OpenID consumer now supports "OpenID Simple Registration Extension"

15 years ago · 47cb5c1a59
parent c10f1a96db
commit 47cb5c1a59
4 changed files with 117 additions and 6 deletions
--- a/modules/lemonldap-ng-manager/example/skins/default/manager.js
+++ b/modules/lemonldap-ng-manager/example/skins/default/manager.js
@ -362,6 +362,7 @@ function userdbParams(id) {
 		'LDAP=LDAP',
 		'Multi=Multi',
 		'Null=None',
+		'OpenID=OpenID',
 		'Proxy=Proxy',
 		'Remote=Remote',
 		'SAML=SAML v2'
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
@ -100,15 +100,42 @@ sub extractFormInfo {
            return PE_BADCREDENTIALS;
        }

-        # Redirect user
+        # Build the redirection
        $self->lmLog( "OpenID redirection to $url", 'debug' );
-
-        # TODO: insert url=...
        my $check_url = $claimed_identity->check_url(
-            return_to      => $self->{portal} . '?openid=1',
+            return_to => $self->{portal}
+              . '?openid=1'
+              . ( $self->{_url} ? "&url=$self->{_url}" : '' ),
            trust_root     => $self->{portal},
            delayed_return => 1,
        );
+
+        # If UserDB uses OpenID, add "OpenID Simple Registration Extension"
+        # compatible fields
+        if (   $self->{userDB} =~ /^OpenID/
+            or $self->{stack}->[1]->[0]->{m} =~ /^OpenID/ )
+        {
+            my ( @r, @o );
+            foreach my $k ( values %{ $self->{exportedVars} } ) {
+                if ( $k =~
+/^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/
+                  )
+                {
+                    if   (s/^!//) { push @r, $k }
+                    else          { push @o, $k }
+                }
+                else {
+                    $self->lmLog(
+"Unknown \"OpenID Simple Registration Extension\" field name: $k",
+                        'error'
+                    );
+                }
+            }
+            my @tmp =
+              ( @r ? ( 'openid.sreg.required' => join( ',', @r ) ) : () ),
+              ( @o ? ( 'openid.sreg.optional' => join( ',', @o ) ) : () );
+            OpenID::util::push_url_arg( \$check_url, @tmp ) if (@tmp);
+        }
        print $self->redirect($check_url);
        $self->quit();
    }
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm
@ -36,7 +36,6 @@ sub issuerForUnAuthUser {
        return PE_OPENID_EMPTY;
    }

-    my ( $type, $data );
    if ( $mode eq 'associate' ) {
        return $self->_openIDResponse( $self->openIDServer->_mode_associate() );
    }
@ -58,8 +57,20 @@ sub issuerForAuthUser {

    # Restore datas
    $self->restoreOpenIDprm();
+    my $mode = $self->param('openid.mode');
+
+    unless ($mode) {
+        $self->lmLog( 'OpenID SP test', 'debug' );
+        return PE_OPENID_EMPTY;
+    }

-    return $self->_openIDResponse( $self->openIDServer->handle_page() );
+    unless ( $mode =~ /^checkid_(?:immediate|setup)/ ) {
+        $self->lmLog(
+            "OpenID error : $mode is not known at this step (issuerForAuthUser)"
+        );
+        return PE_ERROR;
+    }
+    return $self->_openIDResponse( $self->openIDServer->_mode_checkid() );
 }

 ## @apmethod int issuerLogout()
@ -146,6 +157,8 @@ sub openIDServer {

 sub _openIDResponse {
    my ( $self, $type, $data ) = splice @_;
+
+    # TODO: use autoRedirect instead
    if ( $type eq 'redirect' ) {
        $self->lmLog( 'OpenID redirection', 'debug' );
        print $self->redirect($data);
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm
@ -0,0 +1,70 @@
+## @file
+# UserDB OpenID module
+
+## @class
+# UserDB OpenID module
+package Lemonldap::NG::Portal::UserDBOpenID;
+
+use strict;
+use Lemonldap::NG::Portal::Simple;
+
+our $VERSION = '0.01';
+
+## @apmethod int userDBInit()
+# Check if authentication module is OpenID
+# @return Lemonldap::NG::Portal error code
+sub userDBInit {
+    my $self = shift;
+    if (   $self->{authentication} =~ /^OpenID/
+        or $self->{stack}->[0]->[0]->{m} =~ /^OpenID/ )
+    {
+        return PE_OK;
+    }
+    else {
+        $self->lmLog(
+'UserDBOpenID isn\'t useable unless authentication module is set to OpenID',
+            'error'
+        );
+        return PE_ERROR;
+    }
+}
+
+## @apmethod int getUser()
+# Does nothing
+# @return Lemonldap::NG::Portal error code
+sub getUser {
+    PE_OK;
+}
+
+## @apmethod int setSessionInfo()
+# Check if there are some exportedVars in OpenID response.
+# See http://openid.net/specs/openid-simple-registration-extension-1_0.html
+# for more
+# @return Lemonldap::NG::Portal error code
+sub setSessionInfo {
+    my $self = shift;
+    if ( ref( $self->{exportedVars} ) eq 'HASH' ) {
+        foreach my $k ( keys %{ $self->{exportedVars} } ) {
+            $k =~ s/^!//;
+            $self->{sessionInfo}->{$k} =
+              $self->param("openid.sreg.$self->{exportedVars}->{$k}")
+              if ( $k =~
+/^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/
+              );
+        }
+    }
+    else {
+        $self->abort('Only hash reference are supported now in exportedVars');
+    }
+    PE_OK;
+}
+
+## @apmethod int setGroups()
+# Does nothing
+# @return Lemonldap::NG::Portal error code
+sub setGroups {
+    PE_OK;
+}
+
+1;
+