2 /** External authentication via OpenID for FusionForge
3 * Copyright 2011, Roland Mas
4 * Copyright 2011, Olivier Berger & Institut Telecom
6 * This program was developped in the frame of the COCLICO project
7 * (http://www.coclico-project.org/) with financial support of the Paris
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 // FIXME : WTF ?!?!?!?
27 Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
28 Header( "Cache-Control: no-cache");
29 Header( "Cache-Control: must-revalidate");
31 require_once '../../../www/env.inc.php';
32 require_once $gfcommon.'include/pre.php';
33 require_once '../../../www/include/login-form.php';
35 // from lightopenid (http://code.google.com/p/lightopenid/)
36 require_once 'openid.php';
38 $plugin = plugin_get_object('authopenid');
40 $return_to = getStringFromRequest('return_to');
41 $login = getStringFromRequest('login');
42 $openid_identifier = getStringFromRequest('openid_identifier');
43 $triggered = getIntFromRequest('triggered');
45 if (forge_get_config('use_ssl') && !session_issecure()) {
46 //force use of SSL for login
48 session_redirect_external('https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
53 // initialize the OpenID lib handler which will read the posted args
54 $plugin->openid = new LightOpenID;
55 // check the 'openid_mode' that may be set on returning from OpenID provider
56 if(!$plugin->openid->mode) {
58 // We're just called by the login form : redirect to the OpenID provider
59 if(isset($_POST['openid_identifier'])) {
60 $openid_identifier = $_POST['openid_identifier'];
61 if($plugin->getUserNameFromOpenIDIdentity($openid_identifier)) {
62 $plugin->openid->identity = $openid_identifier;
63 session_redirect_external($plugin->openid->authUrl());
66 $warning_msg = _('No such OpenID identity registered yet');
70 // or we are called back by the OpenID provider
71 } elseif($plugin->openid->mode == 'cancel') {
72 $warning_msg .= _('User has canceled authentication');
75 // Authentication should have been attempted by OpenID provider
76 if ($plugin->openid->validate()) {
77 // If user successfully logged in to OpenID provider
80 if ($plugin->isSufficient()) {
83 $username = $plugin->getUserNameFromOpenIDIdentity($plugin->openid->identity);
85 $user_tmp = user_get_object_by_name($username);
86 if($user_tmp->usesPlugin($plugin->name)) {
87 $user = $plugin->startSession($username);
90 $warning_msg = _('OpenID plugin not activated for the user account');
95 // redirect to the proper place in the forge
97 validate_return_to($return_to);
99 session_redirect($return_to);
101 session_redirect("/my");
105 $warning_msg = sprintf (_("Unknown user with identity '%s'"),$plugin->openid->identity);
111 // Otherwise, display the login form again
112 display_login_page($return_to, $triggered);
114 } catch(ErrorException $e) {
115 echo 'OpenID error'. $e->getMessage();
119 // c-file-style: "bsd"