fetchrow_array () ;
+	$sth->finish () ;
+    } until $array[0] >= $targetvalue ;
+}

Added: trunk/src/plugins/authwebid/db/authwebid-init.sql
===================================================================
--- trunk/src/plugins/authwebid/db/authwebid-init.sql	                        (rev 0)
+++ trunk/src/plugins/authwebid/db/authwebid-init.sql	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,4 @@
+CREATE TABLE plugin_authwebid_user_identities (user_id INTEGER NOT NULL,
+	webid_identity text);
+CREATE UNIQUE INDEX idx_authwebid_user_identities_webid_identity on plugin_authwebid_user_identities(webid_identity);
+

Added: trunk/src/plugins/authwebid/etc/authwebid.ini
===================================================================
--- trunk/src/plugins/authwebid/etc/authwebid.ini	                        (rev 0)
+++ trunk/src/plugins/authwebid/etc/authwebid.ini	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,23 @@
+[authwebid]
+
+; plugin_status is a string.
+; valid means : production ready.
+; Any other strings means it's under work or broken and plugin
+; is available in installation_environment = development only.
+plugin_status = 'to be validated by developpers'
+
+; By default, webid is not required but may be sufficient to log in. Uncomment to activate it
+required = no
+;required = yes
+
+sufficient = yes
+;sufficient = no
+
+; Allowed values: never, user-creation, login, every-page
+;sync_data_on = never
+
+; Default delegated WebID IdP to use
+; delegate_webid_auth_to = auth.my-profile.eu
+
+; URL of the delegated auth on the IdP which accepts a ?authreqissuer=callback invocation (ex, for : https://auth.my-profile.eu/auth/?authreqissuer=http://fusionforge.example.com/callback.php)
+; idp_delegation_link = https://auth.my-profile.eu/auth/

Added: trunk/src/plugins/authwebid/include/AuthWebIDPlugin.class.php
===================================================================
--- trunk/src/plugins/authwebid/include/AuthWebIDPlugin.class.php	                        (rev 0)
+++ trunk/src/plugins/authwebid/include/AuthWebIDPlugin.class.php	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,405 @@
+<?php
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once $GLOBALS['gfcommon'].'include/User.class.php';
+
+// WebID framework
+require_once('WebIDDelegatedAuth/lib/Authentication.php');
+
+/**
+ * WebID Authentication manager Plugin for FusionForge
+ *
+ */
+class AuthWebIDPlugin extends ForgeAuthPlugin {
+	
+	var $delegatedAuthentifier;
+	
+	var $delegate_webid_auth_to;
+	
+	var $idp_delegation_link;
+
+	var $webid_identity;
+
+	function AuthWebIDPlugin () {
+		global $gfconfig;
+		$this->ForgeAuthPlugin() ;
+		$this->name = "authwebid";
+		$this->text = "WebID authentication";
+
+		$this->_addHook('display_auth_form');
+		$this->_addHook("check_auth_session");
+		$this->_addHook("fetch_authenticated_user");
+		$this->_addHook("close_auth_session");
+		$this->_addHook("usermenu") ;
+		$this->_addHook("userisactivecheckbox") ; // The "use ..." checkbox in user account
+		$this->_addHook("userisactivecheckboxpost") ; //
+
+		$this->saved_login = '';
+		$this->saved_user = NULL;
+
+		$this->delegatedAuthentifier = FALSE;
+
+		$this->webid_identity = FALSE;
+
+		$this->declareConfigVars();
+		
+		// The IdP to use is configured in the .ini file
+		$this->delegate_webid_auth_to = forge_get_config ('delegate_webid_auth_to', $this->name);
+		$this->idp_delegation_link = forge_get_config('idp_delegation_link', $this->name);
+
+	}
+
+	/**
+	 * Display a link redirecting to a WebID IdP, to test a delegated auth
+	 * @param string $callback : callback which the IdP will invoke through with signed parameters
+	 * @param string $message : alternative message for the link
+	 * @return string html
+	 */
+	function displayAuthentifyViaIdPLink($callback, $message = FALSE) {
+		if (!$message) {
+			$message = sprintf( _('Click here to delegate authentication of your WebID to %s'), $this->delegate_webid_auth_to);
+		} 
+		$html = '<a href="' . $this->idp_delegation_link . '?authreqissuer='. $callback .'">';
+		$html .=  $message .'</a>';
+		return $html;
+	}
+
+	/**
+	 * Display a form to redirect to the WebID IdP
+	 * @param unknown_type $params
+	 * @return boolean
+	 */
+	function displayAuthForm(&$params) {
+		if (!$this->isRequired() && !$this->isSufficient()) {
+			return true;
+		}
+		$return_to = $params['return_to'];
+
+		$result = '';
+
+		$result .= '<p>';
+		$result .= _('Cookies must be enabled past this point.');
+		$result .= '</p>';
+
+		// TODO Use a trusted IdP that was configured previously by the forge admin, and which is trusted by the libAuthentication checks
+		//$result .= '<a href="https://foafssl.org/srv/idp?authreqissuer='. util_make_url('/plugins/authwebid/post-login.php') .'">Click here to Login via foafssl.org</a>';
+		//echo "<br />";
+		$result .= '<b>'. $this->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/post-login.php') ) . '</b>';
+		$result .= ' ('. _('You need to have bound such a WebID to your existing fusionforge account in advance') .')';
+
+		$params['html_snippets'][$this->name] = $result;
+
+	}
+
+    /**
+	 * Is there a valid session?
+	 * @param unknown_type $params
+	 */
+	function checkAuthSession(&$params) {
+		$this->saved_user = NULL;
+		$user = NULL;
+
+		if (isset($params['auth_token']) && $params['auth_token'] != '') {
+			$user_id = $this->checkSessionToken($params['auth_token']);
+		} else {
+			$user_id = $this->checkSessionCookie();
+		}
+		if ($user_id) {
+			$user = user_get_object($user_id);
+		} else {
+			if ($this->delegatedAuthentifier && $this->delegatedAuthentifier->identity) {
+				$username = $this->getUserNameFromWebIDIdentity($this->delegatedAuthentifier->identity);
+				if ($username) {
+					$user = $this->startSession($username);
+				}
+			}
+		}
+
+		if ($user) {
+			if ($this->isSufficient()) {
+				$this->saved_user = $user;
+				$params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
+
+			} else {
+				$params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
+			}
+		} else {
+			if ($this->isRequired()) {
+				$params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
+			} else {
+				$params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
+			}
+		}
+	}
+
+	/**
+	 * Retrieve the user_name for a WebID URI stored in DB as a known ID
+	 * @param string $webid_identity
+	 * @return string
+	 */
+	public function getUserNameFromWebIDIdentity($webid_identity) {
+		$user_name = FALSE;
+		$res = db_query_params('SELECT users.user_name FROM users, plugin_authwebid_user_identities WHERE users.user_id = plugin_authwebid_user_identities.user_id AND webid_identity=$1',
+							    array($webid_identity));
+		if($res) {
+			$row = db_fetch_array_by_row($res, 0);
+			if($row) {
+				$user_name = $row['user_name'];
+			}
+		}
+		return $user_name;
+	}
+
+	/**
+	 * Check if a WebID is already used and bound to an account
+	 * @param string $webid_identity
+	 * @return boolean
+	 */
+	public function existStoredWebID($webid_identity) {
+		$res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE webid_identity =$1',
+				array($webid_identity));
+		if ($res && db_numrows($res) > 0) {
+			return TRUE;
+		}
+		else {
+			return FALSE;
+		}
+	}
+	
+	/**
+	 * Load WebIDs already bound to an account (not the pending ones)
+	 * @param string $user_id
+	 * @return array
+	 */
+	public function getStoredBoundWebIDs($user_id) {
+		$boundwebids = array();
+		$res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE user_id =$1',
+				array($user_id));
+		if($res) {
+			$i = 0;
+		
+			while ($row = db_fetch_array($res)) {
+				$webid_identity = 	$row['webid_identity'];
+				// filter out the pending ones, prefixes by 'pending:'
+				if (substr($webid_identity, 0, 8) != 'pending:') {
+					$boundwebids[] = $webid_identity;
+				}
+			}
+		}
+		return $boundwebids;
+	}
+	
+	/**
+	 * Check if a WebID is pending confirmation of binding for a user
+	 * @param string $user_id
+	 * @param string $webid_identity
+	 * @return boolean
+	 */
+	public function isStoredPendingWebID($user_id, $webid_identity) {
+		// the pending WebIDs will be prefixed in the DB by 'pending:'
+		$webid_identity = 'pending:' . $webid_identity;
+		$res = db_query_params('SELECT COUNT(*) FROM plugin_authwebid_user_identities WHERE user_id =$1 AND webid_identity =$2',
+				array ($user_id, $webid_identity));
+		if ($res && db_numrows($res) > 0) {
+			$arr = db_fetch_array($res);
+			if ($arr[0] == '1') {
+				return TRUE;
+			} else {
+				return FALSE;
+			}
+		}
+		else {
+			return FALSE;
+		}
+	}
+	
+	/**
+	 * Load WebIDs already stored, but pending confirmation by a user
+	 * @param string $user_id
+	 * @return array
+	 */
+	public function getStoredPendingWebIDs($user_id) {
+		$pendingwebids = array();
+		$res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE user_id =$1',
+				array($user_id));
+		if($res) {
+			$i = 0;
+		
+			while ($row = db_fetch_array($res)) {
+				$webid_identity = $row['webid_identity'];
+				// return them as plain WebIDs without the 'pending:' prefix
+				if (substr($webid_identity, 0, 8) == 'pending:') {
+					$pendingwebids[] = substr($webid_identity, 8);
+				}
+			}
+		}
+		return $pendingwebids;
+	}
+	
+	/**
+	 * Convert a WebID pending binding to a bound one
+	 * @param string $user_id
+	 * @param string $webid_identity
+	 * @return string
+	 */
+	public function bindStoredWebID($user_id, $webid_identity) {
+		$error_msg = NULL;
+		// remove the 'pending:' prefix
+		$res = db_query_params('UPDATE plugin_authwebid_user_identities SET webid_identity=$1 WHERE user_id =$2 AND webid_identity =$3',
+								array ($webid_identity, $user_id, 'pending:'.$webid_identity)) ;
+		if (!$res) {
+			$error_msg = sprintf(_('Cannot bind new identity: %s'), db_error());
+		}
+		return $error_msg;
+	}
+	
+	/**
+	 * Store a WebID as pending binding to an account
+	 * @param string $user_id
+	 * @param string $webid_identity
+	 * @return string
+	 */
+	public function addStoredPendingWebID($user_id, $webid_identity) {
+		$error_msg = NULL;
+		// make sure not to add as pending to one account an already bound WebID for another
+		if ($this->existStoredWebID($webid_identity)) {
+			$error_msg = _('WebID already used');
+		}
+		else {
+			// prefix it with the 'pending:' prefix
+			$webid_identity = 'pending:' . $webid_identity;
+			// make sure to not add the same pending WebID for two different accounts
+			if ($this->existStoredWebID($webid_identity)) {
+				$error_msg = _('WebID already pending binding');
+			}
+			$res = db_query_params('INSERT INTO plugin_authwebid_user_identities (user_id, webid_identity) VALUES ($1,$2)',
+					array ($user_id, $webid_identity)) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$error_msg = sprintf(_('Cannot insert new identity: %s'), db_error());
+			}
+		}
+		return $error_msg;
+	}
+	
+	/**
+	 * Remove a WebID (possibly pending) from the table
+	 * @param string $user_id
+	 * @param string $webid_identity
+	 * @return string
+	 */
+	public function removeStoredWebID($user_id, $webid_identity) {
+		$error_msg = NULL;
+		$res = db_query_params('DELETE FROM plugin_authwebid_user_identities WHERE user_id=$1 AND webid_identity=$2',
+								array($user_id, $webid_identity));
+		if (!$res || db_affected_rows($res) < 1) {
+			$error_msg = sprintf(_('Cannot delete identity: %s'), db_error());
+		}
+		return $error_msg;
+	}
+	
+	/**
+	 * Check if we just got invoked back as a callback by the IdP which validated a WebID
+	 * @return boolean
+	 */
+	public function justBeenAuthenticatedByIdP() {
+		
+		// We should trust lib WebIDDelegatedAuth unless the admin wants to play by customizing by doing something like the commented code below
+		/*
+		// initialize the WebID lib handler which will read the posted args
+		$IDPCertificates = array ( 'foafssl.org' =>
+				"-----BEGIN PUBLIC KEY-----
+				MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
+				Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
+				W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
+				rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
+				34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
+				z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
+				aQIDAQAB
+				-----END PUBLIC KEY-----
+				");
+				
+		//$certRepository = new Authentication_X509CertRepo($IDPCertificates);
+		*/
+		
+		// We don't rely on the PHP session, as we're in FusionForge
+		$create_session = FALSE;
+		//$this->delegatedAuthentifier = new Authentication_Delegated($create_session, NULL, NULL, $certRepository);
+		$this->delegatedAuthentifier = new Authentication_Delegated($create_session);
+		
+		return $this->delegatedAuthentifier->isAuthenticated();
+	}
+	
+	/**
+	 * Return current WebID if the delegated Auth has proceeded
+	 * @return string
+	 */
+	public function getCurrentWebID() {
+		$webid = FALSE;
+		if ($this->delegatedAuthentifier) {
+			$webid = $this->delegatedAuthentifier->webid;
+		}
+		return $webid;
+	}
+	
+	protected function declareConfigVars() {
+		parent::declareConfigVars();
+
+		// Change vs default
+		forge_define_config_item ('required', $this->name, 'no');
+		forge_set_config_item_bool ('required', $this->name) ;
+
+		// Change vs default
+		forge_define_config_item ('sufficient', $this->name, 'no');
+		forge_set_config_item_bool ('sufficient', $this->name) ;
+		
+		// Default delegated WebID IdP to use
+		forge_define_config_item ('delegate_webid_auth_to', $this->name, 'auth.my-profile.eu');
+		
+		//URL of the delegated auth on the IdP which accepts a ?authreqissuer=callback invocation 
+		// for ex, for : https://auth.my-profile.eu/auth/?authreqissuer=http://fusionforge.example.com/callback.php :
+		forge_define_config_item ('idp_delegation_link', $this->name, 'https://auth.my-profile.eu/auth/');
+		
+	}
+
+	/**
+	 * Displays link to WebID identities management tab in user's page ('usermenu' hook)
+	 * @param unknown_type $params
+	 */
+	public function usermenu($params) {
+		global $G_SESSION, $HTML;
+		$text = $this->text; // this is what shows in the tab
+		if ($G_SESSION->usesPlugin($this->name)) {
+			//$param = '?type=user&id=' . $G_SESSION->getId() . "&pluginname=" . $this->name; // we indicate the part we�re calling is the user one
+			echo $HTML->PrintSubMenu (array ($text), array ('/plugins/authwebid/index.php'), array(_('coin pan')));
+		}
+	}
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/src/plugins/authwebid/include/authwebid-init.php
===================================================================
--- trunk/src/plugins/authwebid/include/authwebid-init.php	                        (rev 0)
+++ trunk/src/plugins/authwebid/include/authwebid-init.php	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,39 @@
+<?php
+
+/** External authentication via WebID for FusionForge
+ *
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+global $gfplugins;
+require_once $gfplugins.'authwebid/include/AuthWebIDPlugin.class.php' ;
+
+$authWebIDPluginObject = new AuthWebIDPlugin ;
+
+register_plugin ($authWebIDPluginObject) ;
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid
===================================================================
--- trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,4 @@
+Package: @PACKAGE at -plugin-authwebid
+Architecture: all
+Depends: @OLDPACKAGE at -common, @OLDPACKAGE at -db-postgresql | @OLDPACKAGE at -db, @OLDPACKAGE at -web-apache2 | @OLDPACKAGE at -web, libwebiddelegatedauth-php, ${misc:Depends}
+Description: collaborative development tool - WebID consumer authentication plugin

Added: trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid.shortdesc
===================================================================
--- trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid.shortdesc	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/control/301plugin-authwebid.shortdesc	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,3 @@
+ This plugin contains an WebID consumer authentication mechanism for
+ FusionForge. It allows users to authenticate against external WebID
+ providers.

Added: trunk/src/plugins/authwebid/packaging/dirs/plugin-authwebid
===================================================================
--- trunk/src/plugins/authwebid/packaging/dirs/plugin-authwebid	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/dirs/plugin-authwebid	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,3 @@
+usr/share/@OLDPACKAGE@/plugins/authwebid/bin
+usr/share/@OLDPACKAGE@/plugins/authwebid/www
+usr/share/@OLDPACKAGE@/plugins/authwebid/common

Added: trunk/src/plugins/authwebid/packaging/docs/plugin-authwebid
===================================================================
--- trunk/src/plugins/authwebid/packaging/docs/plugin-authwebid	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/docs/plugin-authwebid	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1 @@
+plugins/authwebid/README

Added: trunk/src/plugins/authwebid/packaging/install/plugin-authwebid
===================================================================
--- trunk/src/plugins/authwebid/packaging/install/plugin-authwebid	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/install/plugin-authwebid	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,6 @@
+plugins/authwebid/include   usr/share/@OLDPACKAGE@/plugins/authwebid/
+plugins/authwebid/www       usr/share/@OLDPACKAGE@/plugins/authwebid/
+plugins/authwebid/etc/*.ini etc/@PACKAGE@/config.ini.d/
+plugins/authwebid/db/*      usr/share/@OLDPACKAGE@/plugins/authwebid/db/
+plugins/authwebid/bin/*	usr/share/@OLDPACKAGE@/plugins/authwebid/bin/
+

Added: trunk/src/plugins/authwebid/packaging/links/plugin-authwebid
===================================================================
--- trunk/src/plugins/authwebid/packaging/links/plugin-authwebid	                        (rev 0)
+++ trunk/src/plugins/authwebid/packaging/links/plugin-authwebid	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1 @@
+/usr/share/@OLDPACKAGE@/plugins/authwebid/www /usr/share/@OLDPACKAGE@/www/plugins/authwebid

Added: trunk/src/plugins/authwebid/www/index.php
===================================================================
--- trunk/src/plugins/authwebid/www/index.php	                        (rev 0)
+++ trunk/src/plugins/authwebid/www/index.php	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,174 @@
+<?php
+
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011-2012, Olivier Berger & Institut Mines-Telecom
+ *
+ * This program was initially developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once ('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+
+session_require_login();
+
+// get global users vars
+$u =& user_get_object(user_getid());
+if (!$u || !is_object($u)) {
+	exit_error(_('Could Not Get User'));
+} elseif ($u->isError()) {
+	exit_error($u->getErrorMessage(),'my');
+}
+
+$plugin = plugin_get_object('authwebid');
+
+// we receive this when addition or deletion is confirmed
+$webid_identity = htmlspecialchars(trim(getStringFromRequest('webid_identity', 'http://')));
+
+// When invoked back by the IdP, the request is signed
+if (getStringFromRequest('sig') != '') {
+
+	// First, verify that we indeed got invoked back as a callback of the IdP delegated auth
+	if ( $plugin->justBeenAuthenticatedByIdP() ) {
+		
+		// We can then trust the webid set by WebIDDelegatedAuth lib
+		$webid_identity = $plugin->getCurrentWebID();
+
+		// Now, if we went back to the IdP in order to confirm a pending binding, it's time to bind it
+		if ( $plugin->isStoredPendingWebID($u->getID(), $webid_identity) ) {
+			
+			$error_msg = $plugin->bindStoredWebID($u->getID(), $webid_identity);
+			if ($error_msg) {
+				$webid_identity = 'http://';
+			} else {
+				$feedback = _('The IdP has confirmed that you own this WebID. It is now bound to your account.');
+			}
+		}
+		else {
+			// or it's the first time we went to the IdP, and we wait until the confirmation of the binding to really use it 
+			$error_msg = $plugin->addStoredPendingWebID($u->getID(), $webid_identity);
+			if ($error_msg) {
+				$webid_identity = 'http://';
+			} else {
+				$feedback = _('The IdP has confirmed that you own a WebID. Please confirm you want to bind it to your account.');
+			}
+		}
+	} 
+}
+
+// If called to remove an identity
+if (getStringFromRequest('delete') != '') {
+	
+	$error_msg = $plugin->removeStoredWebID($u->getID(), $webid_identity);
+	
+	if (!$error_msg) {
+		$feedback = _('Identity successfully deleted');
+		$webid_identity = 'http://';
+	}
+}
+
+// In all cases, we display the management screen
+
+$title = sprintf(_('Manage WebID identities for user %1$s'), $u->getUnixName());
+site_user_header(array('title'=>$title));
+
+echo $HTML->boxTop(_('My WebID identities'));
+
+?>
+	<h2><?php echo _('Bind a new WebID'); ?></h2>
+
+		<p><?php 
+		
+			echo _('You can add your own WebID identities in the form below.') . '<br />'; 
+			echo _('Once you have confirmed their binding to your fusionforge account, you may use them to login.') ?></p>
+
+		<?php
+		// display a table of WebIDs pending binding 
+		$pendingwebids = $plugin->getStoredPendingWebIDs($u->getID());
+		if( count($pendingwebids) ) {
+			echo $HTML->listTableTop(array(_('Already pending WebIDs you could bind to your account'), ''));
+
+			$i = 0;
+			foreach($pendingwebids as $webid_identity) {
+				echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+				echo '<td><i>'. $webid_identity .'</i></td>';
+				echo '<td><b>'. $plugin->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/index.php'), _('Confirm binding')) . '</b></td>';
+				echo '<td><a href="'.util_make_uri ('/plugins/authwebid/').'?webid_identity='. urlencode('pending:'.$webid_identity) .'&delete=1">'. _('remove') . '</a></td>';
+				echo '</tr>';
+				$i++;
+			}
+			echo $HTML->listTableBottom();
+		}
+		?>
+		<!-- This form isn't one any more actually, but decorations is nice like this -->		
+		<form name="new_identity" action="<?php echo util_make_uri ('/plugins/authwebid/'); ?>" method="post">
+			<fieldset>
+				<legend><?php echo _('Bind a new WebID'); ?></legend>
+				<p>
+					<?php 
+						echo '</p><p>';
+						// redirect link to the IdP
+						// This might as well confirm binding just as if using the Confirm link, if user has only one WebID recognized by the IdP
+						echo '<b>'. $plugin->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/index.php'), 
+																		sprintf( _('Click here to initiate the addition of a new WebID validated via %s'), 
+																				 $plugin->delegate_webid_auth_to)) . '</b>';
+				?>
+				</p>
+			</fieldset>
+		</form>
+		
+		<h2><?php echo _('My WebIDs'); ?></h2>
+
+		<?php
+
+		// now display existing bound identities
+
+
+		$boundwebids = $plugin->getStoredBoundWebIDs($u->getID());
+
+		if(count($boundwebids)) {
+			echo $HTML->listTableTop(array(_('WebIDs already bound to your account, which you can use to login'), ''));
+			$i = 0;
+		
+			foreach($boundwebids as $webid_identity) {
+				echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+				echo '<td>'. $webid_identity .'</td>';
+				echo '<td><a href="'.util_make_uri ('/plugins/authwebid/').'?webid_identity='. urlencode($webid_identity) .'&delete=1">'. _('remove') . '</a></td>';
+				echo '</tr>';
+				$i++;
+			}
+		
+			echo $HTML->listTableBottom();
+		}
+		else {
+			echo '<p>'. _("You haven't yet bound any WebID to your account") . '</p>';
+		}
+		
+		
+		echo $HTML->boxBottom();
+
+site_user_footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/src/plugins/authwebid/www/post-login.php
===================================================================
--- trunk/src/plugins/authwebid/www/post-login.php	                        (rev 0)
+++ trunk/src/plugins/authwebid/www/post-login.php	2012-07-12 14:06:33 UTC (rev 15985)
@@ -0,0 +1,104 @@
+<?php
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+// FIXME : WTF ?!?!?!?
+Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
+Header( "Cache-Control: no-cache");
+Header( "Cache-Control: must-revalidate");
+
+require_once('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
+
+// WebID framework
+require_once('WebIDDelegatedAuth/lib/Authentication.php');
+
+$plugin = plugin_get_object('authwebid');
+
+$return_to = getStringFromRequest('return_to');
+//$login = getStringFromRequest('login');
+
+//$webid_identifier = getStringFromRequest('webid');
+$triggered = getIntFromRequest('triggered');
+
+if (forge_get_config('use_ssl') && !session_issecure()) {
+	//force use of SSL for login
+	// redirect
+	session_redirect_external('https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
+}
+
+	// TODO check error param in request
+	if ( $plugin->justBeenAuthenticatedByIdP() ) {
+		//echo "authenticated as :";
+		//print_r($plugin->delegatedAuthentifier);
+		//exit(0);
+
+			// initiate session
+	    	if ($plugin->isSufficient()) {
+	    		$user = False;
+
+	    		$username = $plugin->getUserNameFromWebIDIdentity($plugin->getCurrentWebID());
+				if ($username) {
+					$user_tmp = user_get_object_by_name($username);
+					if($user_tmp->usesPlugin($plugin->name)) {
+						$user = $plugin->startSession($username);
+					}
+					else {
+						$warning_msg = _('WebID plugin not activated for the user account');
+					}
+				}
+
+				if($user) {
+					$feedback = _('The IdP has confirmed that you own this WebID bound to your account. Welcome.');
+					// redirect to the proper place in the forge
+					if ($return_to) {
+						validate_return_to($return_to);
+
+						session_redirect($return_to);
+					} else {
+						session_redirect("/my");
+					}
+				}
+				else {
+					$warning_msg = sprintf (_("Unknown user with identity '%s'"),$plugin->getCurrentWebID());
+				}
+	    	}
+		}
+		else {
+			echo "error :". $plugin->delegatedAuthentifier->authnDiagnostic;
+			print_r($plugin->delegatedAuthentifier);
+			exit(0);
+		}
+    //}
+
+	// Otherwise, display the login form again
+	display_login_page($return_to, $triggered);
+	
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>




More information about the Fusionforge-commits mailing list