From 54696f7c46684234bbeb48747b37f934ffd0d393 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 29 Oct 2009 16:01:25 -0400 Subject: [PATCH] Moved the public XRDS from the OpenID plugin to core Added 4 new events involved in XRDS: StartUserXRDS, EndUserXRDS, StartPublicXRDS, EndPublicXRDS Added OpenID provider functionality (no delegation support [yet]) --- EVENTS.txt | 16 +++ actions/public.php | 7 ++ actions/publicxrds.php | 81 +++++++++++++ actions/xrds.php | 106 +++++++++++------- lib/router.php | 3 + .../publicxrds.php => lib/xrdsoutputter.php | 77 +++++-------- plugins/OpenID/OpenIDPlugin.php | 63 +++++++++-- plugins/OpenID/openid.php | 8 ++ plugins/OpenID/openidserver.php | 96 ++++++++++++++++ 9 files changed, 360 insertions(+), 97 deletions(-) create mode 100644 actions/publicxrds.php rename plugins/OpenID/publicxrds.php => lib/xrdsoutputter.php (52%) create mode 100644 plugins/OpenID/openidserver.php diff --git a/EVENTS.txt b/EVENTS.txt index d989557e64..a8a77390f6 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -458,3 +458,19 @@ StartProfileListItemActionElements: Showing the profile list actions (prepend a EndProfileListItemActionElements: Showing profile list actions (append a button here) - $item: ProfileListItem widget + +StartUserXRDS: Start XRDS output (right after the opening XRDS tag) +- $action: the current action +- &$xrdsoutputter - XRDSOutputter object to write to + +EndUserXRDS: End XRDS output (right before the closing XRDS tag) +- $action: the current action +- &$xrdsoutputter - XRDSOutputter object to write to + +StartPublicXRDS: Start XRDS output (right after the opening XRDS tag) +- $action: the current action +- &$xrdsoutputter - XRDSOutputter object to write to + +EndPublicXRDS: End XRDS output (right before the closing XRDS tag) +- $action: the current action +- &$xrdsoutputter - XRDSOutputter object to write to diff --git a/actions/public.php b/actions/public.php index 73fad182a3..4b71e58532 100644 --- a/actions/public.php +++ b/actions/public.php @@ -131,6 +131,13 @@ class PublicAction extends Action return _('Public timeline'); } } + + function extraHead() + { + parent::extraHead(); + $this->element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('publicxrds'))); + } /** * Output elements for RSS and Atom feeds diff --git a/actions/publicxrds.php b/actions/publicxrds.php new file mode 100644 index 0000000000..5fd4eead7d --- /dev/null +++ b/actions/publicxrds.php @@ -0,0 +1,81 @@ + + * @author Robin Millette + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2008, 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; +require_once INSTALLDIR.'/lib/xrdsoutputter.php'; + +/** + * Public XRDS + * + * @category Action + * @package StatusNet + * @author Evan Prodromou + * @author Robin Millette + * @author Craig Andrews + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @todo factor out similarities with XrdsAction + */ +class PublicxrdsAction extends Action +{ + /** + * Is read only? + * + * @return boolean true + */ + function isReadOnly($args) + { + return true; + } + + /** + * Class handler. + * + * @param array $args array of arguments + * + * @return nothing + */ + function handle($args) + { + parent::handle($args); + $xrdsOutputter = new XRDSOutputter(); + $xrdsOutputter->startXRDS(); + Event::handle('StartPublicXRDS', array($this,&$xrdsOutputter)); + Event::handle('EndPublicXRDS', array($this,&$xrdsOutputter)); + $xrdsOutputter->endXRDS(); + } +} + diff --git a/actions/xrds.php b/actions/xrds.php index 8ba89fec0f..8f09557d18 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -36,6 +36,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR.'/lib/omb.php'; require_once INSTALLDIR.'/extlib/libomb/service_provider.php'; require_once INSTALLDIR.'/extlib/libomb/xrds_mapper.php'; +require_once INSTALLDIR.'/lib/xrdsoutputter.php'; /** * XRDS for OpenMicroBlogging @@ -49,6 +50,8 @@ require_once INSTALLDIR.'/extlib/libomb/xrds_mapper.php'; */ class XrdsAction extends Action { + var $user; + /** * Is read only? * @@ -58,60 +61,87 @@ class XrdsAction extends Action { return true; } - - /** - * Class handler. - * - * @param array $args query arguments - * - * @return void - */ - function handle($args) + + function prepare($args) { - parent::handle($args); + parent::prepare($args); $nickname = $this->trimmed('nickname'); - $user = User::staticGet('nickname', $nickname); - if (!$user) { + $this->user = User::staticGet('nickname', $nickname); + if (!$this->user) { $this->clientError(_('No such user.')); return; } - $this->showXrds($user); + return true; } /** - * Show XRDS for a user. + * Class handler. * - * @param class $user XRDS for this user. + * @param array $args query arguments * * @return void */ - function showXrds($user) + function handle($args) { - $srv = new OMB_Service_Provider(profile_to_omb_profile($user->uri, - $user->getProfile())); - /* Use libomb’s default XRDS Writer. */ - $xrds_writer = null; - $srv->writeXRDS(new Laconica_XRDS_Mapper(), $xrds_writer); - } -} + parent::handle($args); + $xrdsOutputter = new XRDSOutputter(); + $xrdsOutputter->startXRDS(); -class Laconica_XRDS_Mapper implements OMB_XRDS_Mapper -{ - protected $urls; + Event::handle('StartUserXRDS', array($this,&$xrdsOutputter)); - public function __construct() - { - $this->urls = array( - OAUTH_ENDPOINT_REQUEST => 'requesttoken', - OAUTH_ENDPOINT_AUTHORIZE => 'userauthorization', - OAUTH_ENDPOINT_ACCESS => 'accesstoken', - OMB_ENDPOINT_POSTNOTICE => 'postnotice', - OMB_ENDPOINT_UPDATEPROFILE => 'updateprofile'); - } + //oauth + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_REQUEST, + common_local_url('requesttoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1)); + $xrdsOutputter->showXrdsService( OAUTH_ENDPOINT_AUTHORIZE, + common_local_url('userauthorization'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1), + null, + $this->user->getIdentifierURI()); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_ACCESS, + common_local_url('accesstoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1), + null, + $this->user->getIdentifierURI()); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_RESOURCE, + null, + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1), + null, + $this->user->getIdentifierURI()); + $xrdsOutputter->elementEnd('XRD'); + + //omb + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + $xrdsOutputter->showXrdsService(OMB_ENDPOINT_POSTNOTICE, + common_local_url('postnotice')); + $xrdsOutputter->showXrdsService(OMB_ENDPOINT_UPDATEPROFILE, + common_local_url('updateprofile')); + $xrdsOutputter->elementEnd('XRD'); + + //misc + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->showXrdsService(OAUTH_DISCOVERY, + '#oauth'); + $xrdsOutputter->showXrdsService(OMB_VERSION, + '#omb'); + $xrdsOutputter->elementEnd('XRD'); - public function getURL($action) - { - return common_local_url($this->urls[$action]); + Event::handle('EndUserXRDS', array($this,&$xrdsOutputter)); + + $xrdsOutputter->endXRDS(); + } } ?> diff --git a/lib/router.php b/lib/router.php index 2fd255fe6f..0dd130ab07 100644 --- a/lib/router.php +++ b/lib/router.php @@ -108,6 +108,9 @@ class Router $m->connect('main/oembed', array('action' => 'oembed')); + $m->connect('main/xrds', + array('action' => 'publicxrds')); + // these take a code foreach (array('register', 'confirmaddress', 'recoverpassword') as $c) { diff --git a/plugins/OpenID/publicxrds.php b/lib/xrdsoutputter.php similarity index 52% rename from plugins/OpenID/publicxrds.php rename to lib/xrdsoutputter.php index 1b2b359caa..0e228e2937 100644 --- a/plugins/OpenID/publicxrds.php +++ b/lib/xrdsoutputter.php @@ -1,21 +1,12 @@ - * @author Robin Millette - * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 - * @link http://status.net/ + * Low-level generator for HTML * - * StatusNet - the distributed open-source microblogging tool - * Copyright (C) 2008, 2009, StatusNet, Inc. + * PHP version 5 * - * This program is free software: you can redistribute it and/or modify + * LICENCE: This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. @@ -27,60 +18,45 @@ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . + * + * @category Output + * @package StatusNet + * @author Craig Andrews + * @copyright 2008 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ */ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/OpenID/openid.php'; +require_once INSTALLDIR.'/lib/xmloutputter.php'; /** - * Public XRDS for OpenID + * Low-level generator for XRDS XML * - * @category Action + * @category Output * @package StatusNet - * @author Evan Prodromou - * @author Robin Millette - * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @author Craig Andrews + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ * - * @todo factor out similarities with XrdsAction + * @see Action + * @see XMLOutputter */ -class PublicxrdsAction extends Action -{ - /** - * Is read only? - * - * @return boolean true - */ - function isReadOnly($args) - { - return true; - } - /** - * Class handler. - * - * @param array $args array of arguments - * - * @return nothing - */ - function handle($args) +class XRDSOutputter extends XMLOutputter +{ + public function startXRDS() { - parent::handle($args); header('Content-Type: application/xrds+xml'); $this->startXML(); $this->elementStart('XRDS', array('xmlns' => 'xri://$xrds')); - $this->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); - $this->element('Type', null, 'xri://$xrds*simple'); - foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { - $this->showService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); - } - $this->elementEnd('XRD'); + } + + public function endXRDS() + { $this->elementEnd('XRDS'); $this->endXML(); } @@ -96,7 +72,7 @@ class PublicxrdsAction extends Action * * @return void */ - function showService($type, $uri, $params=null, $sigs=null, $localId=null) + function showXrdsService($type, $uri, $params=null, $sigs=null, $localId=null) { $this->elementStart('Service'); if ($uri) { @@ -119,4 +95,3 @@ class PublicxrdsAction extends Action $this->elementEnd('Service'); } } - diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 81e3ed9c4c..5ebee2cbe4 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -62,17 +62,59 @@ class OpenIDPlugin extends Plugin * @return boolean hook return */ - function onRouterInitialized($m) + function onStartInitializeRouter($m) { $m->connect('main/openid', array('action' => 'openidlogin')); + $m->connect('main/openidtrust', array('action' => 'openidtrust')); $m->connect('settings/openid', array('action' => 'openidsettings')); - $m->connect('xrds', array('action' => 'publicxrds')); $m->connect('index.php?action=finishopenidlogin', array('action' => 'finishopenidlogin')); $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); - + $m->connect('main/openidserver', array('action' => 'openidserver')); + return true; } + function onEndPublicXRDS($action, &$xrdsOutputter) + { + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + //consumer + foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { + $xrdsOutputter->showXrdsService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, + common_local_url($finish)); + } + //provider + $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/server', + common_local_url('openidserver'), + null, + null, + 'http://specs.openid.net/auth/2.0/identifier_select'); + $xrdsOutputter->elementEnd('XRD'); + } + + function onEndUserXRDS($action, &$xrdsOutputter) + { + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'openid', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + + //consumer + $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/return_to', + common_local_url('finishopenidlogin')); + + //provider + $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/signon', + common_local_url('openidserver'), + null, + null, + common_profile_url($action->user->nickname)); + $xrdsOutputter->elementEnd('XRD'); + } + function onEndLoginGroupNav(&$action) { $action_name = $action->trimmed('action'); @@ -107,6 +149,7 @@ class OpenIDPlugin extends Plugin case 'XrdsAction': case 'PublicxrdsAction': case 'OpenidsettingsAction': + case 'OpenidserverAction': require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'); return false; case 'User_openid': @@ -152,12 +195,16 @@ class OpenIDPlugin extends Plugin function onEndShowHeadElements($action) { - if ($action->trimmed('action') == 'public') { - // for client side of OpenID authentication - $action->element('meta', array('http-equiv' => 'X-XRDS-Location', - 'content' => common_local_url('publicxrds'))); + if($action instanceof ShowstreamAction){ + $action->element('link', array('rel' => 'openid2.provider', + 'href' => common_local_url('openidserver'))); + $action->element('link', array('rel' => 'openid2.local_id', + 'href' => $action->profile->profileurl)); + $action->element('link', array('rel' => 'openid.server', + 'href' => common_local_url('openidserver'))); + $action->element('link', array('rel' => 'openid.delegate', + 'href' => $action->profile->profileurl)); } - return true; } diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php index b76497c28a..ff7a938994 100644 --- a/plugins/OpenID/openid.php +++ b/plugins/OpenID/openid.php @@ -23,6 +23,7 @@ require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); require_once('Auth/OpenID.php'); require_once('Auth/OpenID/Consumer.php'); +require_once('Auth/OpenID/Server.php'); require_once('Auth/OpenID/SReg.php'); require_once('Auth/OpenID/MySQLStore.php'); @@ -50,6 +51,13 @@ function oid_consumer() return $consumer; } +function oid_server() +{ + $store = oid_store(); + $server = new Auth_OpenID_Server($store, common_local_url('openidserver')); + return $server; +} + function oid_clear_last() { oid_set_last(''); diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php new file mode 100644 index 0000000000..198a1a3280 --- /dev/null +++ b/plugins/OpenID/openidserver.php @@ -0,0 +1,96 @@ +. + * + * @category Settings + * @package StatusNet + * @author Craig Andrews + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/action.php'; +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +/** + * Settings for OpenID + * + * Lets users add, edit and delete OpenIDs from their account + * + * @category Settings + * @package StatusNet + * @author Craig Andrews + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class OpenidserverAction extends Action +{ + + function handle($args) + { + parent::handle($args); + $oserver = oid_server(); + $request = $oserver->decodeRequest(); + if (in_array($request->mode, array('checkid_immediate', + 'checkid_setup'))) { + $cur = common_current_user(); + error_log("Request identity: " . $request->identity); + if(!$cur){ + /* Go log in, and then come back. */ + common_set_returnto($_SERVER['REQUEST_URI']); + common_redirect(common_local_url('login')); + return; + }else if(common_profile_url($cur->nickname) == $request->identity || $request->idSelect()){ + $response = &$request->answer(true, null, common_profile_url($cur->nickname)); + } else if ($request->immediate) { + $response = &$request->answer(false); + } else { + //invalid + $this->clientError(sprintf(_('You are not authorized to use the identity %s'),$request->identity),$code=403); + } + } else { + $response = &$oserver->handleRequest($request); + } + + if($response){ + $webresponse = $oserver->encodeResponse($response); + + if ($webresponse->code != AUTH_OPENID_HTTP_OK) { + header(sprintf("HTTP/1.1 %d ", $webresponse->code), + true, $webresponse->code); + } + + if($webresponse->headers){ + foreach ($webresponse->headers as $k => $v) { + header("$k: $v"); + } + } + $this->raw($webresponse->body); + }else{ + $this->clientError(_('Just an OpenID provider. Nothing to see here, move along...'),$code=500); + } + } +} -- 2.39.5