From 47cb5c1a59183facd58bafb14c0931a2927af50c Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Fri, 3 Sep 2010 13:34:35 +0000 Subject: [PATCH] OpenID consumer now supports "OpenID Simple Registration Extension" --- .../example/skins/default/manager.js | 1 + .../lib/Lemonldap/NG/Portal/AuthOpenID.pm | 35 ++++++++-- .../lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm | 17 ++++- .../lib/Lemonldap/NG/Portal/UserDBOpenID.pm | 70 +++++++++++++++++++ 4 files changed, 117 insertions(+), 6 deletions(-) create mode 100644 modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm diff --git a/modules/lemonldap-ng-manager/example/skins/default/manager.js b/modules/lemonldap-ng-manager/example/skins/default/manager.js index fc809e6e7..927a5e341 100644 --- a/modules/lemonldap-ng-manager/example/skins/default/manager.js +++ b/modules/lemonldap-ng-manager/example/skins/default/manager.js @@ -362,6 +362,7 @@ function userdbParams(id) { 'LDAP=LDAP', 'Multi=Multi', 'Null=None', + 'OpenID=OpenID', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2' diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm index 3320f6d82..75028a5e6 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm @@ -100,15 +100,42 @@ sub extractFormInfo { return PE_BADCREDENTIALS; } - # Redirect user + # Build the redirection $self->lmLog( "OpenID redirection to $url", 'debug' ); - - # TODO: insert url=... my $check_url = $claimed_identity->check_url( - return_to => $self->{portal} . '?openid=1', + return_to => $self->{portal} + . '?openid=1' + . ( $self->{_url} ? "&url=$self->{_url}" : '' ), trust_root => $self->{portal}, delayed_return => 1, ); + + # If UserDB uses OpenID, add "OpenID Simple Registration Extension" + # compatible fields + if ( $self->{userDB} =~ /^OpenID/ + or $self->{stack}->[1]->[0]->{m} =~ /^OpenID/ ) + { + my ( @r, @o ); + foreach my $k ( values %{ $self->{exportedVars} } ) { + if ( $k =~ +/^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/ + ) + { + if (s/^!//) { push @r, $k } + else { push @o, $k } + } + else { + $self->lmLog( +"Unknown \"OpenID Simple Registration Extension\" field name: $k", + 'error' + ); + } + } + my @tmp = + ( @r ? ( 'openid.sreg.required' => join( ',', @r ) ) : () ), + ( @o ? ( 'openid.sreg.optional' => join( ',', @o ) ) : () ); + OpenID::util::push_url_arg( \$check_url, @tmp ) if (@tmp); + } print $self->redirect($check_url); $self->quit(); } diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm index 6fe997e2d..8c23a2729 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm @@ -36,7 +36,6 @@ sub issuerForUnAuthUser { return PE_OPENID_EMPTY; } - my ( $type, $data ); if ( $mode eq 'associate' ) { return $self->_openIDResponse( $self->openIDServer->_mode_associate() ); } @@ -58,8 +57,20 @@ sub issuerForAuthUser { # Restore datas $self->restoreOpenIDprm(); + my $mode = $self->param('openid.mode'); + + unless ($mode) { + $self->lmLog( 'OpenID SP test', 'debug' ); + return PE_OPENID_EMPTY; + } - return $self->_openIDResponse( $self->openIDServer->handle_page() ); + unless ( $mode =~ /^checkid_(?:immediate|setup)/ ) { + $self->lmLog( + "OpenID error : $mode is not known at this step (issuerForAuthUser)" + ); + return PE_ERROR; + } + return $self->_openIDResponse( $self->openIDServer->_mode_checkid() ); } ## @apmethod int issuerLogout() @@ -146,6 +157,8 @@ sub openIDServer { sub _openIDResponse { my ( $self, $type, $data ) = splice @_; + + # TODO: use autoRedirect instead if ( $type eq 'redirect' ) { $self->lmLog( 'OpenID redirection', 'debug' ); print $self->redirect($data); diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm new file mode 100644 index 000000000..9d540e0da --- /dev/null +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm @@ -0,0 +1,70 @@ +## @file +# UserDB OpenID module + +## @class +# UserDB OpenID module +package Lemonldap::NG::Portal::UserDBOpenID; + +use strict; +use Lemonldap::NG::Portal::Simple; + +our $VERSION = '0.01'; + +## @apmethod int userDBInit() +# Check if authentication module is OpenID +# @return Lemonldap::NG::Portal error code +sub userDBInit { + my $self = shift; + if ( $self->{authentication} =~ /^OpenID/ + or $self->{stack}->[0]->[0]->{m} =~ /^OpenID/ ) + { + return PE_OK; + } + else { + $self->lmLog( +'UserDBOpenID isn\'t useable unless authentication module is set to OpenID', + 'error' + ); + return PE_ERROR; + } +} + +## @apmethod int getUser() +# Does nothing +# @return Lemonldap::NG::Portal error code +sub getUser { + PE_OK; +} + +## @apmethod int setSessionInfo() +# Check if there are some exportedVars in OpenID response. +# See http://openid.net/specs/openid-simple-registration-extension-1_0.html +# for more +# @return Lemonldap::NG::Portal error code +sub setSessionInfo { + my $self = shift; + if ( ref( $self->{exportedVars} ) eq 'HASH' ) { + foreach my $k ( keys %{ $self->{exportedVars} } ) { + $k =~ s/^!//; + $self->{sessionInfo}->{$k} = + $self->param("openid.sreg.$self->{exportedVars}->{$k}") + if ( $k =~ +/^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/ + ); + } + } + else { + $self->abort('Only hash reference are supported now in exportedVars'); + } + PE_OK; +} + +## @apmethod int setGroups() +# Does nothing +# @return Lemonldap::NG::Portal error code +sub setGroups { + PE_OK; +} + +1; +