2 /** External authentication via OpenID for FusionForge
3 * Copyright 2011, Roland Mas
4 * Copyright 2011, Olivier Berger & Institut Telecom
6 * This program was developped in the frame of the COCLICO project
7 * (http://www.coclico-project.org/) with financial support of the Paris
10 * This file is part of FusionForge
12 * This plugin, like FusionForge, is free software; you can redistribute it
13 * and/or modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2 of
15 * the License, or (at your option) any later version.
17 * FusionForge is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with FusionForge; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
28 require_once $GLOBALS['gfcommon'].'include/User.class.php';
30 // from lightopenid (http://code.google.com/p/lightopenid/)
31 //require_once 'openid.php';
34 * Authentication manager for FusionForge CASification
37 class AuthOpenIDPlugin extends ForgeAuthPlugin {
42 function AuthOpenIDPlugin () {
44 $this->ForgeAuthPlugin() ;
45 $this->name = "authopenid";
46 $this->text = "OpenID authentication";
48 $this->_addHook('display_auth_form');
49 $this->_addHook("check_auth_session");
50 $this->_addHook("fetch_authenticated_user");
51 $this->_addHook("close_auth_session");
53 $this->saved_login = '';
54 $this->saved_user = NULL;
56 $this->openid = FALSE;
58 $this->openid_identity = FALSE;
60 $this->declareConfigVars();
65 * Display a form to input credentials
66 * @param unknown_type $params
69 function displayAuthForm(&$params) {
70 if (!$this->isRequired() && !$this->isSufficient()) {
73 $return_to = $params['return_to'];
78 $result .= _('Cookies must be enabled past this point.');
81 $result .= '<form action="' . util_make_url('/plugins/authopenid/post-login.php') . '" method="post">
82 <input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
83 <input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
84 Your OpenID identifier: <input type="text" name="openid_identifier" />
85 <input type="submit" name="login" value="' . _('Login via OpenID') . '" />
88 $params['html_snippets'][$this->name] = $result;
93 * Is there a valid session?
94 * @param unknown_type $params
97 function checkAuthSession(&$params) {
98 $this->saved_user = NULL;
101 if (isset($params['auth_token']) && $params['auth_token'] != '') {
102 $user_id = $this->checkSessionToken($params['auth_token']);
104 $user_id = $this->checkSessionCookie();
107 $user = user_get_object($user_id);
109 if ($this->openid && $this->openid->identity) {
110 $username = $this->getUserNameFromOpenIDIdentity($this->openid->identity);
112 $user = $this->startSession($username);
118 if ($this->isSufficient()) {
119 $this->saved_user = $user;
120 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
123 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
126 if ($this->isRequired()) {
127 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
129 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
135 * Enter description here ...
136 * @param unknown_type $openid_identity
137 * @return Ambigous <boolean, associative>
139 public function getUserNameFromOpenIDIdentity($openid_identity) {
141 $res = db_query_params('SELECT users.user_name FROM users, plugin_authopenid_user_identities WHERE users.user_id = plugin_authopenid_user_identities.user_id AND openid_identity=$1',
142 array($openid_identity));
144 $row = db_fetch_array_by_row($res, 0);
146 $user_name = $row['user_name'];
152 * What GFUser is logged in?
153 * @param unknown_type $params
157 function closeAuthSession($params) {
160 if ($this->isSufficient() || $this->isRequired()) {
161 $this->unsetSessionCookie();
162 // logs user out from CAS
163 // TODO : make it optional to not mess with other apps' SSO sessions with CAS
164 phpCAS::logoutWithRedirectService(util_make_url('/'));
171 * Terminate an authentication session
172 * @param unknown_type $params
175 protected function declareConfigVars() {
176 parent::declareConfigVars();
179 forge_define_config_item ('required', $this->name, 'yes');
180 forge_set_config_item_bool ('required', $this->name) ;
183 forge_define_config_item ('sufficient', $this->name, 'yes');
184 forge_set_config_item_bool ('sufficient', $this->name) ;
192 // c-file-style: "bsd"