2 /** External authentication via OpenID for FusionForge
3 * Copyright 2011, Roland Mas
4 * Copyright 2011, Olivier Berger & Institut Telecom
6 * This program was developped in the frame of the COCLICO project
7 * (http://www.coclico-project.org/) with financial support of the Paris
10 * This file is part of FusionForge
12 * This plugin, like FusionForge, is free software; you can redistribute it
13 * and/or modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2 of
15 * the License, or (at your option) any later version.
17 * FusionForge is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with FusionForge; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
28 require_once $GLOBALS['gfcommon'].'include/User.class.php';
30 // from lightopenid (http://code.google.com/p/lightopenid/)
31 //require_once 'openid.php';
34 * Authentication manager for FusionForge CASification
37 class AuthOpenIDPlugin extends ForgeAuthPlugin {
42 function AuthOpenIDPlugin () {
44 $this->ForgeAuthPlugin() ;
45 $this->name = "authopenid";
46 $this->text = "OpenID authentication";
48 $this->_addHook('display_auth_form');
49 $this->_addHook("check_auth_session");
50 $this->_addHook("fetch_authenticated_user");
51 $this->_addHook("close_auth_session");
53 $this->saved_login = '';
54 $this->saved_user = NULL;
56 $this->openid = FALSE;
58 $this->openid_identity = FALSE;
60 $this->declareConfigVars();
63 function startSession($username) {
64 if ($this->isSufficient() || $this->isRequired()) {
65 $username = $this->getUserIdFromOpenIDIdentity($username);
67 $params['username'] = $username;
68 $params['event'] = 'login';
69 plugin_hook('sync_account_info', $params);
70 $user = user_get_object_by_name($username);
71 $this->saved_user = $user;
72 $this->setSessionCookie();
80 * Display a form to input credentials
81 * @param unknown_type $params
84 function displayAuthForm(&$params) {
85 if (!$this->isRequired() && !$this->isSufficient()) {
88 $return_to = $params['return_to'];
93 $result .= _('Cookies must be enabled past this point.');
96 $result .= '<form action="' . util_make_url('/plugins/authopenid/post-login.php') . '" method="post">
97 <input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
98 <input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
99 Your OpenID identifier: <input type="text" name="openid_identifier" />
100 <input type="submit" name="login" value="' . _('Login via OpenID') . '" />
103 $params['html_snippets'][$this->name] = $result;
108 * Is there a valid session?
109 * @param unknown_type $params
112 function checkAuthSession(&$params) {
113 $this->saved_user = NULL;
116 if (isset($params['auth_token']) && $params['auth_token'] != '') {
117 $user_id = $this->checkSessionToken($params['auth_token']);
119 $user_id = $this->checkSessionCookie();
122 $user = user_get_object($user_id);
124 if ($this->openid && $this->openid->identity) {
125 $user_id = $this->getUserIdFromOpenIDIdentity($this->openid->identity);
127 $user = $this->startSession($user_id);
133 if ($this->isSufficient()) {
134 $this->saved_user = $user;
135 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
138 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
141 if ($this->isRequired()) {
142 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
144 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
149 protected function getUserIdFromOpenIDIdentity($openid_identity) {
151 $res = db_query_params('SELECT user_id FROM plugin_authopenid_user_identities WHERE openid_identity=$1',
152 array($openid_identity));
154 $row = db_fetch_array_by_row($res, 0);
156 $user_id = $row['user_id'];
162 * What GFUser is logged in?
163 * @param unknown_type $params
167 function closeAuthSession($params) {
170 if ($this->isSufficient() || $this->isRequired()) {
171 $this->unsetSessionCookie();
172 // logs user out from CAS
173 // TODO : make it optional to not mess with other apps' SSO sessions with CAS
174 phpCAS::logoutWithRedirectService(util_make_url('/'));
181 * Terminate an authentication session
182 * @param unknown_type $params
185 protected function declareConfigVars() {
186 parent::declareConfigVars();
189 forge_define_config_item ('required', $this->name, 'yes');
190 forge_set_config_item_bool ('required', $this->name) ;
193 forge_define_config_item ('sufficient', $this->name, 'yes');
194 forge_set_config_item_bool ('sufficient', $this->name) ;
202 // c-file-style: "bsd"