commit 8e9dcc3330b66fb3e6294341bda784700ab7f03b
parent 488d3d514203a2bfa481fda4b04db2deb53dc200
Author: dankert <devnull@localhost>
Date: Sat, 13 Oct 2007 16:37:07 +0200
Authentisierung ?ber einen Open-ID-Server.
Diffstat:
5 files changed, 230 insertions(+), 6 deletions(-)
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -364,7 +364,156 @@ class IndexAction extends Action
$this->setTemplateVar('applications',$list);
}
-
+
+
+ /**
+ * Login mit Open-Id.<br>
+ * Im 2. Schritt erfolgt ein Redirect vom Open-Id Provider an OpenRat zurück.<br>
+ * Es muss noch beim Provider die Bestätigung eingeholt werden, danach ist der
+ * Benutzer angemeldet.<br>
+ */
+ function openid()
+ {
+ global $REQ,
+ $conf;
+
+ $openid_user = Session::get('openid_user' );
+ $openid_server = Session::get('openid_server' );
+ $openid_delegate = Session::get('openid_delegate');
+ $openid_handle = Session::get('openid_handle' );
+
+// global $REQ;
+// print_r($REQ);
+
+ if ( $this->getRequestVar('openid_invalidate_handle') != $openid_handle )
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Association-Handle mismatch.') );
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+// if ( $this->getRequestVar('openid_identity') != $openid_delegate )
+// {
+// $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Open-Id: Identity mismatch. Wrong identity:'.$this->getRequestVar('openid_identity')) );
+// $this->callSubAction('showlogin');
+// return;
+// }
+
+ $server = parse_url($openid_server);
+// $socket = fsockopen($server['host'],80);
+ $socket = fsockopen($server['host'],443);
+
+ if ( $socket===FALSE )
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$this->getRequestVar('login_name')),array('Connection failed: '.$openid_server.':80') );
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+ $params = array();
+
+ foreach( $REQ as $request_key=>$request_value )
+ {
+ if ( substr($request_key,0,12)=='openid_sreg_' )
+ $params['openid.sreg.'.substr($request_key,12) ] = $request_value;
+ elseif ( substr($request_key,0,7)=='openid_' )
+ $params['openid.'.substr($request_key,7) ] = $request_value;
+ }
+ $params['openid.mode'] = 'check_authentication';
+// Html::debug($params);
+ $param_string = '';
+
+ foreach( $params as $p_name=>$p_value)
+ {
+ $param_string .= '&'.$p_name.'='.urlencode($p_value);
+ }
+ $param_string = substr($param_string,1);
+
+// $nl = "\r\n";
+// $http_post_cmd = 'POST '.$server['path']." HTTP/1.0".$nl.
+// "Connection: Close".$nl.
+// "User-Agent: OpenRat CMS".$nl.
+// "Host: ".$server['host'].$nl.
+// $nl.
+// $param_string;
+// echo "<pre>".$http_post_cmd."</pre>";
+//
+// fputs($socket,$http_post_cmd);
+//
+// $body = '';
+// do
+// {
+// $body .= fgets($socket,128);
+// } while (!feof($socket));
+// $response = explode("\n",$body);
+//
+// fclose($socket);
+// die('Open-Id Response: '.htmlentities($response));
+
+ $url = $openid_server.'?'.$param_string;
+ $response = file($url);
+
+ $valid = null;
+ foreach( $response as $line )
+ {
+ $pair = explode(':',trim($line));
+ if (count($pair)==2 && strtolower($pair[0])=='is_valid')
+ $valid = (strtolower($pair[1])=='true');
+ }
+
+// die('URL: '.$url.' / Response: '.htmlentities($response));
+// Html::debug($url);
+// Html::debug($response);
+
+ if ( is_null($valid) )
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array_merge(array('Undefined Open-Id response: '),$response) );
+ $this->callSubAction('showlogin');
+ return;
+ }
+ elseif ( $valid )
+ {
+ $openid_sreg_email = $this->getRequestVar('openid_sreg_email' );
+ $openid_sreg_fullname = $this->getRequestVar('openid_sreg_fullname');
+ $openid_sreg_nickname = $this->getRequestVar('openid_sreg_nickname');
+
+ $user = new User();
+ $user->loadWithName( $openid_user );
+
+ if ( $user->userid <=0)
+ {
+ if ( $conf['security']['openid']['add'])
+ {
+ $user->name = $openid_user;
+ $user->mail = $openid_sreg_email;
+ $user->fullname = $openid_sreg_fullname;
+ $user->add();
+ }
+ else
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user) );
+ $this->callSubAction('showlogin');
+ return;
+ }
+ }
+
+ $user->setCurrent();
+
+ return;
+ }
+ else
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user) );
+ $this->callSubAction('showlogin');
+ return;
+ }
+ }
+
+
+ /**
+ * Login.
+ *
+ */
function login()
{
global $conf;
@@ -381,10 +530,52 @@ class IndexAction extends Action
if ( $conf['login']['nologin'] )
die('login disabled');
+ $openid_user = $this->getRequestVar('openid_url' );
$loginName = $this->getRequestVar('login_name' );
$loginPassword = $this->getRequestVar('login_password');
- $newPassword1 = $this->getRequestVar('password1');
- $newPassword2 = $this->getRequestVar('password2');
+ $newPassword1 = $this->getRequestVar('password1' );
+ $newPassword2 = $this->getRequestVar('password2' );
+
+ if ( !empty($openid_user) )
+ {
+ $seite = implode('',file('http://'.$openid_user));
+
+ $treffer = array();
+ preg_match('/rel="openid.server"\s+href="(\S+)"/',$seite,$treffer);
+ if ( count($treffer) >= 1 )
+ $openid_server = $treffer[1];
+// Html::debug($treffer);
+
+ $treffer = array();
+ preg_match('/rel="openid.delegate"\s+href="(\S+)"/',$seite,$treffer);
+ if ( count($treffer) >= 1 )
+ $openid_delegate = $treffer[1];
+
+ if ( empty($openid_server) || empty($openid_delegate) )
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array('Unable to locate OpenId-Server and OpenId-Delegate') );
+ $this->callSubAction('showlogin');
+ }
+
+ $openid_handle = md5(microtime().session_id());
+ Session::set('openid_user' ,$openid_user );
+ Session::set('openid_server' ,$openid_server );
+ Session::set('openid_delegate',$openid_delegate);
+ Session::set('openid_handle' ,$openid_handle );
+
+ $redirect_url = $openid_server.'?openid.mode=checkid_setup';
+// $redirect_url .= '&openid.identity='.$openid_delegate;
+ $redirect_url .= '&openid.identity=https://'.$openid_user;
+ $redirect_url .= '&openid.sreg.optional=email,nickname,fullname';
+ $redirect_url .= '&openid.trust_root=http://'.getenv('SERVER_NAME').dirname(getenv('REQUEST_URI')).'/';;
+ $redirect_url .= '&openid.return_to=http://'.getenv('SERVER_NAME').dirname(getenv('REQUEST_URI')).'/openid.'.PHP_EXT;
+ $redirect_url .= '&openid.assoc_handle='.$openid_handle;
+
+// die('Location: '.$redirect_url);
+ header('Location: '.$redirect_url);
+ exit;
+ }
+
// Ermitteln, ob der Baum angezeigt werden soll
// Ist die Breite zu klein, dann wird der Baum nicht angezeigt
diff --git a/actionClasses/IndexAction.ini.php b/actionClasses/IndexAction.ini.php
@@ -49,6 +49,9 @@ goto=show
[login]
goto=show
+[openid]
+goto=show
+
[projectmenu]
menu=menu
diff --git a/config/security.ini.php b/config/security.ini.php
@@ -142,6 +142,22 @@ trust=false
+; Open-ID
+; see http://openid.net/ for specifications and more informationen.
+[openid]
+
+; Enable Open-ID
+enable=true
+
+; New Users are added to the internal database.
+add=true
+
+; Open-Id Logo
+;logo_url=
+logo_url="http://openid.net/login-bg.gif"
+
+
+
; Single Sign-on
; These settings are an example for checking login against "PhpMyAdmin".
; PhpMyAdmin must include a link to Openrat with the authid which includes the serialized cookies.
diff --git a/language/de.ini.php b/language/de.ini.php
@@ -726,7 +726,7 @@ NOTICE_CANCELED = "Vorgang wurde abgebrochen"
NOTICE_IMAGE_RESIZED = "Das Bild wurde geändert"
NOTICE_IMPORTED ="Datei wurde importiert"
NOTICE_LINKED ="Verknüpfung angelegt"
-NOTICE_LOGIN_FAILED = "Anmeldung nicht möglich.<br/>Der Benutzername ''<em>{name}</em>'' ist nicht vorhanden oder das eingegebene Kennwort ist falsch."
+NOTICE_LOGIN_FAILED = "Anmeldung nicht möglich. Der Benutzername ''{name}'' ist nicht vorhanden oder das eingegebene Kennwort ist falsch."
NOTICE_LOGIN_FAILED_MUSTCHANGEPASSWORD = "Die Anmeldung ist nicht möglich, da Ihr Kennwort abgelaufen ist. Bitte geben Sie nochmals Ihre Anmeldedaten zusammen mit einem neuen Kennwort ein."
NOTICE_MAIL_SENT = "Die E-Mail wurde gesendet"
NOTICE_MOVED = "wurde verschoben"
@@ -895,4 +895,8 @@ MENU_PROFILE_GROUPS=Gruppen
MENU_PROFILE_GROUPS_DESC=Mitgliedschaft in Gruppen
MENU_TEMPLATE_PAGES=Seiten
MENU_TEMPLATE_PAGES_DESC=Abhängige Seiten
-LIST_ENTRY_EMPTY="Nicht ausgewählt"-
\ No newline at end of file
+LIST_ENTRY_EMPTY="Nicht ausgewählt"
+
+OPENID="Open-ID"
+OPENID_USER="Open-ID Benutzername"
+NOTICE_LOGIN_OPENID_FAILED="Die Anmeldung für {name} am Open-ID-Server ist fehlgeschlagen."
diff --git a/themes/default/templates/index/showlogin.tpl.src.php b/themes/default/templates/index/showlogin.tpl.src.php
@@ -67,6 +67,17 @@ page
cell
password name:password2 default: size:25
+ if true:config:security/openid/enable
+ row
+ cell colspan:2
+ fieldset title:message:OPENID
+ row
+ cell
+ if not:true empty:config:security/openid/logo_url
+ image url:config:security/openid/logo_url
+ text key:openid_user
+ cell
+ input name:openid_url class:name size:20
row
row
cell colspan:2