4 * oauthproviderPlugin Class
6 * This file is (c) Copyright 2010, 2011 by Olivier BERGER, Madhumita DHAR, Institut TELECOM
8 * This file is part of FusionForge.
10 * FusionForge is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * FusionForge is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with FusionForge; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 // will most probably not be set sufficient for the whole forge, but temporarily for one script, which will call
26 // session_set_for_authplugin('oauthprovider');
28 // TODO : fix missing copyright
30 class oauthproviderPlugin extends ForgeAuthPlugin {
32 public function __construct() {
34 $this->ForgeAuthPlugin() ;
36 $this->name = 'oauthprovider';
37 $this->text = 'OAuthProvider'; // To show in the tabs, use...
38 $this->_addHook("user_personal_links");//to make a link to the user's personal part of the plugin
39 $this->_addHook("usermenu");
40 $this->_addHook("groupmenu"); // To put into the project tabs
41 $this->_addHook("groupisactivecheckbox"); // The "use ..." checkbox in editgroupinfo
42 $this->_addHook("groupisactivecheckboxpost"); //
43 $this->_addHook("userisactivecheckbox"); // The "use ..." checkbox in user account
44 $this->_addHook("userisactivecheckboxpost"); //
45 $this->_addHook("project_admin_plugins"); // to show up in the admin page fro group
46 $this->_addHook("site_admin_option_hook");
47 $this->_addHook("account_menu");
48 $this->_addHook("check_auth_session");
49 $this->_addHook("fetch_authenticated_user");
51 // Is the plugin temporarily sufficient, only for one particular script
52 $this->sufficient_forced = NULL;
54 $this->declareConfigVars();
58 global $G_SESSION,$HTML;
59 $text = $this->text; // this is what shows in the tab
60 if ($G_SESSION->usesPlugin("oauthprovider")) {
61 echo $HTML->PrintSubMenu (array ($text),
62 array ('/plugins/oauthprovider/index.php'), array(''));
65 function groupmenu($params) {
66 $group_id=$params['group'];
67 $project = &group_get_object($group_id);
68 if (!$project || !is_object($project)) {
71 if ($project->isError()) {
74 if (!$project->isProject()) {
77 if ( $project->usesPlugin ( $this->name ) ) {
78 $params['TITLES'][]=$this->text;
79 $params['DIRS'][]=util_make_url ('/plugins/oauthprovider/index.php?type=group&id=' . $group_id) ; // we indicate the part we're calling is the project one
81 $params['TITLES'][]=$this->text." is [Off]";
84 (($params['toptab'] == $this->name) ? $params['selected']=(count($params['TITLES'])-1) : '' );
86 function groupisactivecheckbox($params) {
87 //Check if the group is active
88 // this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
89 $group_id=$params['group'];
90 $group = &group_get_object($group_id);
93 echo ' <input type="checkbox" name="use_oauthproviderplugin" value="1" ';
94 // checked or unchecked?
95 if ( $group->usesPlugin ( $this->name ) ) {
101 echo "<strong>Use ".$this->text." Plugin</strong>";
105 function groupisactivecheckboxpost($params) {
106 global $use_oauthproviderplugin;
108 // this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page
109 $group_id=$params['group'];
110 $group = &group_get_object($group_id);
111 $use_oauthproviderplugin = getStringFromRequest('use_oauthproviderplugin');
112 if ( $use_oauthproviderplugin == 1 ) {
113 $group->setPluginUse ( $this->name );
115 $group->setPluginUse ( $this->name, false );
119 function userisactivecheckbox ($params) {
121 //Check if the group is active
122 // this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
123 $userid = $params['user_id'];
124 $user = user_get_object($userid);
127 echo ' <input type="checkbox" name="use_oauthproviderplugin" value="1" ';
128 // checked or unchecked?
129 if ( $user->usesPlugin ( $this->name ) ) {
135 echo "<strong>Use ".$this->text." Plugin</strong>";
139 function userisactivecheckboxpost($params) {
140 global $use_oauthproviderplugin;
142 // this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page
143 $userid = $params['user_id'];
144 $user = user_get_object($userid);
145 $use_oauthproviderplugin = getStringFromPost('use_oauthproviderplugin');
146 if ( $use_oauthproviderplugin == 1 ) {
147 $user->setPluginUse ( $this->name );
149 $user->setPluginUse ( $this->name, false );
153 function user_personal_links($params) {
154 // this displays the link in the user's profile page to it's personal oauthprovider (if you want other sto access it, youll have to change the permissions in the index.php
155 $userid = $params['user_id'];
156 $user = user_get_object($userid);
157 $text = $params['text'];
158 //check if the user has the plugin activated
159 if ($user->usesPlugin($this->name)) {
161 echo util_make_link ("/plugins/oauthprovider/index.php?type=user",
162 _('View Personal oauthprovider')
167 function project_admin_plugins($params ) {
168 // this displays the link in the project admin options page to it's oauthprovider administration
169 $group_id = $params['group_id'];
170 $group = &group_get_object($group_id);
171 if ( $group->usesPlugin ( $this->name ) ) {
172 echo '<p>'.util_make_link ("/plugins/oauthprovider/admin/index.php?id=".$group->getID().'&type=admin&pluginname='.$this->name,
173 _('oauthprovider Admin')).'</p>' ;
178 function site_admin_option_hook( ) {
179 echo '<li>'. util_make_link ('/plugins/oauthprovider/consumer.php', _('Manage OAuth consumers'). ' [' . _('OAuth provider plugin') . ']'). '</li>';
182 function account_menu( ) {
183 return array( '<a href="' . $gfplugins.'oauthprovider/www/access_tokens.php' . '">' . $plugin_oauthprovider_menu_account_summary. '</a>', );
186 protected function declareConfigVars() {
187 parent::declareConfigVars();
190 forge_define_config_item ('required', $this->name, 'no');
191 forge_set_config_item_bool ('required', $this->name) ;
194 forge_define_config_item ('sufficient', $this->name, 'yes');
195 forge_set_config_item_bool ('sufficient', $this->name) ;
199 /* Overload the default ForgeAuthPlugin::isSufficient() to handle the case where we can be temporarily sufficient (sufficient_forced in checkAuthSession)
201 public function isSufficient() {
202 return (forge_get_config('sufficient', $this->name) || $this->sufficient_forced);
206 * Is there a valid session?
208 * the session should generally not be set sufficient, but scripts will invoke session_set_for_authplugin('oauthprovider');
209 * @param unknown_type $params
212 function checkAuthSession(&$params) {
219 // As we may be re-invoked with 'sufficient_forced', we may have saved the user before, when auth was correct but insufficient
220 if($this->saved_user) {
221 $user = $this->saved_user;
225 $oauthprovider_server = new OAuthServer(FFDbOAuthDataStore::singleton());
227 $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
228 $oauthprovider_server->add_signature_method($hmac_method);
230 $req = OAuthRequest::from_request();
231 list($consumer, $token) = $oauthprovider_server->verify_request( $req);
233 // Now, the request is valid.
235 // We know which consumer is connected
236 //echo "Authenticated as consumer : \n";
237 //print_r($consumer);
238 //echo " name: ". $consumer->getName() ."\n";
239 //echo " key: $consumer->key\n";
242 // And on behalf of which user it connects
243 //echo "Authenticated with access token whose key is : $token->key \n";
245 $t_token = OauthAuthzAccessToken::load_by_key($token->key);
246 $user =& user_get_object($t_token->getUserId());
247 //$user_name = $user->getRealName().' ('.$user->getUnixName().')';
248 //echo "Acting on behalf of user : $user_name\n";
251 // TODO: but with which role is the user authenticated ??
253 } catch (OAuthException $e) {
254 $code = $e->getCode();
255 $errormsg = $e->getMessage();
259 $this->saved_user = $user;
261 // If we are forced to be sufficient temporarily, then do accordingly
262 if (isset($params['sufficient_forced']) && ($params['sufficient_forced'] == $this->name)) {
263 $this->sufficient_forced = TRUE;
265 if ($this->isSufficient()) {
266 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
268 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
271 if ($this->isRequired()) {
275 header('HTTP/1.1 401 Unauthorized', 401);
278 header('HTTP/1.1 400 Bad Request', 400);
285 echo "OAuth problem - code $code: \n";
286 print($errormsg . "\n<hr />\n");
288 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
290 //echo "OAuth problem - code $code: \n";
291 //print($errormsg . "\n<hr />\n");
293 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;