commit 6d30e0427c9f3df35e682f173eec109ce80e62fb
parent 2506fa7419ee99b899334765cdb4d73042a471a3
Author: dankert <devnull@localhost>
Date: Wed, 24 Nov 2010 22:44:43 +0100
Fixes for OpenId 2.0
Diffstat:
4 files changed, 94 insertions(+), 44 deletions(-)
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -291,7 +291,7 @@ class IndexAction extends Action
$openid_provider = array();
foreach( explode(',',$conf['security']['openid']['provider']) as $provider )
$openid_provider[$provider] = config('security','openid','provider.'.$provider.'.name');
- $this->setTemplateVar('openid_provider',$openid_provider);
+ $this->setTemplateVar('openid_providers',$openid_provider);
$this->setTemplateVar('openid_user_identity',config('security','openid','user_identity'));
//$this->setTemplateVar('openid_provider','identity');
@@ -565,10 +565,19 @@ class IndexAction extends Action
// Anmeldung wurde mit "is_valid:true" best�tigt.
// Der Benutzer ist jetzt eingeloggt.
- $username = $openId->getUserFromIdentiy();
+ $username = $openId->getUserFromIdentiy();
+
+ if ( empty($username) )
+ {
+ // Es konnte kein Benutzername ermittelt werden.
+ $this->addNotice('user',$username,'LOGIN_OPENID_FAILED','error',array('name'=>$username) );
+ $this->addValidationError('openid_url','');
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+ $user = User::loadWithName( $username );
- $user = User::loadWithName( $username );
-
if ( $user->userid <=0)
{
// Benutzer ist (noch) nicht vorhanden.
diff --git a/serviceClasses/OpenId.class.php b/serviceClasses/OpenId.class.php
@@ -115,6 +115,9 @@ class OpenId
$this->user = config('security','openid','provider.'.$this->provider.'.xrds_uri');
$this->identity = 'http://specs.openid.net/auth/2.0/identifier_select';
}
+ $this->supportSREG = config('security','openid','provider.'.$this->provider.'.sreg_1_0');
+ $this->supportAX = config('security','openid','provider.'.$this->provider.'.ax_1_0' );
+
// Schritt 1: Identity aus Yadis-Dokument laden.
$this->getIdentityFromYadis();
@@ -170,7 +173,7 @@ class OpenId
if ( $this->supportAX )
{
- Logger::info("Server is using OpenID Attribute Exchange 1.0");
+ Logger::info("OpenId-Server is using OpenID Attribute Exchange 1.0");
$redirHttp->requestParameter['openid.ns.ax' ] = 'http://openid.net/srv/ax/1.0';
$redirHttp->requestParameter['openid.ax.mode' ] = 'fetch_request';
$redirHttp->requestParameter['openid.ax.type.email' ] = 'http://axschema.org/contact/email';
@@ -183,7 +186,7 @@ class OpenId
if ( $this->supportSREG )
{
- Logger::info("Server is using OpenID Simple Registration Extension 1.0");
+ Logger::info("OpenId-Server is using OpenID Simple Registration Extension 1.0");
$redirHttp->requestParameter['openid.ns.sreg' ] = 'http://openid.net/sreg/1.0';
$redirHttp->requestParameter['openid.sreg.required'] = 'email,nickname';
$redirHttp->requestParameter['openid.sreg.optional'] = 'fullname,language';
@@ -222,6 +225,7 @@ class OpenId
return false;
}
+ Logger::debug("OpenId: Found YADIS-document for ".$http->getUrl());
//die();
$p = xml_parser_create();
$ok = xml_parse_into_struct($p, $http->body, $vals, $index);
@@ -286,11 +290,22 @@ class OpenId
$seite = $http->body;
- // Die Meta-Tags mit regul�rem Ausdruck auslesen.
+ // Die Meta-Tags mit regulaerem Ausdruck auslesen.
$treffer = array();
preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
if ( count($treffer) >= 1 )
+ {
$this->server = $treffer[1];
+ $this->supportOpenId1_1 = true;
+ }
+
+ $treffer = array();
+ preg_match('/rel="openid2.provider"\s+href="(\S+)"/',$seite,$treffer);
+ if ( count($treffer) >= 1 )
+ {
+ $this->supportOpenId2_0 = true;
+ $this->server = $treffer[1];
+ }
$treffer = array();
preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
@@ -313,7 +328,7 @@ class OpenId
}
else
{
- $attribute_name = config('provider.'.$this->provider.'.map_attribute');
+ $attribute_name = config('security','openid','provider.'.$this->provider.'.map_attribute');
return $this->info[$attribute_name];
}
}
@@ -332,24 +347,23 @@ class OpenId
*/
function checkAuthentication()
{
- global $REQ,
- $conf;
+ $queryVars = $this->getQueryParamList();
- if ( $REQ['openid_invalidate_handle'] != $this->handle )
+ if ( $queryVars['openid.invalidate_handle'] != $this->handle )
{
$this->error = 'Association-Handle mismatch.';
return false;
}
- if ( $REQ['openid_mode'] != 'id_res' )
+ if ( $queryVars['openid.mode'] != 'id_res' )
{
- $this->error ='Open-Id: Unknown mode:'.$REQ['openid_mode'];
+ $this->error ='Open-Id: Unknown mode:'.$queryVars['openid.mode'];
return false;
}
- if ( $this->provider=='identity' && $REQ['openid_identity'] != $this->identity )
+ if ( $this->provider=='identity' && $queryVars['openid.identity'] != $this->identity )
{
- $this->error ='Open-Id: Identity mismatch. Wrong identity:'.$REQ['openid_identity'];
+ $this->error ='Open-Id: Identity mismatch. Wrong identity:'.$queryVars['openid.identity'];
return false;
}
@@ -357,31 +371,24 @@ class OpenId
$params = array();
if ( $this->supportAX )
- foreach( $REQ as $request_key=>$request_value )
- if ( substr($request_key,0,10)=='openid_ns_' && $request_value == 'http://openid.net/srv/ax/1.0' )
+ // Den Namespace-Prefix für AX (attribute exchange) herausfinden.
+ // Leider kann das ein anderer Prefix sein, als wir im Request verwendet haben.
+ foreach( $queryVars as $request_key=>$request_value )
+ if ( substr($request_key,0,10)=='openid.ns.' && $request_value == 'http://openid.net/srv/ax/1.0' )
$axPrefix = substr($request_key,10);
- foreach( $REQ as $request_key=>$request_value )
+ foreach( $queryVars as $request_key=>$request_value )
{
// Benutzer-Attribute ermitteln.
- if ( $this->supportSREG && substr($request_key,0,12)=='openid_sreg_' )
- {
+ // Benutzer-Attribute über SREG ermitteln.
+ if ( $this->supportSREG && substr($request_key,0,12)=='openid.sreg.' )
$this->info[ substr($request_key,12) ] = $request_value;
- }
- elseif ( $this->supportAX && substr($request_key,0,14+strlen($axPrefix))=='openid_'.$axPrefix.'_value_' )
- {
+ // Benutzer-Attribute über AX ermitteln.
+ elseif ( $this->supportAX && substr($request_key,0,14+strlen($axPrefix))=='openid.'.$axPrefix.'.value.' )
$this->info[ substr($request_key,14+strlen($axPrefix)) ] = $request_value;
- }
-
- // Uebelstes Gefrickel. Grund dafuer ist, dass PHP die Punkte in Request-Variablen durch Unterstriche ersetzt. Und wir müssen das
- // hier zurücksetzen.
- // TODO: Original-Request-Variable ermitteln?
- if ( substr($request_key,0,7)=='openid_' )
- if ( $this->supportAX && substr($request_key,0,8+strlen($axPrefix))=='openid_'.$axPrefix.'_')
- $params[ str_replace('_','.',$request_key) ] = $request_value;
- elseif( $this->supportAX && $request_key == 'openid_ns_'.$axPrefix)
- $params[ str_replace('_','.',$request_key) ] = $request_value;
- else
+
+ // Alle OpenId-Parameter in den Check-Authentication-Request übertragen.
+ if ( substr($request_key,0,7)=='openid.' )
$params['openid.'.substr($request_key,7) ] = $request_value;
}
$params['openid.mode'] = 'check_authentication';
diff --git a/themes/default/pages/html/index/showlogin.tpl.php b/themes/default/pages/html/index/showlogin.tpl.php
@@ -616,15 +616,49 @@ unset($a6_tmp_last_exec) ?></td></tr><?php
<?php if (!empty($column_classes)) { ?>
class="<?php echo $column_classes[($column_idx-1)%count($column_classes)] ?>"
<?php } ?>
-><?php $a8_class='name';$a8_default='';$a8_type='text';$a8_name='openid_url';$a8_size='20';$a8_maxlength='256';$a8_onchange='';$a8_readonly=false; ?><?php if ($this->isEditable() && !$this->isEditMode()) $a8_readonly=true;
- if ($a8_readonly && empty($$a8_name)) $$a8_name = '- '.lang('EMPTY').' -';
- if(!isset($a8_default)) $a8_default='';
- $tmp_value = Text::encodeHtml(isset($$a8_name)?$$a8_name:$a8_default);
-?><?php if (!$a8_readonly || $a8_type=='hidden') {
-?><input<?php if ($a8_readonly) echo ' disabled="true"' ?> id="id_<?php echo $a8_name ?><?php if ($a8_readonly) echo '_disabled' ?>" name="<?php echo $a8_name ?><?php if ($a8_readonly) echo '_disabled' ?>" type="<?php echo $a8_type ?>" size="<?php echo $a8_size ?>" maxlength="<?php echo $a8_maxlength ?>" class="<?php echo $a8_class ?>" value="<?php echo $tmp_value ?>" <?php if (in_array($a8_name,$errors)) echo 'style="border:2px dashed red;"' ?> /><?php
-if ($a8_readonly) {
-?><input type="hidden" id="id_<?php echo $a8_name ?>" name="<?php echo $a8_name ?>" value="<?php echo $tmp_value ?>" /><?php
- } } else { ?><span class="<?php echo $a8_class ?>"><?php echo $tmp_value ?></span><?php } ?><?php unset($a8_class,$a8_default,$a8_type,$a8_name,$a8_size,$a8_maxlength,$a8_onchange,$a8_readonly) ?></td></tr><?php } ?><?php $a5_value=@count($dbids);$a5_greaterthan='1'; ?><?php
+><?php $a8_list='openid_providers';$a8_name='openid_provider';$a8_onchange='';$a8_title='';$a8_class=''; ?><?php $a8_tmp_list = $$a8_list;
+ if ( isset($$a8_name) && isset($a8_tmp_list[$$a8_name]) )
+ $a8_tmp_default = $$a8_name;
+ elseif ( isset($a8_default) )
+ $a8_tmp_default = $a8_default;
+ else
+ $a8_tmp_default = '';
+ foreach( $a8_tmp_list as $box_key=>$box_value )
+ {
+ $box_value = is_array($box_value)?(isset($box_value['lang'])?langHtml($box_value['lang']):$box_value['value']):$box_value;
+ $id = 'id_'.$a8_name.'_'.$box_key;
+ echo '<input id="'.$id.'" name="'.$a8_name.'" type="radio" class="'.$a8_class.'" value="'.$box_key.'"';
+ if ($box_key==$a8_tmp_default)
+ echo ' checked="checked"';
+ echo '> <label for="'.$id.'">'.$box_value.'</label><br>';
+ }
+?><?php unset($a8_list,$a8_name,$a8_onchange,$a8_title,$a8_class) ?><?php $a8_true=$openid_user_identity; ?><?php
+ if (gettype($a8_true) === '' && gettype($a8_true) === '1')
+ $a8_tmp_exec = $$a8_true == true;
+ else
+ $a8_tmp_exec = $a8_true == true;
+ $a8_tmp_last_exec = $a8_tmp_exec;
+ if ( $a8_tmp_exec )
+ {
+?>
+<?php unset($a8_true) ?><?php $a9_readonly=false;$a9_name='openid_provider';$a9_value='identity';$a9_default=false;$a9_prefix='';$a9_suffix='';$a9_class='';$a9_onchange=''; ?><?php
+ if ($this->isEditable() && !$this->isEditMode()) $a9_readonly=true;
+ if ( isset($$a9_name) )
+ $a9_tmp_default = $$a9_name;
+ elseif ( isset($a9_default) )
+ $a9_tmp_default = $a9_default;
+ else
+ $a9_tmp_default = '';
+ ?><input onclick="" class="radio" type="radio" id="id_<?php echo $a9_name.'_'.$a9_value ?>" name="<?php echo $a9_prefix.$a9_name ?>"<?php if ( $a9_readonly ) echo ' disabled="disabled"' ?> value="<?php echo $a9_value ?>" <?php if($a9_value==$a9_tmp_default) echo 'checked="checked"' ?><?php if (in_array($a9_name,$errors)) echo ' style="borderx:2px dashed red; background-color:red;"' ?> />
+<?php /* #END-IF# */ ?><?php unset($a9_readonly,$a9_name,$a9_value,$a9_default,$a9_prefix,$a9_suffix,$a9_class,$a9_onchange) ?><?php $a9_class='name';$a9_default='';$a9_type='text';$a9_name='openid_url';$a9_size='20';$a9_maxlength='256';$a9_onchange='';$a9_readonly=false; ?><?php if ($this->isEditable() && !$this->isEditMode()) $a9_readonly=true;
+ if ($a9_readonly && empty($$a9_name)) $$a9_name = '- '.lang('EMPTY').' -';
+ if(!isset($a9_default)) $a9_default='';
+ $tmp_value = Text::encodeHtml(isset($$a9_name)?$$a9_name:$a9_default);
+?><?php if (!$a9_readonly || $a9_type=='hidden') {
+?><input<?php if ($a9_readonly) echo ' disabled="true"' ?> id="id_<?php echo $a9_name ?><?php if ($a9_readonly) echo '_disabled' ?>" name="<?php echo $a9_name ?><?php if ($a9_readonly) echo '_disabled' ?>" type="<?php echo $a9_type ?>" size="<?php echo $a9_size ?>" maxlength="<?php echo $a9_maxlength ?>" class="<?php echo $a9_class ?>" value="<?php echo $tmp_value ?>" <?php if (in_array($a9_name,$errors)) echo 'style="border:2px dashed red;"' ?> /><?php
+if ($a9_readonly) {
+?><input type="hidden" id="id_<?php echo $a9_name ?>" name="<?php echo $a9_name ?>" value="<?php echo $tmp_value ?>" /><?php
+ } } else { ?><span class="<?php echo $a9_class ?>"><?php echo $tmp_value ?></span><?php } ?><?php unset($a9_class,$a9_default,$a9_type,$a9_name,$a9_size,$a9_maxlength,$a9_onchange,$a9_readonly) ?><?php } ?></td></tr><?php } ?><?php $a5_value=@count($dbids);$a5_greaterthan='1'; ?><?php
$a5_tmp_exec = intval($a5_greaterthan) < intval($a5_value);
$a5_tmp_last_exec = $a5_tmp_exec;
if ( $a5_tmp_exec )
diff --git a/themes/default/templates/index/showlogin.tpl.src.php b/themes/default/templates/index/showlogin.tpl.src.php
@@ -77,7 +77,7 @@ page
image url:config:security/openid/logo_url
text key:openid_user
cell
- radiobox name:openid_provider list:openid_provider
+ radiobox name:openid_provider list:openid_providers
if true:var:openid_user_identity
radio name:openid_provider value:identity
input name:openid_url class:name size:20
