lib/openid.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/classes/User_openid.php');
  23
  24 require_once('Auth/OpenID.php');
  25 require_once('Auth/OpenID/Consumer.php');
  26 require_once('Auth/OpenID/SReg.php');
  27 require_once('Auth/OpenID/MySQLStore.php');
  28
  29 # About one year cookie expiry
  30
  31 define('OPENID_COOKIE_EXPIRY', round(365.25 * 24 * 60 * 60));
  32 define('OPENID_COOKIE_KEY', 'lastusedopenid');
  33
  34 function oid_store() {
  35     static $store = NULL;
  36         if (!$store) {
  37                 # Can't be called statically
  38                 $user = new User();
  39                 $conn = $user->getDatabaseConnection();
  40                 $store = new Auth_OpenID_MySQLStore($conn);
  41         }
  42         return $store;
  43 }
  44
  45 function oid_consumer() {
  46         $store = oid_store();
  47         $consumer = new Auth_OpenID_Consumer($store);
  48         return $consumer;
  49 }
  50
  51 function oid_clear_last() {
  52         if (oid_get_last()) {
  53                 oid_set_last('');
  54         }
  55 }
  56
  57 function oid_set_last($openid_url) {
  58         global $config;
  59         setcookie(OPENID_COOKIE_KEY, $openid_url,
  60                           time() + OPENID_COOKIE_EXPIRY,
  61                           '/' . $config['site']['path'] . '/',
  62                           $config['site']['server']);
  63 }
  64
  65 function oid_get_last() {
  66         return $_COOKIE[OPENID_COOKIE_KEY];
  67 }
  68
  69 function oid_link_user($id, $canonical, $display) {
  70
  71         $oid = new User_openid();
  72         $oid->user_id = $id;
  73         $oid->canonical = $canonical;
  74         $oid->display = $display;
  75         $oid->created = DB_DataObject_Cast::dateTime();
  76
  77         if (!$oid->insert()) {
  78                 $err = PEAR::getStaticProperty('DB_DataObject','lastError');
  79                 common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__);
  80                 return false;
  81         }
  82
  83         return true;
  84 }
  85
  86 function oid_get_user($openid_url) {
  87         $user = NULL;
  88         $oid = User_openid::staticGet('canonical', $openid_url);
  89         if ($oid) {
  90                 $user = User::staticGet('id', $oid->user_id);
  91         }
  92         return $user;
  93 }
  94
  95 function oid_check_immediate($openid_url, $backto=NULL) {
  96         if (!$backto) {
  97                 $backto = $_SERVER['PHP_SELF'];
  98         }
  99         common_ensure_session();
 100         $_SESSION['openid_immediate_backto'] = $backto;
 101         oid_authenticate($openid_url,
 102                                          'finishimmediate',
 103                                          true);
 104 }
 105
 106 function oid_authenticate($openid_url, $returnto, $immediate=false) {
 107
 108         $consumer = oid_consumer();
 109
 110         if (!$consumer) {
 111                 common_server_error(_t('Cannot instantiate OpenID consumer object.'));
 112                 return false;
 113         }
 114
 115         common_ensure_session();
 116
 117         $auth_request = $consumer->begin($openid_url);
 118
 119         // Handle failure status return values.
 120         if (!$auth_request) {
 121                 return _t('Not a valid OpenID.');
 122         } else if (Auth_OpenID::isFailure($auth_request)) {
 123                 return _t('OpenID failure: ') . $auth_request->message;
 124         }
 125
 126         $sreg_request = Auth_OpenID_SRegRequest::build(// Required
 127                                                                                                    array(),
 128                                                                                                    // Optional
 129                                                                                                    array('nickname',
 130                                                                                                                  'email',
 131                                                                                                                  'fullname',
 132                                                                                                                  'language',
 133                                                                                                                  'timezone',
 134                                                                                                                  'postcode',
 135                                                                                                                  'country'));
 136
 137         if ($sreg_request) {
 138                 $auth_request->addExtension($sreg_request);
 139         }
 140
 141         $trust_root = common_local_url('public');
 142         $process_url = common_local_url($returnto);
 143
 144         if ($auth_request->shouldSendRedirect()) {
 145                 $redirect_url = $auth_request->redirectURL($trust_root,
 146                                                                                                    $process_url,
 147                                                                                                    $immediate);
 148                 if (!$redirect_url) {
 149                 } else if (Auth_OpenID::isFailure($redirect_url)) {
 150                         return _t('Could not redirect to server: ') . $redirect_url->message;
 151                 } else {
 152                         common_redirect($redirect_url);
 153                 }
 154         } else {
 155                 // Generate form markup and render it.
 156                 $form_id = 'openid_message';
 157                 $form_html = $auth_request->formMarkup($trust_root, $process_url,
 158                                                                                            $immediate, array('id' => $form_id));
 159
 160                 # XXX: This is cheap, but things choke if we don't escape ampersands
 161                 # in the HTML attributes
 162
 163                 $form_html = preg_replace('/&/', '&amp;', $form_html);
 164
 165                 // Display an error if the form markup couldn't be generated;
 166                 // otherwise, render the HTML.
 167                 if (Auth_OpenID::isFailure($form_html)) {
 168                         $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
 169                 } else {
 170                         common_show_header(_t('OpenID Auto-Submit'));
 171                         common_element('p', 'instructions',
 172                                                    _t('This form should automatically submit itself. '.
 173                                                           'If not, click the submit button to go to your '.
 174                                                           'OpenID provider.'));
 175                         common_raw($form_html);
 176                         common_element('script', NULL,
 177                                                    '$(document).ready(function() { ' .
 178                                                    '    $("#'. $form_id .'").submit(); '.
 179                                                    '});');
 180                         common_show_footer();
 181                 }
 182         }
 183 }