commit 799b1e1b4227e5244c1079e9573cd086caadb0a1
parent aba0d3b7b07c2f4b2a513d7dce1f324f595f830b
Author: dankert <devnull@localhost>
Date: Mon, 22 Oct 2007 00:18:21 +0200
OpenId-Authentifizierung mit Auslesen des Yadis-Dokumentes.
Diffstat:
3 files changed, 192 insertions(+), 46 deletions(-)
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -517,58 +517,17 @@ class IndexAction extends Action
// Login mit Open-Id.
if ( !empty($openid_user) )
{
- $http = new Http();
- $http->url['host'] = $openid_user;
+ $openId = new OpenId($openid_user);
- if ( ! $http->request() )
+ if ( ! $openId->login() )
{
- $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Unable to get delegate information',$http->error) );
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array($openId->error) );
$this->callSubAction('showlogin');
return;
}
- $seite = $http->body;
- $treffer = array();
- preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
- if ( count($treffer) >= 1 )
- $openid_server = $treffer[1];
-
- $treffer = array();
- preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
- if ( count($treffer) >= 1 )
- $openid_delegate = $treffer[1];
- else
- $openid_delegate = 'http://'.$openid_user;
-
- if ( empty($openid_server) )
- {
- $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Unable to locate a OpenId-Server in URL') );
- $this->callSubAction('showlogin');
- return;
- }
-
- $openid_handle = md5(microtime().session_id());
- Session::set('openid_user' ,$openid_user );
- Session::set('openid_server' ,$openid_server );
- Session::set('openid_delegate',$openid_delegate);
- Session::set('openid_handle' ,$openid_handle );
-
- $redirHttp = new Http($openid_server);
- $redirHttp->requestParameter['openid.mode' ] = 'checkid_setup';
- $redirHttp->requestParameter['openid.identity' ] = $openid_delegate; // Richtig.
-// $redirHttp->requestParameter['openid.identity' ] = 'https://'.$openid_user; // Das ist falsch.
-
- $redirHttp->requestParameter['openid.sreg.optional'] = 'email,nickname,fullname';
- $trustRoot = @$conf['security']['openid']['trust_root'];
- $server = Http::getServer();
- if ( empty($trustRoot) )
- $trustRoot = $server.'/';
- $redirHttp->requestParameter['openid.trust_root' ] = $trustRoot;
- $redirHttp->requestParameter['openid.return_to' ] = $server.'/openid.'.PHP_EXT;
- $redirHttp->requestParameter['openid.assoc_handle' ] = $openid_handle;
-
- $redirHttp->sendRedirect();
- exit;
+ $openId->redirect();
+ die('Unreachable Code.');
}
diff --git a/serviceClasses/OpenId.class.php b/serviceClasses/OpenId.class.php
@@ -0,0 +1,180 @@
+<?php
+
+class OpenId
+{
+ /**
+ * Open-Id Server, an den die Authentisierungsanfrage gestellt wird.
+ *
+ * @var String
+ */
+ var $server;
+
+ /**
+ * Open-Id Identity.
+ *
+ * @var String
+ */
+ var $identity;
+
+ /**
+ * Fehlermeldung (falls vorhanden).
+ *
+ * @var String
+ */
+ var $error;
+
+ /**
+ * OpenId-Benutzername.
+ *
+ * @var String
+ */
+ var $user;
+
+
+ /**
+ * Neue Open-Id Anfrage.
+ *
+ * @param String $user
+ * @return OpenId
+ */
+ function OpenId( $user )
+ {
+ $this->user = $user;
+ }
+
+ /**
+ * Authentisierung Schritt 1.<br>
+ * Ermitteln der Identity.
+ *
+ * @return boolean TRUE, wenn Identity ermittelt wurde.
+ */
+ function login()
+ {
+ // Schritt 1: Identity aus Yadis-Dokument laden.
+ $this->getIdentityFromYadis();
+
+ // Schritt 2: Fallback auf HTML-Dokument.
+ if ( empty($this->server) )
+ {
+ $this->getIdentityFromHtmlMetaData();
+ }
+
+ // Falls immer noch kein Servername gefunden wurde, dann Abbruch.
+ if ( empty($this->server) )
+ {
+ $this->error = 'Unable to locate a OpenId-Server in URL';
+ return false;
+ }
+
+ if ( empty($this->identity) )
+ // Falls die Identity bis hierher nicht deligiert wurde...
+ // Lt. Spezifikation mit Prefix "http://".
+ $this->identity = 'http://'.$openid_user;
+
+ return true;
+ }
+
+
+
+ /**
+ * Erzeugt einen HTTP-Redirect auf den OpenId-Provider.
+ */
+ function redirect()
+ {
+ global $conf;
+
+ $openid_handle = md5(microtime().session_id());
+ Session::set('openid_user' ,$this->identity );
+ Session::set('openid_server' ,$this->server );
+ Session::set('openid_delegate',$this->identity );
+ Session::set('openid_handle' ,$openid_handle );
+
+ $redirHttp = new Http($this->server);
+ $redirHttp->requestParameter['openid.mode' ] = 'checkid_setup';
+ $redirHttp->requestParameter['openid.identity' ] = $this->identity;
+
+ $redirHttp->requestParameter['openid.sreg.required'] = 'email';
+ $redirHttp->requestParameter['openid.sreg.optional'] = 'fullname,language';
+ $trustRoot = @$conf['security']['openid']['trust_root'];
+ $server = Http::getServer();
+ if ( empty($trustRoot) )
+ $trustRoot = $server.'/';
+ $redirHttp->requestParameter['openid.trust_root' ] = $trustRoot;
+ $redirHttp->requestParameter['openid.return_to' ] = $server.'/openid.'.PHP_EXT;
+ $redirHttp->requestParameter['openid.assoc_handle' ] = $openid_handle;
+
+ $redirHttp->sendRedirect();
+ }
+
+
+
+ /**
+ * Ermittelt OpenId-Server und OpenId-Identity aus Yadis-Dokument.<br>
+ *
+ * @return unknown
+ */
+ function getIdentityFromYadis()
+ {
+ $http = new Http();
+ $http->url['host'] = $this->user;
+
+ $http->header[] = 'Accept: application/xrds+xml';
+ if ( ! $http->request() )
+ {
+ $this->error = 'Unable to get XML delegate information';
+ return false;
+ }
+
+// Html::debug(htmlentities($http->body));
+ $p = xml_parser_create();
+ $ok = xml_parse_into_struct($p, $http->body, $vals, $index);
+ xml_parser_free($p);
+
+ foreach( $vals as $tag )
+ {
+ if ( strtolower($tag['tag']) == 'uri' )
+ {
+ $this->server = $tag['value'];
+ }
+
+ if ( strtolower($tag['tag']) == 'openid:delegate' )
+ {
+ $this->identity = $tag['value'];
+ }
+ }
+ }
+
+
+
+ /**
+ * Ermittelt OpenId-Server und OpenId-Identity aus HTML Meta-Tags.<br>
+ */
+ function getIdentityFromHtmlMetaData()
+ {
+ $http = new Http();
+ $http->url['host'] = $this->user;
+ $http->header[] = 'Accept: text/html';
+
+ if ( ! $http->request() )
+ {
+ $this->error = 'Unable to get HTML delegate information';
+ return false;
+ }
+
+ $seite = $http->body;
+
+ // Die Meta-Tags mit regulärem Ausdruck auslesen.
+ $treffer = array();
+ preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
+ if ( count($treffer) >= 1 )
+ $this->identity = $treffer[1];
+
+ $treffer = array();
+ preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
+ if ( count($treffer) >= 1 )
+ $this->identity = $treffer[1];
+ }
+
+}
+
+?>+
\ No newline at end of file
diff --git a/serviceClasses/include.inc.php b/serviceClasses/include.inc.php
@@ -17,6 +17,12 @@ if ( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('tr
require_once( OR_SERVICECLASSES_DIR."ProjectTree.class.".PHP_EXT );
}
+// Login
+if ( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('index')) )
+{
+ require_once( OR_SERVICECLASSES_DIR."OpenId.class.".PHP_EXT );
+}
+
// Veroeffentlichung
if ( !empty($REQ[REQ_PARAM_ACTION]) && in_array($REQ[REQ_PARAM_ACTION],array('file','page','folder')) )
{