diff options
-rw-r--r-- | actions/openid_client/login.php | 20 | ||||
-rw-r--r-- | actions/openid_client/register.php | 34 | ||||
-rw-r--r-- | lib/helpers.php | 66 | ||||
-rw-r--r-- | return.php | 238 | ||||
-rw-r--r-- | start.php | 119 | ||||
-rw-r--r-- | views/default/forms/openid_client/register.php | 55 | ||||
-rw-r--r-- | views/default/openid_client/login.php | 10 | ||||
-rw-r--r-- | views/default/openid_client/register.php | 7 |
8 files changed, 279 insertions, 270 deletions
diff --git a/actions/openid_client/login.php b/actions/openid_client/login.php new file mode 100644 index 000000000..5e7ad3ace --- /dev/null +++ b/actions/openid_client/login.php @@ -0,0 +1,20 @@ +<?php +/** + * + */ + +elgg_load_library('openid_consumer'); + +$store = new Auth_OpenID_FileStore('/tmp'); + +$consumer = new ElggOpenIDConsumer($store); +$consumer->setProvider('google'); +$consumer->setReturnURL(elgg_get_site_url() . 'mod/openid_client/return.php'); + +$html = $consumer->requestAuthentication(); +if ($html) { + echo $html; + exit; +} else { + register_error('oops'); +} diff --git a/actions/openid_client/register.php b/actions/openid_client/register.php new file mode 100644 index 000000000..e847d2395 --- /dev/null +++ b/actions/openid_client/register.php @@ -0,0 +1,34 @@ +<?php +/** + * Register an OpenID user + */ + +elgg_set_context('openid_client'); + +$username = get_input('username'); +$name = get_input('name'); +$email = get_input('email'); +$openid_identifier = get_input('openid_identifier'); + +$password = 'test'; + +try { + $guid = register_user($username, $password, $name, $email, false); +} catch (RegistrationException $e) { + register_error($e->getMessage()); + forward(REFERER); +} +$user = get_entity($guid); + +$user->openid_identifier = $openid_identifier; +elgg_set_user_validation_status($guid, true, 'openid'); + +if (!elgg_trigger_plugin_hook('register', 'user', array('user' => $user), true)) { + $user->delete(); + register_error(elgg_echo('registerbad')); + forward(REFERER); +} + +login($user); +system_message($message); +forward(); diff --git a/lib/helpers.php b/lib/helpers.php new file mode 100644 index 000000000..c7158235a --- /dev/null +++ b/lib/helpers.php @@ -0,0 +1,66 @@ +<?php +/** + * Helper functions for the OpenID client plugin + */ + +/** + * Serves a page to the new user to determine account values + * + * This should only be called after validating the OpenID response. + * + * @param array $data Key value pairs extracted from the response + * @return bool + */ +function openid_client_registration_page_handler(array $data) { + + if (!is_array($data)) { + return false; + } + + $title = 'register'; + + $vars = openid_client_prepare_registration_vars($data); + $content = elgg_view('openid_client/register', $vars); + + $body = elgg_view_layout('one_column', array('content' => $content)); + echo elgg_view_page($title, $body); + + return true; +} + +/** + * Create the form vars for registration + * + * @param array $data + * @return array + */ +function openid_client_prepare_registration_vars(array $data) { + $vars = array(); + + $vars['openid_identifier'] = $data['openid_identifier']; + + // username + if (isset($data['username'])) { + $vars['username'] = $data['username']; + } else if (isset($data['email'])) { + $vars['username'] = array_pop(explode('@', $data['email'])); + } else { + $vars['username'] = null; + } + + // is the username available + $vars['is_username_available'] = true; + + // is the username valid + try { + $vars['is_username_valid'] = validate_username($vars['username']); + } catch (RegistrationException $e) { + $vars['is_username_valid'] = false; + } + + // the rest + $vars['email'] = elgg_extract('email', $data); + $vars['name'] = elgg_extract('name', $data); + + return $vars; +} diff --git a/return.php b/return.php index 3d949b492..23751e54a 100644 --- a/return.php +++ b/return.php @@ -1,210 +1,54 @@ <?php
-
/**
- * Callback for return_to url redirection. The identity server will
- * redirect back to this handler with the results of the
- * authentication attempt.
+ * Callback for return_to url redirection.
*
- * Note: the Elgg action system strips off the query string and is incompatible with
- * the JanRain OpenID library, so we need to keep this as an ordinary PHP file
- * for now.
+ * The identity server will redirect back to this handler with the results of
+ * the authentication attempt.
*
+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so
+ * this script needs to be directly accessed.
*/
-require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');
-require_once(dirname(__FILE__).'/models/model.php');
-
-global $CONFIG;
-
-set_context('openid');
-$store = new OpenID_ElggStore();
-$consumer = new Auth_OpenID_Consumer($store);
+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';
-$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';
+elgg_load_library('openid_consumer');
+elgg_load_library('openid_client');
-// TODO - handle passthru_url properly
-// $dest = $query['destination'];
-$response = $consumer->complete($return_url);
-
-if ($response->status == Auth_OpenID_CANCEL) {
- register_error(elgg_echo("openid_client:authentication_cancelled"));
-} else if ($response->status != Auth_OpenID_SUCCESS) {
- register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );
-} else { // SUCCESS.
- $openid_url = $response->getDisplayIdentifier();
-
- // Look for sreg data.
- $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
- $sreg = $sreg_resp->contents();
- if ($sreg) {
- $email = trim($sreg['email']);
- $fullname = trim($sreg['fullname']);
- //print ($email.' '.$fullname);
- }
-
- $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');
+// get user data from the response
+$store = new Auth_OpenID_FileStore('/tmp');
+$consumer = new ElggOpenIDConsumer($store);
+$url = elgg_get_site_url() . 'mod/openid_client/return.php';
+$consumer->setReturnURL($url);
+$data = $consumer->completeAuthentication();
+if (!$data || !$data['openid_identifier']) {
+ // @todo handle error
+}
- if (!$entities || $entities[0]->active == 'no') {
- if (!$entities) {
- // this account does not exist
- if (!$email || !validate_email_address($email)) {
- // there is a problem with the email provided by the profile exchange, so generate a form to collect it
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);
- $body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);
- }
- $missing_data = true;
- } elseif (!$fullname) {
- // the name is missing
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
- if ($email_confirmation) {
- $prefix = 'a';
- } else {
- $prefix = 'n';
- }
- // create the account
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {
- $details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);
- $body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);
- }
- $missing_data = true;
- } else {
- // email address and name look good
-
- $login = false;
-
- // create a new account
-
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
-
- $user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);
- $missing_data = false;
- }
- } else {
- // this is an inactive account
- $user = $entities[0];
-
- // need to figure out why the account is inactive
-
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
-
- if ($user->email && $user->name) {
- $missing_data = false;
- // no missing information
- if (!$email_confirmation) {
- // OK, this is weird - no email confirmation required and all the information has been supplied
- // this should not happen, so just go ahead and activate the account
- $user->active = 'yes';
- $user->save();
- }
- } else {
- // missing information
- $missing_data = true;
- // does this person have an existing magic code?
- if ($details = openid_client_get_invitation_by_username($user->alias)) {
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
- } else {
- // create a new magic code
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
- }
- }
- }
- if ($user && !$missing_data) {
-
- if ($email_confirmation) {
- $i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);
- openid_client_send_activate_confirmation_message($i_code);
- system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));
- } else {
- system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));
- $login = true;
- }
- }
-
- } else {
-
- $user = $entities[0];
-
- // account is active, check to see if this user has been banned
-
- if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.
- register_error(elgg_echo("openid_client:banned"));
- } else {
- // user has not been banned
- // check to see if email address has changed
- if ($email && $email != $user->email && validate_email_address($email)) {
- // the email on the OpenID server is not the same as the email registered on this local client system
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
- if ($CONFIG->openid_client_always_sync == 'yes') {
- // this client always forces client/server data syncs
- if ($fullname) {
- $user->name = $fullname;
- }
- if ($email_confirmation) {
- // don't let this user in until the email address change is confirmed
- $login = false;
- $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);
- openid_client_send_change_confirmation_message($i_code);
- system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));
- } else {
- $login = true;
- if (openid_client_get_user_by_email($email)) {
- register_error(elgg_echo("openid_client:email_in_use"),$email);
- } else {
- $user->email = $email;
- system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));
- }
- }
- } else {
- $login = true;
- if (!$store->getNoSyncStatus($user)) {
- // the following conditions are true:
- // the email address has changed on the server,
- // this client does not *require* syncing with the server,
- // but this user has not turned off syncing
- // therefore the user needs to be offered the chance to sync his or her data
- $body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);
- }
- }
- } elseif ($fullname && $fullname != $user->name) {
- // the fullname on the OpenID server is not the same as the name registered on this local client system
- $login = true;
- if ($CONFIG->openid_client_always_sync == 'yes') {
- // this client always forces client/server data syncs
- $user->name = $fullname;
- } else {
- if (!$store->getNoSyncStatus($user)) {
- // the following conditions are true:
- // the fullname has changed on the server,
- // this client does not *require* syncing with the server,
- // but this user has not turned off syncing
- // therefore the user needs to be offered the chance to sync his or her data
- $body = openid_client_generate_sync_form($email,$fullname,$user,false);
- }
- }
- } else {
- // nothing has changed or the data is null so let this person in
- $login = true;
- }
- }
+// does this user exist
+$users = elgg_get_entities_from_metadata(array(
+ 'type' => 'user',
+ 'subtype' => 'openid',
+ 'metadata_name' => 'openid_identifier',
+ 'metadata_value' => $data['openid_identifier'],
+));
+if ($users) {
+ // log in user and maybe update account (admin setting, user prompt?)
+ $user = $users[0];
+
+ try {
+ login($user);
+ } catch (LoginException $e) {
+ register_error($e->getMessage());
+ forward();
}
-
- if ($login) {
-
- $rememberme = get_input('remember',0);
- if (!empty($rememberme)) {
- login($user,true);
- } else {
- login($user);
- }
- }
-}
-
-if(isset($body) && $body) {
-
- page_draw(elgg_echo('openid_client:information_title'),$body);
-} else {
+ system_message(elgg_echo('loginok'));
forward();
+} else {
+ // register the new user
+ $result = openid_client_registration_page_handler($data);
+ if (!$result) {
+ register_error();
+ forward();
+ }
}
@@ -1,88 +1,61 @@ <?php
-
/**
- * Elgg openid client plugin
+ * Elgg OpenID client
*
- * @package ElggOpenID
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Kevin Jardine <kevin@radagast.biz>
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.com/
*/
-
- global $CONFIG;
-
- set_include_path(get_include_path() . PATH_SEPARATOR . $CONFIG->pluginspath . 'openid_client/models');
+
+elgg_register_event_handler('init', 'system', 'openid_client_init');
/**
- * OpenID client initialisation
- *
- * These parameters are required for the event API, but we won't use them:
- *
- * @param unknown_type $event
- * @param unknown_type $object_type
- * @param unknown_type $object
+ * OpenID client initialization
*/
-
function openid_client_init() {
-
- elgg_extend_view("login/extend", "openid_client/forms/login");
-
- // Extend system CSS with our own styles
- elgg_extend_view('css','openid_client/css');
-
- // Register a page handler, so we can have nice URLs
- register_page_handler('openid_client','openid_client_page_handler');
-
-}
-
-function openid_client_pagesetup()
- {
- if (get_context() == 'admin' && isadminloggedin()) {
- global $CONFIG;
- add_submenu_item(elgg_echo('openid_client:admin_title'), $CONFIG->wwwroot . 'pg/openid_client/admin');
- }
-}
+ elgg_extend_view('core/account/login_box', 'openid_client/login');
+
+ $base = elgg_get_plugins_path() . 'openid_client/actions/openid_client';
+ elgg_register_action('openid_client/login', "$base/login.php", 'public');
+ elgg_register_action('openid_client/register', "$base/register.php", 'public');
-function openid_client_can_edit($hook_name, $entity_type, $return_value, $parameters) {
- $entity = $parameters['entity'];
- $context = get_context();
- if ($context == 'openid' && $entity->getSubtype() == "openid") {
- // should be able to do anything with OpenID user data
- return true;
- }
- return null;
+ $base = elgg_get_plugins_path() . 'openid_client/lib';
+ elgg_register_library('openid_client', "$base/helpers.php");
+
+ elgg_register_event_handler('create', 'user', 'openid_client_set_subtype', 1);
+
+ elgg_register_page_handler('openid_client', 'openid_client_page_handler');
}
-function openid_client_page_handler($page) {
- if (isset($page[0])) {
- if ($page[0] == 'admin') {
- include(dirname(__FILE__) . "/pages/admin.php");
- return true;
- } else if ($page[0] == 'confirm') {
- include(dirname(__FILE__) . "/pages/confirm.php");
- return true;
- } else if ($page[0] == 'sso') {
- include(dirname(__FILE__) . "/pages/sso.php");
- return true;
- } else if ($page[0] == 'reset') {
- include(dirname(__FILE__) . "/pages/reset.php");
- return true;
- }
- }
- return false;
+/**
+ * Set the correct subtype for OpenID users
+ *
+ * @param string $event Event name
+ * @param string $type Object type
+ * @param ElggUser $user New user
+ */
+function openid_client_set_subtype($event, $type, $user) {
+ $db_prefix = elgg_get_config('dbprefix');
+ $guid = (int)$user->getGUID();
+ $subtype_id = (int)add_subtype('user', 'openid');
+
+ $query = "UPDATE {$db_prefix}entities SET subtype = $subtype_id WHERE guid = $guid";
+ update_data($query);
}
-register_elgg_event_handler('init','system','openid_client_init');
-register_elgg_event_handler('pagesetup','system','openid_client_pagesetup');
+/**
+ * OpenID client page handler
+ *
+ * @param type $page Array of URL segments
+ * @return bool
+ */
+function openid_client_page_handler($page) {
-register_plugin_hook('permissions_check','user','openid_client_can_edit');
+ // this is test code for right now
+ elgg_load_library('openid_client');
+ openid_client_registration_page_handler(array(
+ 'username' => 'john',
+ 'email' => 'john@example.org',
+ 'name' => 'John Doe',
+ 'openid_identifier' => 'abcdefghijklmnopqrstuvwxyz',
+ ));
-// Register actions
-global $CONFIG;
-register_action("openid_client/login",true,$CONFIG->pluginspath . "openid_client/actions/login.php");
-register_action("openid_client/return",true,$CONFIG->pluginspath . "openid_client/actions/return.php");
-register_action("openid_client/admin",false,$CONFIG->pluginspath . "openid_client/actions/admin.php");
-//register_action("openid_client/confirm",false,$CONFIG->pluginspath . "openid_client/actions/confirm.php");
-register_action("openid_client/missing",false,$CONFIG->pluginspath . "openid_client/actions/missing.php");
-register_action("openid_client/sync",false,$CONFIG->pluginspath . "openid_client/actions/sync.php");
+ return true;
+}
diff --git a/views/default/forms/openid_client/register.php b/views/default/forms/openid_client/register.php new file mode 100644 index 000000000..b8f57fb59 --- /dev/null +++ b/views/default/forms/openid_client/register.php @@ -0,0 +1,55 @@ +<?php +/** + * OpenID register form body + * + * @uses $vars['openid_identifier'] + * @uses $vars['username'] + * @uses $vars['is_username_available'] + * @uses $vars['is_username_valid'] + * @uses $vars['email'] + * @uses $vars['name'] + */ + +$username_label = ''; +$username_input = elgg_view('input/text', array( + 'name' => 'username', + 'value' => $vars['username'], +)); + +$name_label = elgg_echo(); +$name_input = elgg_view('input/text', array( + 'name' => 'name', + 'value' => $vars['name'], +)); + +$email_label = elgg_echo(); +$email_input = elgg_view('input/email', array( + 'name' => 'email', + 'value' => $vars['email'], +)); + +$openid_input = elgg_view('input/hidden', array( + 'name' => 'openid_identifier', + 'value' => $vars['openid_identifier'], +)); +$button = elgg_view('input/submit', array('value' => elgg_echo('save'))); + +echo <<<HTML +<div> + <label>$username_label</label> + $username_input +</div> +<div> + <label>$name_label</label> + $name_input +</div> +<div> + <label>$email_label</label> + $email_input +</div> +<div class="elgg-foot"> + $openid_input + $button +</div> + +HTML; diff --git a/views/default/openid_client/login.php b/views/default/openid_client/login.php new file mode 100644 index 000000000..f89b790c0 --- /dev/null +++ b/views/default/openid_client/login.php @@ -0,0 +1,10 @@ +<?php +/** + * + */ + +echo elgg_view('output/url', array( + 'text' => 'login with Google', + 'href' => 'action/openid_client/login', + 'is_action' => true, +)); diff --git a/views/default/openid_client/register.php b/views/default/openid_client/register.php new file mode 100644 index 000000000..0c3770ed2 --- /dev/null +++ b/views/default/openid_client/register.php @@ -0,0 +1,7 @@ +<?php +/** + * Registration content view for OpenID client + * + */ + +echo elgg_view_form('openid_client/register', array(), $vars); |