openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 799b1e1b4227e5244c1079e9573cd086caadb0a1
parent aba0d3b7b07c2f4b2a513d7dce1f324f595f830b
Author: dankert <devnull@localhost>
Date:   Mon, 22 Oct 2007 00:18:21 +0200

OpenId-Authentifizierung mit Auslesen des Yadis-Dokumentes.

Diffstat:

actionClasses/IndexAction.class.php | 51+++++----------------------------------------------


serviceClasses/OpenId.class.php | 181+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


serviceClasses/include.inc.php | 6++++++


3 files changed, 192 insertions(+), 46 deletions(-)

diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -517,58 +517,17 @@ class IndexAction extends Action
 		// Login mit Open-Id.
 		if	( !empty($openid_user) )
 		{
-			$http = new Http();
-			$http->url['host'] = $openid_user;
+			$openId = new OpenId($openid_user);
 			
-			if	( ! $http->request() )
+			if	( ! $openId->login() )
 			{
-				$this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Unable to get delegate information',$http->error) );
+				$this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array($openId->error) );
 				$this->callSubAction('showlogin');
 				return;
 			}
-			$seite = $http->body;
 			
-			$treffer = array();
-			preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
-			if	( count($treffer) >= 1 )
-				$openid_server   = $treffer[1];
-
-			$treffer = array();
-			preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
-			if	( count($treffer) >= 1 )
-				$openid_delegate = $treffer[1];
-			else
-				$openid_delegate = 'http://'.$openid_user;
-				
-			if	( empty($openid_server) )
-			{
-				$this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Unable to locate a OpenId-Server in URL') );
-				$this->callSubAction('showlogin');
-				return;
-			}
-				
-			$openid_handle = md5(microtime().session_id());
-			Session::set('openid_user'    ,$openid_user    );
-			Session::set('openid_server'  ,$openid_server  );
-			Session::set('openid_delegate',$openid_delegate);
-			Session::set('openid_handle'  ,$openid_handle  );
-			
-			$redirHttp = new Http($openid_server);
-			$redirHttp->requestParameter['openid.mode'         ] = 'checkid_setup';
-			$redirHttp->requestParameter['openid.identity'     ] = $openid_delegate; // Richtig.
-//			$redirHttp->requestParameter['openid.identity'     ] = 'https://'.$openid_user; // Das ist falsch.
-			
-			$redirHttp->requestParameter['openid.sreg.optional'] = 'email,nickname,fullname';
-			$trustRoot = @$conf['security']['openid']['trust_root'];
-			$server = Http::getServer();
-			if	( empty($trustRoot) )
-				$trustRoot = $server.'/';
-			$redirHttp->requestParameter['openid.trust_root'   ] = $trustRoot;
-			$redirHttp->requestParameter['openid.return_to'    ] = $server.'/openid.'.PHP_EXT;
-			$redirHttp->requestParameter['openid.assoc_handle' ] = $openid_handle;
-
-			$redirHttp->sendRedirect();
-			exit;
+			$openId->redirect();
+			die('Unreachable Code.');
 		}
 		
 
diff --git a/serviceClasses/OpenId.class.php b/serviceClasses/OpenId.class.php
@@ -0,0 +1,180 @@
+<?php
+
+class OpenId
+{
+	/**
+	 * Open-Id Server, an den die Authentisierungsanfrage gestellt wird.
+	 *
+	 * @var String
+	 */
+	var $server;
+	
+	/**
+	 * Open-Id Identity.
+	 *
+	 * @var String
+	 */
+	var $identity;
+	
+	/**
+	 * Fehlermeldung (falls vorhanden).
+	 *
+	 * @var String
+	 */
+	var $error;
+
+	/**
+	 * OpenId-Benutzername.
+	 *
+	 * @var String
+	 */
+	var $user;
+
+	
+	/**
+	 * Neue Open-Id Anfrage.
+	 *
+	 * @param String $user
+	 * @return OpenId
+	 */
+	function OpenId( $user )
+	{
+		$this->user = $user;
+	}
+	
+	/**
+	 * Authentisierung Schritt 1.<br>
+	 * Ermitteln der Identity.
+	 *
+	 * @return boolean TRUE, wenn Identity ermittelt wurde.
+	 */
+	function login()
+	{
+		// Schritt 1: Identity aus Yadis-Dokument laden.
+		$this->getIdentityFromYadis();
+		
+		// Schritt 2: Fallback auf HTML-Dokument.
+		if	( empty($this->server) )
+		{
+			$this->getIdentityFromHtmlMetaData();
+		}
+		
+		// Falls immer noch kein Servername gefunden wurde, dann Abbruch.
+		if	( empty($this->server) )
+		{
+			$this->error = 'Unable to locate a OpenId-Server in URL';
+			return false;
+		}
+		
+		if	( empty($this->identity) )
+			// Falls die Identity bis hierher nicht deligiert wurde...
+			// Lt. Spezifikation mit Prefix "http://".
+			$this->identity = 'http://'.$openid_user;
+		
+		return true;
+	}
+	
+	
+	
+	/**
+	 * Erzeugt einen HTTP-Redirect auf den OpenId-Provider.
+	 */
+	function redirect()
+	{
+		global $conf;
+		
+		$openid_handle = md5(microtime().session_id());
+		Session::set('openid_user'    ,$this->identity );
+		Session::set('openid_server'  ,$this->server   );
+		Session::set('openid_delegate',$this->identity );
+		Session::set('openid_handle'  ,$openid_handle  );
+
+		$redirHttp = new Http($this->server);
+		$redirHttp->requestParameter['openid.mode'         ] = 'checkid_setup';
+		$redirHttp->requestParameter['openid.identity'     ] = $this->identity;
+		
+		$redirHttp->requestParameter['openid.sreg.required'] = 'email';
+		$redirHttp->requestParameter['openid.sreg.optional'] = 'fullname,language';
+		$trustRoot = @$conf['security']['openid']['trust_root'];
+		$server = Http::getServer();
+		if	( empty($trustRoot) )
+			$trustRoot = $server.'/';
+		$redirHttp->requestParameter['openid.trust_root'   ] = $trustRoot;
+		$redirHttp->requestParameter['openid.return_to'    ] = $server.'/openid.'.PHP_EXT;
+		$redirHttp->requestParameter['openid.assoc_handle' ] = $openid_handle;
+
+		$redirHttp->sendRedirect();
+	}
+	
+	
+	
+	/**
+	 * Ermittelt OpenId-Server und OpenId-Identity aus Yadis-Dokument.<br>
+	 *
+	 * @return unknown
+	 */
+	function getIdentityFromYadis()
+	{
+		$http = new Http();
+		$http->url['host'] = $this->user;
+
+		$http->header[] = 'Accept: application/xrds+xml';
+		if	( ! $http->request() )
+		{
+			$this->error = 'Unable to get XML delegate information';
+			return false;
+		}
+		
+//		Html::debug(htmlentities($http->body));
+		$p = xml_parser_create();
+		$ok = xml_parse_into_struct($p, $http->body, $vals, $index);
+		xml_parser_free($p);
+
+		foreach( $vals as $tag )
+		{
+			if	( strtolower($tag['tag']) == 'uri' )
+			{
+				$this->server = $tag['value'];
+			}
+
+			if	( strtolower($tag['tag']) == 'openid:delegate' )
+			{
+				$this->identity = $tag['value'];
+			}
+		}
+	}
+	
+
+	
+	/**
+	 * Ermittelt OpenId-Server und OpenId-Identity aus HTML Meta-Tags.<br>
+	 */
+	function getIdentityFromHtmlMetaData()
+	{
+		$http = new Http();
+		$http->url['host'] = $this->user;
+		$http->header[] = 'Accept: text/html';
+
+		if	( ! $http->request() )
+		{
+			$this->error = 'Unable to get HTML delegate information';
+			return false;
+		}
+		
+		$seite = $http->body;
+		
+		// Die Meta-Tags mit regulärem Ausdruck auslesen.
+		$treffer = array();
+		preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
+		if	( count($treffer) >= 1 )
+			$this->identity = $treffer[1];
+
+		$treffer = array();
+		preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
+		if	( count($treffer) >= 1 )
+			$this->identity = $treffer[1];
+	}
+		
+}
+
+?>+
\ No newline at end of file
diff --git a/serviceClasses/include.inc.php b/serviceClasses/include.inc.php
@@ -17,6 +17,12 @@ if	( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('tr
 	require_once( OR_SERVICECLASSES_DIR."ProjectTree.class.".PHP_EXT );
 }
 
+// Login
+if	( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('index')) )
+{
+	require_once( OR_SERVICECLASSES_DIR."OpenId.class.".PHP_EXT );
+}
+
 // Veroeffentlichung
 if	( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('file','page','folder')) )
 {