3 * StatusNet, the distributed open-source microblogging tool
7 * LICENCE: This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 * @author Evan Prodromou <evan@status.net>
23 * @copyright 2009 StatusNet, Inc.
24 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
25 * @link http://status.net/
28 if (!defined('STATUSNET')) {
33 * Plugin for OpenID authentication and identity
35 * This class enables consumer support for OpenID, the distributed authentication
36 * and identity system.
40 * @author Evan Prodromou <evan@status.net>
41 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
42 * @link http://status.net/
43 * @link http://openid.net/
46 class OpenIDPlugin extends Plugin
48 public $openidOnly = false;
51 * Add OpenID-related paths to the router table
53 * Hook for RouterInitialized event.
55 * @param Net_URL_Mapper $m URL mapper
57 * @return boolean hook return
60 function onStartInitializeRouter($m)
62 $m->connect('main/openid', array('action' => 'openidlogin'));
63 $m->connect('main/openidtrust', array('action' => 'openidtrust'));
64 $m->connect('settings/openid', array('action' => 'openidsettings'));
65 $m->connect('index.php?action=finishopenidlogin',
66 array('action' => 'finishopenidlogin'));
67 $m->connect('index.php?action=finishaddopenid',
68 array('action' => 'finishaddopenid'));
69 $m->connect('main/openidserver', array('action' => 'openidserver'));
75 * In OpenID-only mode, disable paths for password stuff
77 * @param string $path path to connect
78 * @param array $defaults path defaults
79 * @param array $rules path rules
80 * @param array $result unused
82 * @return boolean hook return
85 function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
87 if ($this->openidOnly) {
88 static $block = array('main/login',
90 'main/recoverpassword',
93 if (in_array($path, $block)) {
102 * If we've been hit with password-login args, redirect
104 * @param array $args args (URL, Get, post)
106 * @return boolean hook return
109 function onArgsInitialize($args)
111 if ($this->openidOnly) {
112 if (array_key_exists('action', $args)) {
113 $action = trim($args['action']);
114 if (in_array($action, array('login', 'register'))) {
115 common_redirect(common_local_url('openidlogin'));
117 } else if ($action == 'passwordsettings') {
118 common_redirect(common_local_url('openidsettings'));
120 } else if ($action == 'recoverpassword') {
121 throw new ClientException('Unavailable action');
129 * Public XRDS output hook
131 * Puts the bits of code needed by some OpenID providers to show
132 * we're good citizens.
134 * @param Action $action Action being executed
135 * @param XMLOutputter &$xrdsOutputter Output channel
137 * @return boolean hook return
140 function onEndPublicXRDS($action, &$xrdsOutputter)
142 $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)',
143 'xmlns:simple' => 'http://xrds-simple.net/core/1.0',
144 'version' => '2.0'));
145 $xrdsOutputter->element('Type', null, 'xri://$xrds*simple');
147 foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) {
148 $xrdsOutputter->showXrdsService(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
149 common_local_url($finish));
152 $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/server',
153 common_local_url('openidserver'),
156 'http://specs.openid.net/auth/2.0/identifier_select');
157 $xrdsOutputter->elementEnd('XRD');
161 * User XRDS output hook
163 * Puts the bits of code needed to discover OpenID endpoints.
165 * @param Action $action Action being executed
166 * @param XMLOutputter &$xrdsOutputter Output channel
168 * @return boolean hook return
171 function onEndUserXRDS($action, &$xrdsOutputter)
173 $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)',
174 'xml:id' => 'openid',
175 'xmlns:simple' => 'http://xrds-simple.net/core/1.0',
176 'version' => '2.0'));
177 $xrdsOutputter->element('Type', null, 'xri://$xrds*simple');
180 $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/return_to',
181 common_local_url('finishopenidlogin'));
184 $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/signon',
185 common_local_url('openidserver'),
188 common_profile_url($action->user->nickname));
189 $xrdsOutputter->elementEnd('XRD');
193 * If we're in OpenID-only mode, hide all the main menu except OpenID login.
195 * @param Action $action Action being run
197 * @return boolean hook return
200 function onStartPrimaryNav($action)
202 if ($this->openidOnly && !common_logged_in()) {
203 // TRANS: Tooltip for main menu option "Login"
204 $tooltip = _m('TOOLTIP', 'Login to the site');
205 $action->menuItem(common_local_url('openidlogin'),
206 // TRANS: Main menu option when not logged in to log in
211 // TRANS: Tooltip for main menu option "Help"
212 $tooltip = _m('TOOLTIP', 'Help me!');
213 $action->menuItem(common_local_url('doc', array('title' => 'help')),
214 // TRANS: Main menu option for help on the StatusNet site
219 if (!common_config('site', 'private')) {
220 // TRANS: Tooltip for main menu option "Search"
221 $tooltip = _m('TOOLTIP', 'Search for people or text');
222 $action->menuItem(common_local_url('peoplesearch'),
223 // TRANS: Main menu option when logged in or when the StatusNet instance is not private
224 _m('MENU', 'Search'), $tooltip, false, 'nav_search');
226 Event::handle('EndPrimaryNav', array($action));
235 * If we're in openidOnly mode, we disable the menu for all other login.
237 * @param Action &$action Action being executed
239 * @return boolean hook return
242 function onStartLoginGroupNav(&$action)
244 if ($this->openidOnly) {
245 $this->showOpenIDLoginTab($action);
246 // Even though we replace this code, we
247 // DON'T run the End* hook, to keep others from
248 // adding tabs. Not nice, but.
256 * Menu item for login
258 * @param Action &$action Action being executed
260 * @return boolean hook return
263 function onEndLoginGroupNav(&$action)
265 $this->showOpenIDLoginTab($action);
271 * Show menu item for login
273 * @param Action $action Action being executed
278 function showOpenIDLoginTab($action)
280 $action_name = $action->trimmed('action');
282 $action->menuItem(common_local_url('openidlogin'),
283 // TRANS: OpenID plugin menu item on site logon page.
284 _m('MENU', 'OpenID'),
285 // TRANS: OpenID plugin tooltip for logon menu item.
286 _m('Login or register with OpenID'),
287 $action_name === 'openidlogin');
291 * Show menu item for password
293 * We hide it in openID-only mode
295 * @param Action $menu Widget for menu
296 * @param void &$unused Unused value
301 function onStartAccountSettingsPasswordMenuItem($menu, &$unused) {
302 if ($this->openidOnly) {
309 * Menu item for OpenID settings
311 * @param Action &$action Action being executed
313 * @return boolean hook return
316 function onEndAccountSettingsNav(&$action)
318 $action_name = $action->trimmed('action');
320 $action->menuItem(common_local_url('openidsettings'),
321 // TRANS: OpenID plugin menu item on user settings page.
322 _m('MENU', 'OpenID'),
323 // TRANS: OpenID plugin tooltip for user settings menu item.
324 _m('Add or remove OpenIDs'),
325 $action_name === 'openidsettings');
333 * Loads our classes if they're requested.
335 * @param string $cls Class requested
337 * @return boolean hook return
340 function onAutoload($cls)
344 case 'OpenidloginAction':
345 case 'FinishopenidloginAction':
346 case 'FinishaddopenidAction':
348 case 'PublicxrdsAction':
349 case 'OpenidsettingsAction':
350 case 'OpenidserverAction':
351 case 'OpenidtrustAction':
352 require_once INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php';
355 require_once INSTALLDIR.'/plugins/OpenID/User_openid.php';
357 case 'User_openid_trustroot':
358 require_once INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php';
368 * These actions should use https when SSL support is 'sometimes'
370 * @param Action $action Action to form an URL for
371 * @param boolean &$ssl Whether to mark it for SSL
373 * @return boolean hook return
376 function onSensitiveAction($action, &$ssl)
380 case 'finishopenidlogin':
381 case 'finishaddopenid':
392 * These actions should be visible even when the site is marked private
394 * @param Action $action Action to show
395 * @param boolean &$login Whether it's a login action
397 * @return boolean hook return
400 function onLoginAction($action, &$login)
405 case 'finishopenidlogin':
415 * We include a <meta> element linking to the userxrds page, for OpenID
416 * client-side authentication.
418 * @param Action $action Action being shown
423 function onEndShowHeadElements($action)
425 if ($action instanceof ShowstreamAction) {
426 $action->element('link', array('rel' => 'openid2.provider',
427 'href' => common_local_url('openidserver')));
428 $action->element('link', array('rel' => 'openid2.local_id',
429 'href' => $action->profile->profileurl));
430 $action->element('link', array('rel' => 'openid.server',
431 'href' => common_local_url('openidserver')));
432 $action->element('link', array('rel' => 'openid.delegate',
433 'href' => $action->profile->profileurl));
439 * Redirect to OpenID login if they have an OpenID
441 * @param Action $action Action being executed
442 * @param User $user User doing the action
444 * @return boolean whether to continue
447 function onRedirectToLogin($action, $user)
449 if ($this->openidOnly || (!empty($user) && User_openid::hasOpenID($user->id))) {
450 common_redirect(common_local_url('openidlogin'), 303);
457 * Show some extra instructions for using OpenID
459 * @param Action $action Action being executed
461 * @return boolean hook value
464 function onEndShowPageNotice($action)
466 $name = $action->trimmed('action');
471 if (common_logged_in()) {
472 $instr = '(Have an [OpenID](http://openid.net/)? ' .
473 '[Add an OpenID to your account](%%action.openidsettings%%)!';
475 $instr = '(Have an [OpenID](http://openid.net/)? ' .
476 'Try our [OpenID registration]'.
477 '(%%action.openidlogin%%)!)';
481 $instr = '(Have an [OpenID](http://openid.net/)? ' .
482 'Try our [OpenID login]'.
483 '(%%action.openidlogin%%)!)';
489 $output = common_markup_to_html($instr);
490 $action->raw($output);
495 * Load our document if requested
497 * @param string &$title Title to fetch
498 * @param string &$output HTML to output
500 * @return boolean hook value
503 function onStartLoadDoc(&$title, &$output)
505 if ($title == 'openid') {
506 $filename = INSTALLDIR.'/plugins/OpenID/doc-src/openid';
508 $c = file_get_contents($filename);
509 $output = common_markup_to_html($c);
510 return false; // success!
517 * Add our document to the global menu
519 * @param string $title Title being fetched
520 * @param string &$output HTML being output
522 * @return boolean hook value
525 function onEndLoadDoc($title, &$output)
527 if ($title == 'help') {
528 $menuitem = '* [OpenID](%%doc.openid%%) - what OpenID is and how to use it with this service';
530 $output .= common_markup_to_html($menuitem);
539 * Assure that our data objects are available in the DB
541 * @return boolean hook value
544 function onCheckSchema()
546 $schema = Schema::get();
547 $schema->ensureTable('user_openid',
548 array(new ColumnDef('canonical', 'varchar',
549 '255', false, 'PRI'),
550 new ColumnDef('display', 'varchar',
551 '255', false, 'UNI'),
552 new ColumnDef('user_id', 'integer',
554 new ColumnDef('created', 'datetime',
556 new ColumnDef('modified', 'timestamp')));
557 $schema->ensureTable('user_openid_trustroot',
558 array(new ColumnDef('trustroot', 'varchar',
559 '255', false, 'PRI'),
560 new ColumnDef('user_id', 'integer',
562 new ColumnDef('created', 'datetime',
564 new ColumnDef('modified', 'timestamp')));
569 * Add our tables to be deleted when a user is deleted
571 * @param User $user User being deleted
572 * @param array &$tables Array of table names
574 * @return boolean hook value
577 function onUserDeleteRelated($user, &$tables)
579 $tables[] = 'User_openid';
580 $tables[] = 'User_openid_trustroot';
585 * Add our version information to output
587 * @param array &$versions Array of version-data arrays
589 * @return boolean hook value
592 function onPluginVersion(&$versions)
594 $versions[] = array('name' => 'OpenID',
595 'version' => STATUSNET_VERSION,
596 'author' => 'Evan Prodromou, Craig Andrews',
597 'homepage' => 'http://status.net/wiki/Plugin:OpenID',
599 // TRANS: OpenID plugin description.
600 _m('Use <a href="http://openid.net/">OpenID</a> to login to the site.'));