<?php\r
-\r
/**\r
- * Callback for return_to url redirection. The identity server will\r
- * redirect back to this handler with the results of the\r
- * authentication attempt.\r
+ * Callback for return_to url redirection.\r
* \r
- * Note: the Elgg action system strips off the query string and is incompatible with\r
- * the JanRain OpenID library, so we need to keep this as an ordinary PHP file\r
- * for now.\r
+ * The identity server will redirect back to this handler with the results of\r
+ * the authentication attempt.\r
* \r
+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so\r
+ * this script needs to be directly accessed.\r
*/\r
\r
-require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');\r
-require_once(dirname(__FILE__).'/models/model.php');\r
-\r
-global $CONFIG;\r
-\r
-set_context('openid');\r
-$store = new OpenID_ElggStore();\r
-$consumer = new Auth_OpenID_Consumer($store);\r
+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';\r
\r
-$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';\r
+elgg_load_library('openid_consumer');\r
+elgg_load_library('openid_client');\r
\r
-// TODO - handle passthru_url properly\r
-// $dest = $query['destination'];\r
-$response = $consumer->complete($return_url);\r
-\r
-if ($response->status == Auth_OpenID_CANCEL) {\r
- register_error(elgg_echo("openid_client:authentication_cancelled"));\r
-} else if ($response->status != Auth_OpenID_SUCCESS) {\r
- register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );\r
-} else { // SUCCESS.\r
- $openid_url = $response->getDisplayIdentifier();\r
- \r
- // Look for sreg data.\r
- $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);\r
- $sreg = $sreg_resp->contents();\r
- if ($sreg) {\r
- $email = trim($sreg['email']);\r
- $fullname = trim($sreg['fullname']);\r
- //print ($email.' '.$fullname);\r
- }\r
- \r
- $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');\r
+// get user data from the response\r
+$store = new Auth_OpenID_FileStore('/tmp');\r
+$consumer = new ElggOpenIDConsumer($store);\r
+$url = elgg_get_site_url() . 'mod/openid_client/return.php';\r
+$consumer->setReturnURL($url);\r
+$data = $consumer->completeAuthentication();\r
+if (!$data || !$data['openid_identifier']) {\r
+ // @todo handle error\r
+}\r
\r
- if (!$entities || $entities[0]->active == 'no') {\r
- if (!$entities) {\r
- // this account does not exist\r
- if (!$email || !validate_email_address($email)) {\r
- // there is a problem with the email provided by the profile exchange, so generate a form to collect it\r
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {\r
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);\r
- $body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);\r
- }\r
- $missing_data = true;\r
- } elseif (!$fullname) {\r
- // the name is missing\r
- $email_confirmation = openid_client_check_email_confirmation($openid_url);\r
- if ($email_confirmation) {\r
- $prefix = 'a';\r
- } else {\r
- $prefix = 'n';\r
- }\r
- // create the account\r
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {\r
- $details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);\r
- $body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);\r
- }\r
- $missing_data = true;\r
- } else {\r
- // email address and name look good \r
- \r
- $login = false; \r
- \r
- // create a new account\r
- \r
- $email_confirmation = openid_client_check_email_confirmation($openid_url); \r
- \r
- $user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);\r
- $missing_data = false;\r
- }\r
- } else {\r
- // this is an inactive account\r
- $user = $entities[0];\r
- \r
- // need to figure out why the account is inactive\r
- \r
- $email_confirmation = openid_client_check_email_confirmation($openid_url);\r
- \r
- if ($user->email && $user->name) {\r
- $missing_data = false;\r
- // no missing information\r
- if (!$email_confirmation) {\r
- // OK, this is weird - no email confirmation required and all the information has been supplied\r
- // this should not happen, so just go ahead and activate the account\r
- $user->active = 'yes';\r
- $user->save();\r
- }\r
- } else { \r
- // missing information\r
- $missing_data = true;\r
- // does this person have an existing magic code?\r
- if ($details = openid_client_get_invitation_by_username($user->alias)) {\r
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);\r
- } else {\r
- // create a new magic code\r
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);\r
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);\r
- } \r
- }\r
- }\r
- if ($user && !$missing_data) {\r
- \r
- if ($email_confirmation) {\r
- $i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);\r
- openid_client_send_activate_confirmation_message($i_code);\r
- system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));\r
- } else {\r
- system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));\r
- $login = true;\r
- }\r
- }\r
- \r
- } else {\r
- \r
- $user = $entities[0];\r
- \r
- // account is active, check to see if this user has been banned\r
- \r
- if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.\r
- register_error(elgg_echo("openid_client:banned"));\r
- } else {\r
- // user has not been banned\r
- // check to see if email address has changed\r
- if ($email && $email != $user->email && validate_email_address($email)) {\r
- // the email on the OpenID server is not the same as the email registered on this local client system\r
- $email_confirmation = openid_client_check_email_confirmation($openid_url);\r
- if ($CONFIG->openid_client_always_sync == 'yes') {\r
- // this client always forces client/server data syncs\r
- if ($fullname) {\r
- $user->name = $fullname;\r
- }\r
- if ($email_confirmation) {\r
- // don't let this user in until the email address change is confirmed\r
- $login = false;\r
- $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);\r
- openid_client_send_change_confirmation_message($i_code);\r
- system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));\r
- } else {\r
- $login = true;\r
- if (openid_client_get_user_by_email($email)) {\r
- register_error(elgg_echo("openid_client:email_in_use"),$email);\r
- } else {\r
- $user->email = $email;\r
- system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));\r
- }\r
- }\r
- } else {\r
- $login = true;\r
- if (!$store->getNoSyncStatus($user)) {\r
- // the following conditions are true:\r
- // the email address has changed on the server,\r
- // this client does not *require* syncing with the server,\r
- // but this user has not turned off syncing\r
- // therefore the user needs to be offered the chance to sync his or her data\r
- $body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);\r
- }\r
- }\r
- } elseif ($fullname && $fullname != $user->name) {\r
- // the fullname on the OpenID server is not the same as the name registered on this local client system\r
- $login = true;\r
- if ($CONFIG->openid_client_always_sync == 'yes') {\r
- // this client always forces client/server data syncs\r
- $user->name = $fullname;\r
- } else {\r
- if (!$store->getNoSyncStatus($user)) {\r
- // the following conditions are true:\r
- // the fullname has changed on the server,\r
- // this client does not *require* syncing with the server,\r
- // but this user has not turned off syncing\r
- // therefore the user needs to be offered the chance to sync his or her data\r
- $body = openid_client_generate_sync_form($email,$fullname,$user,false);\r
- }\r
- }\r
- } else {\r
- // nothing has changed or the data is null so let this person in\r
- $login = true;\r
- }\r
- } \r
+// does this user exist\r
+$users = elgg_get_entities_from_metadata(array(\r
+ 'type' => 'user',\r
+ 'subtype' => 'openid',\r
+ 'metadata_name' => 'openid_identifier',\r
+ 'metadata_value' => $data['openid_identifier'],\r
+));\r
+if ($users) {\r
+ // log in user and maybe update account (admin setting, user prompt?)\r
+ $user = $users[0];\r
+\r
+ try {\r
+ login($user);\r
+ } catch (LoginException $e) {\r
+ register_error($e->getMessage());\r
+ forward();\r
}\r
- \r
- if ($login) {\r
- \r
- $rememberme = get_input('remember',0);\r
- if (!empty($rememberme)) {\r
- login($user,true);\r
- } else {\r
- login($user);\r
- }\r
- }\r
-} \r
-\r
-if(isset($body) && $body) {\r
- \r
- page_draw(elgg_echo('openid_client:information_title'),$body);\r
\r
-} else {\r
+ system_message(elgg_echo('loginok'));\r
forward();\r
+} else {\r
+ // register the new user\r
+ $result = openid_client_registration_page_handler($data);\r
+ if (!$result) {\r
+ register_error();\r
+ forward();\r
+ }\r
}\r
<?php\r
-\r
/**\r
- * Elgg openid client plugin\r
+ * Elgg OpenID client\r
* \r
- * @package ElggOpenID\r
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2\r
- * @author Kevin Jardine <kevin@radagast.biz>\r
- * @copyright Curverider Ltd 2008-2009\r
- * @link http://elgg.com/\r
*/\r
- \r
- global $CONFIG;\r
- \r
- set_include_path(get_include_path() . PATH_SEPARATOR . $CONFIG->pluginspath . 'openid_client/models');\r
+\r
+elgg_register_event_handler('init', 'system', 'openid_client_init');\r
\r
/**\r
- * OpenID client initialisation\r
- *\r
- * These parameters are required for the event API, but we won't use them:\r
- * \r
- * @param unknown_type $event\r
- * @param unknown_type $object_type\r
- * @param unknown_type $object\r
+ * OpenID client initialization\r
*/\r
-\r
function openid_client_init() {\r
- \r
- elgg_extend_view("login/extend", "openid_client/forms/login");\r
- \r
- // Extend system CSS with our own styles\r
- elgg_extend_view('css','openid_client/css');\r
- \r
- // Register a page handler, so we can have nice URLs\r
- register_page_handler('openid_client','openid_client_page_handler');\r
- \r
-}\r
- \r
-function openid_client_pagesetup()\r
- {\r
- if (get_context() == 'admin' && isadminloggedin()) {\r
- global $CONFIG;\r
- add_submenu_item(elgg_echo('openid_client:admin_title'), $CONFIG->wwwroot . 'pg/openid_client/admin');\r
- }\r
-}\r
+ elgg_extend_view('core/account/login_box', 'openid_client/login');\r
+ \r
+ $base = elgg_get_plugins_path() . 'openid_client/actions/openid_client';\r
+ elgg_register_action('openid_client/login', "$base/login.php", 'public');\r
+ elgg_register_action('openid_client/register', "$base/register.php", 'public');\r
\r
-function openid_client_can_edit($hook_name, $entity_type, $return_value, $parameters) {\r
- $entity = $parameters['entity'];\r
- $context = get_context();\r
- if ($context == 'openid' && $entity->getSubtype() == "openid") {\r
- // should be able to do anything with OpenID user data\r
- return true;\r
- }\r
- return null; \r
+ $base = elgg_get_plugins_path() . 'openid_client/lib';\r
+ elgg_register_library('openid_client', "$base/helpers.php");\r
+\r
+ elgg_register_event_handler('create', 'user', 'openid_client_set_subtype', 1);\r
+\r
+ elgg_register_page_handler('openid_client', 'openid_client_page_handler');\r
}\r
\r
-function openid_client_page_handler($page) {\r
- if (isset($page[0])) {\r
- if ($page[0] == 'admin') {\r
- include(dirname(__FILE__) . "/pages/admin.php");\r
- return true;\r
- } else if ($page[0] == 'confirm') {\r
- include(dirname(__FILE__) . "/pages/confirm.php");\r
- return true;\r
- } else if ($page[0] == 'sso') {\r
- include(dirname(__FILE__) . "/pages/sso.php");\r
- return true;\r
- } else if ($page[0] == 'reset') {\r
- include(dirname(__FILE__) . "/pages/reset.php");\r
- return true;\r
- }\r
- }\r
- return false;\r
+/**\r
+ * Set the correct subtype for OpenID users\r
+ *\r
+ * @param string $event Event name\r
+ * @param string $type Object type\r
+ * @param ElggUser $user New user\r
+ */\r
+function openid_client_set_subtype($event, $type, $user) {\r
+ $db_prefix = elgg_get_config('dbprefix');\r
+ $guid = (int)$user->getGUID();\r
+ $subtype_id = (int)add_subtype('user', 'openid');\r
+\r
+ $query = "UPDATE {$db_prefix}entities SET subtype = $subtype_id WHERE guid = $guid";\r
+ update_data($query);\r
}\r
\r
-register_elgg_event_handler('init','system','openid_client_init');\r
-register_elgg_event_handler('pagesetup','system','openid_client_pagesetup');\r
+/**\r
+ * OpenID client page handler\r
+ *\r
+ * @param type $page Array of URL segments\r
+ * @return bool\r
+ */\r
+function openid_client_page_handler($page) {\r
\r
-register_plugin_hook('permissions_check','user','openid_client_can_edit');\r
+ // this is test code for right now\r
+ elgg_load_library('openid_client');\r
+ openid_client_registration_page_handler(array(\r
+ 'username' => 'john',\r
+ 'email' => 'john@example.org',\r
+ 'name' => 'John Doe',\r
+ 'openid_identifier' => 'abcdefghijklmnopqrstuvwxyz',\r
+ ));\r
\r
-// Register actions\r
-global $CONFIG;\r
-register_action("openid_client/login",true,$CONFIG->pluginspath . "openid_client/actions/login.php");\r
-register_action("openid_client/return",true,$CONFIG->pluginspath . "openid_client/actions/return.php");\r
-register_action("openid_client/admin",false,$CONFIG->pluginspath . "openid_client/actions/admin.php");\r
-//register_action("openid_client/confirm",false,$CONFIG->pluginspath . "openid_client/actions/confirm.php");\r
-register_action("openid_client/missing",false,$CONFIG->pluginspath . "openid_client/actions/missing.php");\r
-register_action("openid_client/sync",false,$CONFIG->pluginspath . "openid_client/actions/sync.php");\r
+ return true;\r
+}\r
projects / lorea / elgg.git / commitdiff