X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FOpenID%2FOpenIDPlugin.php;h=2635cb7c9d09211d7b7c2bc26bf60526f586fde1;hb=c0bb1a57984266024e8e5a968c0f3a3b54befff6;hp=6b723ad10f9fda963b009d51babfb7f19cd8e683;hpb=7ec5e7cd7668c2d34f8cb8e7c22faecc13bc0a13;p=quix0rs-gnu-social.git diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 6b723ad10f..2635cb7c9d 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -20,7 +20,9 @@ * @category Plugin * @package StatusNet * @author Evan Prodromou - * @copyright 2009 StatusNet, Inc. + * @author Craig Andrews + * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -38,14 +40,26 @@ if (!defined('STATUSNET')) { * @category Plugin * @package StatusNet * @author Evan Prodromou + * @author Craig Andrews + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ * @link http://openid.net/ */ - class OpenIDPlugin extends Plugin { - public $openidOnly = false; + // Plugin parameter: set true to disallow non-OpenID logins + // If set, overrides the setting in database or $config['site']['openidonly'] + public $openidOnly = null; + + function initialize() + { + parent::initialize(); + if ($this->openidOnly !== null) { + global $config; + $config['site']['openidonly'] = (bool)$this->openidOnly; + } + } /** * Add OpenID-related paths to the router table @@ -56,7 +70,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onStartInitializeRouter($m) { $m->connect('main/openid', array('action' => 'openidlogin')); @@ -67,6 +80,7 @@ class OpenIDPlugin extends Plugin $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); $m->connect('main/openidserver', array('action' => 'openidserver')); + $m->connect('admin/openid', array('action' => 'openidadminpanel')); return true; } @@ -81,13 +95,17 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onStartConnectPath(&$path, &$defaults, &$rules, &$result) { - if ($this->openidOnly) { - static $block = array('main/login', - 'main/register', - 'main/recoverpassword', + if (common_config('site', 'openidonly')) { + // Note that we should not remove the login and register + // actions. Lots of auth-related things link to them, + // such as when visiting a private site without a session + // or revalidating a remembered login for admin work. + // + // We take those two over with redirects to ourselves + // over in onArgsInitialize(). + static $block = array('main/recoverpassword', 'settings/password'); if (in_array($path, $block)) { @@ -105,10 +123,9 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onArgsInitialize($args) { - if ($this->openidOnly) { + if (common_config('site', 'openidonly')) { if (array_key_exists('action', $args)) { $action = trim($args['action']); if (in_array($action, array('login', 'register'))) { @@ -136,7 +153,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onEndPublicXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', @@ -167,7 +183,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onEndUserXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', @@ -196,10 +211,9 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onStartPrimaryNav($action) { - if ($this->openidOnly && !common_logged_in()) { + if (common_config('site', 'openidonly') && !common_logged_in()) { // TRANS: Tooltip for main menu option "Login" $tooltip = _m('TOOLTIP', 'Login to the site'); $action->menuItem(common_local_url('openidlogin'), @@ -234,14 +248,13 @@ class OpenIDPlugin extends Plugin * * If we're in openidOnly mode, we disable the menu for all other login. * - * @param Action &$action Action being executed + * @param Action $action Action being executed * * @return boolean hook return */ - - function onStartLoginGroupNav(&$action) + function onStartLoginGroupNav($action) { - if ($this->openidOnly) { + if (common_config('site', 'openidonly')) { $this->showOpenIDLoginTab($action); // Even though we replace this code, we // DON'T run the End* hook, to keep others from @@ -255,12 +268,11 @@ class OpenIDPlugin extends Plugin /** * Menu item for login * - * @param Action &$action Action being executed + * @param Action $action Action being executed * * @return boolean hook return */ - - function onEndLoginGroupNav(&$action) + function onEndLoginGroupNav($action) { $this->showOpenIDLoginTab($action); @@ -274,7 +286,6 @@ class OpenIDPlugin extends Plugin * * @return void */ - function showOpenIDLoginTab($action) { $action_name = $action->trimmed('action'); @@ -297,9 +308,8 @@ class OpenIDPlugin extends Plugin * * @return void */ - function onStartAccountSettingsPasswordMenuItem($menu, &$unused) { - if ($this->openidOnly) { + if (common_config('site', 'openidonly')) { return false; } return true; @@ -308,12 +318,11 @@ class OpenIDPlugin extends Plugin /** * Menu item for OpenID settings * - * @param Action &$action Action being executed + * @param Action $action Action being executed * * @return boolean hook return */ - - function onEndAccountSettingsNav(&$action) + function onEndAccountSettingsNav($action) { $action_name = $action->trimmed('action'); @@ -336,7 +345,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onAutoload($cls) { switch ($cls) @@ -349,13 +357,19 @@ class OpenIDPlugin extends Plugin case 'OpenidsettingsAction': case 'OpenidserverAction': case 'OpenidtrustAction': - require_once INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; + case 'OpenidadminpanelAction': + require_once dirname(__FILE__) . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; return false; case 'User_openid': - require_once INSTALLDIR.'/plugins/OpenID/User_openid.php'; + require_once dirname(__FILE__) . '/User_openid.php'; return false; case 'User_openid_trustroot': - require_once INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'; + require_once dirname(__FILE__) . '/User_openid_trustroot.php'; + return false; + case 'Auth_OpenID_TeamsExtension': + case 'Auth_OpenID_TeamsRequest': + case 'Auth_OpenID_TeamsResponse': + require_once dirname(__FILE__) . '/extlib/teams-extension.php'; return false; default: return true; @@ -372,7 +386,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onSensitiveAction($action, &$ssl) { switch ($action) @@ -396,7 +409,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook return */ - function onLoginAction($action, &$login) { switch ($action) @@ -419,7 +431,6 @@ class OpenIDPlugin extends Plugin * * @return void */ - function onEndShowHeadElements($action) { if ($action instanceof ShowstreamAction) { @@ -443,10 +454,9 @@ class OpenIDPlugin extends Plugin * * @return boolean whether to continue */ - function onRedirectToLogin($action, $user) { - if ($this->openidOnly || (!empty($user) && User_openid::hasOpenID($user->id))) { + if (common_config('site', 'openid_only') || (!empty($user) && User_openid::hasOpenID($user->id))) { common_redirect(common_local_url('openidlogin'), 303); return false; } @@ -460,7 +470,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onEndShowPageNotice($action) { $name = $action->trimmed('action'); @@ -499,7 +508,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onStartLoadDoc(&$title, &$output) { if ($title == 'openid') { @@ -521,7 +529,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onEndLoadDoc($title, &$output) { if ($title == 'help') { @@ -540,7 +547,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onCheckSchema() { $schema = Schema::get(); @@ -573,7 +579,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onUserDeleteRelated($user, &$tables) { $tables[] = 'User_openid'; @@ -581,6 +586,33 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add an OpenID tab to the admin panel + * + * @param Widget $nav Admin panel nav + * + * @return boolean hook value + */ + function onEndAdminPanelNav($nav) + { + if (AdminPanelAction::canAdmin('openid')) { + + $action_name = $nav->action->trimmed('action'); + + $nav->out->menuItem( + common_local_url('openidadminpanel'), + // TRANS: OpenID configuration menu item. + _m('MENU','OpenID'), + // TRANS: Tooltip for OpenID configuration menu item. + _m('OpenID configuration'), + $action_name == 'openidadminpanel', + 'nav_openid_admin_panel' + ); + } + + return true; + } + /** * Add our version information to output * @@ -588,7 +620,6 @@ class OpenIDPlugin extends Plugin * * @return boolean hook value */ - function onPluginVersion(&$versions) { $versions[] = array('name' => 'OpenID', @@ -600,4 +631,133 @@ class OpenIDPlugin extends Plugin _m('Use OpenID to login to the site.')); return true; } + + function onStartOAuthLoginForm($action, &$button) + { + if (common_config('site', 'openidonly')) { + // Cancel the regular password login form, we won't need it. + $this->showOAuthLoginForm($action); + // TRANS: button label for OAuth authorization page when needing OpenID authentication first. + $button = _m('BUTTON', 'Continue'); + return false; + } else { + // Leave the regular password login form in place. + // We'll add an OpenID link at bottom...? + return true; + } + } + + /** + * @fixme merge with common code for main OpenID login form + * @param HTMLOutputter $action + */ + protected function showOAuthLoginForm($action) + { + $action->elementStart('fieldset'); + // TRANS: OpenID plugin logon form legend. + $action->element('legend', null, _m('OpenID login')); + + $action->elementStart('ul', 'form_data'); + $action->elementStart('li'); + $provider = common_config('openid', 'trusted_provider'); + $appendUsername = common_config('openid', 'append_username'); + if ($provider) { + // TRANS: Field label. + $action->element('label', array(), _m('OpenID provider')); + $action->element('span', array(), $provider); + if ($appendUsername) { + $action->element('input', array('id' => 'openid_username', + 'name' => 'openid_username', + 'style' => 'float: none')); + } + $action->element('p', 'form_guide', + // TRANS: Form guide. + ($appendUsername ? _m('Enter your username.') . ' ' : '') . + // TRANS: Form guide. + _m('You will be sent to the provider\'s site for authentication.')); + $action->hidden('openid_url', $provider); + } else { + // TRANS: OpenID plugin logon form field label. + $action->input('openid_url', _m('OpenID URL'), + '', + // TRANS: OpenID plugin logon form field instructions. + _m('Your OpenID URL')); + } + $action->elementEnd('li'); + $action->elementEnd('ul'); + + $action->elementEnd('fieldset'); + } + + /** + * Handle a POST user credential check in apioauthauthorization. + * If given an OpenID URL, we'll pass us over to the regular things + * and then redirect back here on completion. + * + * @fixme merge with common code for main OpenID login form + * @param HTMLOutputter $action + */ + function onStartOAuthLoginCheck($action, &$user) + { + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $openid_url = $provider; + if (common_config('openid', 'append_username')) { + $openid_url .= $action->trimmed('openid_username'); + } + } else { + $openid_url = $action->trimmed('openid_url'); + } + + if ($openid_url) { + require_once dirname(__FILE__) . '/openid.php'; + oid_assert_allowed($openid_url); + + $returnto = common_local_url( + 'ApiOauthAuthorize', + array(), + array( + 'oauth_token' => $action->arg('oauth_token'), + 'mode' => $action->arg('mode') + ) + ); + common_set_returnto($returnto); + + // This will redirect if functional... + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + if (is_string($result)) { # error message + throw new ServerException($result); + } else { + exit(0); + } + } + + return true; + } + + /** + * Add link in user's XRD file to allow OpenID login. + * + * This link in the XRD should let users log in with their + * Webfinger identity to services that support it. See + * http://webfinger.org/login for an example. + * + * @param XRD &$xrd Currently-displaying XRD object + * @param User $user The user that it's for + * + * @return boolean hook value (always true) + */ + + function onEndXrdActionLinks(&$xrd, $user) + { + $profile = $user->getProfile(); + + if (!empty($profile)) { + $xrd->links[] = array('rel' => 'http://specs.openid.net/auth/2.0/provider', + 'href' => $profile->profileurl); + } + + return true; + } }