src/plugins/authopenid/packaging/links/plugin-authopenid -text
src/plugins/authopenid/www/index.php -text
src/plugins/authopenid/www/post-login.php -text
+src/plugins/authwebid/3rd-party/README -text
+src/plugins/authwebid/NAME -text
+src/plugins/authwebid/README -text
+src/plugins/authwebid/bin/db-delete.pl -text
+src/plugins/authwebid/bin/db-upgrade.pl -text
+src/plugins/authwebid/db/authwebid-init.sql -text
+src/plugins/authwebid/etc/authwebid.ini -text
+src/plugins/authwebid/include/AuthWebIDPlugin.class.php -text
+src/plugins/authwebid/include/authwebid-init.php -text
+src/plugins/authwebid/packaging/control/301plugin-authwebid -text
+src/plugins/authwebid/packaging/control/301plugin-authwebid.shortdesc -text
+src/plugins/authwebid/packaging/dirs/plugin-authwebid -text
+src/plugins/authwebid/packaging/docs/plugin-authwebid -text
+src/plugins/authwebid/packaging/install/plugin-authwebid -text
+src/plugins/authwebid/packaging/links/plugin-authwebid -text
+src/plugins/authwebid/www/index.php -text
+src/plugins/authwebid/www/post-login.php -text
src/plugins/blocks/NAME -text
src/plugins/blocks/common/blocksPlugin.class.php -text
src/plugins/blocks/db/blocks-init.sql -text
--- /dev/null
+The plugin relies on WebIDDelegatedAuth, downloaded from https://github.com/WebIDauth/WebIDDelegatedAuth
+
+Attention, it uses ARC2 internally, which may be also included by other plugins but with different paths
\ No newline at end of file
--- /dev/null
+Authentication via WebID
--- /dev/null
+fusionforge-plugin-authwebid
+-----------------------------
+
+This is meant to be the external WebID authentication plugin for FusionForge.
+
+It allows the forge to delegate authentication to a third party WebID "Identity Provider"
+which will check the validity of the WebID profile of the user (checking that
+the SSL cert used to access the IdP is the same as the one mentioned in the
+FOAF profile it points to).
+That IdP must be trusted by the forge administrators to do so, of course.
+
+If the plugin is activated by a user in its account management page, then
+he/she may login to FusionForge using WebID (provided that the plugin is
+activated on the whole site/forge, of course).
+
+Any number of WebID identities (URLs) can be used by a forge user to authenticate.
+
+Only one user may use one particular WebID identity simultaneously.
+
+WebID identities must have been added through the account management's WebID tab,
+and are associated to the user, provided he/she owns them (i.e. can successfully
+log-in to these URLs).
+
+The logged-in session is granted full privileges of the user, for now.
+This should be improved in a later version, as WebID may not be trusted for critical
+operations on the forge.
+
+The code depends on the WebIDDelegatedAuth library : https://github.com/WebIDauth/WebIDDelegatedAuth (a scaled down version of libAuthentication).
+
+This plugin's code is distributed under the conditions of the GNU GPL v2+ license.
+
+
+USE IT AT YOUR OWN RISKS : THIS IS JUST A VERY EARLY PLUGIN, AND NO SECURITY AUDIT WAS CONDUCTED !
+
+-- Olivier Berger
+
+Local Variables:
+mode: readme-debian
+End:
--- /dev/null
+#!/usr/bin/perl -w
+#
+# Debian-specific script to delete plugin-specific tables
+# Roland Mas <lolando@debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+ $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+ $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+ $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+ $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+ $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+ $domain_name $newsadmin_groupid $statsadmin_groupid
+ $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/share/gforge/lib/include.pl") ; # Include a few predefined functions
+require ("/usr/share/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "authwebid" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+ my ($sth, @array, $version, $action, $path, $target, $rname) ;
+
+ my $pattern = "plugin_" . $pluginname . '_%' ;
+
+ $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='v'" ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ while (@array = $sth->fetchrow_array ()) {
+ $rname = $array [0] ;
+ &drop_view_if_exists ($rname) ;
+ }
+ $sth->finish () ;
+
+ $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='r'" ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ while (@array = $sth->fetchrow_array ()) {
+ $rname = $array [0] ;
+ &drop_table_if_exists ($rname) ;
+ }
+ $sth->finish () ;
+
+ $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='i'" ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ while (@array = $sth->fetchrow_array ()) {
+ $rname = $array [0] ;
+ &drop_index_if_exists ($rname) ;
+ }
+ $sth->finish () ;
+
+ $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='s'" ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ while (@array = $sth->fetchrow_array ()) {
+ $rname = $array [0] ;
+ &drop_sequence_if_exists ($rname) ;
+ }
+ $sth->finish () ;
+
+ $dbh->commit ();
+
+
+ debug "It seems your database deletion went well and smoothly. That's cool." ;
+ debug "Please enjoy using Debian GForge." ;
+
+ # There should be a commit at the end of every block above.
+ # If there is not, then it might be symptomatic of a problem.
+ # For safety, we roll back.
+ $dbh->rollback ();
+};
+
+if ($@) {
+ warn "Transaction aborted because $@" ;
+ debug "Transaction aborted because $@" ;
+ debug "Last SQL query was:\n$query\n(end of query)" ;
+ $dbh->rollback ;
+ debug "Please report this bug on the Debian bug-tracking system." ;
+ debug "Please include the previous messages as well to help debugging." ;
+ debug "You should not worry too much about this," ;
+ debug "your DB is still in a consistent state and should be usable." ;
+ exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub debug ( $ ) {
+ my $v = shift ;
+ chomp $v ;
+ print STDERR "$v\n" ;
+}
+
+sub drop_table_if_exists ( $ ) {
+ my $tname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping table $tname" ;
+ $query = "DROP TABLE $tname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+ my $sname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping sequence $sname" ;
+ $query = "DROP SEQUENCE $sname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_index_if_exists ( $ ) {
+ my $iname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping index $iname" ;
+ $query = "DROP INDEX $iname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_view_if_exists ( $ ) {
+ my $iname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping view $iname" ;
+ $query = "DROP VIEW $iname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
--- /dev/null
+#!/usr/bin/perl -w
+#
+# Debian-specific script to upgrade the database between releases
+# Roland Mas <lolando@debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+ $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+ $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+ $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+ $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+ $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+ $domain_name $newsadmin_groupid $statsadmin_groupid
+ $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/share/gforge/lib/include.pl") ; # Include a few predefined functions
+require ("/usr/share/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "authwebid" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+ my ($sth, @array, $version, $path, $target) ;
+
+ &create_metadata_table ("0") ;
+
+ $version = &get_db_version ;
+ $target = "0.1" ;
+ if (is_lesser $version, $target) {
+ my @filelist = ( "/usr/share/gforge/plugins/$pluginname/db/$pluginname-init.sql" ) ;
+
+ foreach my $file (@filelist) {
+ debug "Processing $file" ;
+ @reqlist = @{ &parse_sql_file ($file) } ;
+
+ foreach my $s (@reqlist) {
+ $query = $s ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+ }
+ @reqlist = () ;
+
+ &update_db_version ($target) ;
+ debug "Committing." ;
+ $dbh->commit () ;
+ }
+
+
+# $version = &get_db_version ;
+# $target = "0.2" ;
+# if (is_lesser $version, $target) {
+# my @filelist = ( "/usr/share/gforge/plugins/$pluginname/db/20101203-add_type_for_iframe.sql" ) ;
+
+# foreach my $file (@filelist) {
+# debug "Processing $file" ;
+# @reqlist = @{ &parse_sql_file ($file) } ;
+
+# foreach my $s (@reqlist) {
+# $query = $s ;
+# # debug $query ;
+# $sth = $dbh->prepare ($query) ;
+# $sth->execute () ;
+# $sth->finish () ;
+# }
+# }
+# @reqlist = () ;
+
+# &update_db_version ($target) ;
+# debug "Committing." ;
+# $dbh->commit () ;
+# }
+
+ debug "It seems your database install/upgrade went well and smoothly. That's cool." ;
+ debug "Please enjoy using Debian GForge." ;
+
+ # There should be a commit at the end of every block above.
+ # If there is not, then it might be symptomatic of a problem.
+ # For safety, we roll back.
+ $dbh->rollback ();
+};
+
+if ($@) {
+ warn "Transaction aborted because $@" ;
+ debug "Transaction aborted because $@" ;
+ debug "Last SQL query was:\n$query\n(end of query)" ;
+ $dbh->rollback ;
+ debug "Please report this bug on the Debian bug-tracking system." ;
+ debug "Please include the previous messages as well to help debugging." ;
+ debug "You should not worry too much about this," ;
+ debug "your DB is still in a consistent state and should be usable." ;
+ exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub is_lesser ( $$ ) {
+ my $v1 = shift || 0 ;
+ my $v2 = shift || 0 ;
+
+ my $rc = system "dpkg --compare-versions $v1 lt $v2" ;
+
+ return (! $rc) ;
+}
+
+sub is_greater ( $$ ) {
+ my $v1 = shift || 0 ;
+ my $v2 = shift || 0 ;
+
+ my $rc = system "dpkg --compare-versions $v1 gt $v2" ;
+
+ return (! $rc) ;
+}
+
+sub debug ( $ ) {
+ my $v = shift ;
+ chomp $v ;
+ print STDERR "$v\n" ;
+}
+
+sub create_metadata_table ( $ ) {
+ my $v = shift || "0" ;
+ my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+ # Do we have the metadata table?
+
+ $query = "SELECT count(*) FROM pg_class WHERE relname = '$tablename' and relkind = 'r'";
+ # debug $query ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ # Let's create this table if we have it not
+
+ if ($array [0] == 0) {
+ debug "Creating $tablename table." ;
+ $query = "CREATE TABLE $tablename (key varchar primary key, value text not null)" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+
+ $query = "SELECT count(*) FROM $tablename WHERE key = 'db-version'";
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ # Empty table? We'll have to fill it up a bit
+
+ if ($array [0] == 0) {
+ debug "Inserting first data into $tablename table." ;
+ $query = "INSERT INTO $tablename (key, value) VALUES ('db-version', '$v')" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub update_db_version ( $ ) {
+ my $v = shift or die "Not enough arguments" ;
+ my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+ debug "Updating $tablename table." ;
+ $query = "UPDATE $tablename SET value = '$v' WHERE key = 'db-version'" ;
+ # debug $query ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+}
+
+sub get_db_version () {
+ my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+ $query = "SELECT value FROM $tablename WHERE key = 'db-version'" ;
+ # debug $query ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ my $version = $array [0] ;
+
+ return $version ;
+}
+
+sub drop_table_if_exists ( $ ) {
+ my $tname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping table $tname" ;
+ $query = "DROP TABLE $tname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+ my $sname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping sequence $sname" ;
+ $query = "DROP SEQUENCE $sname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_index_if_exists ( $ ) {
+ my $iname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping index $iname" ;
+ $query = "DROP INDEX $iname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub drop_view_if_exists ( $ ) {
+ my $iname = shift or die "Not enough arguments" ;
+ $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+ my $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ my @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+
+ if ($array [0] != 0) {
+ # debug "Dropping view $iname" ;
+ $query = "DROP VIEW $iname" ;
+ # debug $query ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ $sth->finish () ;
+ }
+}
+
+sub bump_sequence_to ( $$ ) {
+ my ($sth, @array, $seqname, $targetvalue) ;
+
+ $seqname = shift ;
+ $targetvalue = shift ;
+
+ do {
+ $query = "select nextval ('$seqname')" ;
+ $sth = $dbh->prepare ($query) ;
+ $sth->execute () ;
+ @array = $sth->fetchrow_array () ;
+ $sth->finish () ;
+ } until $array[0] >= $targetvalue ;
+}
--- /dev/null
+CREATE TABLE plugin_authwebid_user_identities (user_id INTEGER NOT NULL,
+ webid_identity text);
+CREATE UNIQUE INDEX idx_authwebid_user_identities_webid_identity on plugin_authwebid_user_identities(webid_identity);
+
--- /dev/null
+[authwebid]
+
+; plugin_status is a string.
+; valid means : production ready.
+; Any other strings means it's under work or broken and plugin
+; is available in installation_environment = development only.
+plugin_status = 'to be validated by developpers'
+
+; By default, webid is not required but may be sufficient to log in. Uncomment to activate it
+required = no
+;required = yes
+
+sufficient = yes
+;sufficient = no
+
+; Allowed values: never, user-creation, login, every-page
+;sync_data_on = never
+
+; Default delegated WebID IdP to use
+; delegate_webid_auth_to = auth.my-profile.eu
+
+; URL of the delegated auth on the IdP which accepts a ?authreqissuer=callback invocation (ex, for : https://auth.my-profile.eu/auth/?authreqissuer=http://fusionforge.example.com/callback.php)
+; idp_delegation_link = https://auth.my-profile.eu/auth/
--- /dev/null
+<?php
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once $GLOBALS['gfcommon'].'include/User.class.php';
+
+// WebID framework
+require_once('WebIDDelegatedAuth/lib/Authentication.php');
+
+/**
+ * WebID Authentication manager Plugin for FusionForge
+ *
+ */
+class AuthWebIDPlugin extends ForgeAuthPlugin {
+
+ var $delegatedAuthentifier;
+
+ var $delegate_webid_auth_to;
+
+ var $idp_delegation_link;
+
+ var $webid_identity;
+
+ function AuthWebIDPlugin () {
+ global $gfconfig;
+ $this->ForgeAuthPlugin() ;
+ $this->name = "authwebid";
+ $this->text = "WebID authentication";
+
+ $this->_addHook('display_auth_form');
+ $this->_addHook("check_auth_session");
+ $this->_addHook("fetch_authenticated_user");
+ $this->_addHook("close_auth_session");
+ $this->_addHook("usermenu") ;
+ $this->_addHook("userisactivecheckbox") ; // The "use ..." checkbox in user account
+ $this->_addHook("userisactivecheckboxpost") ; //
+
+ $this->saved_login = '';
+ $this->saved_user = NULL;
+
+ $this->delegatedAuthentifier = FALSE;
+
+ $this->webid_identity = FALSE;
+
+ $this->declareConfigVars();
+
+ // The IdP to use is configured in the .ini file
+ $this->delegate_webid_auth_to = forge_get_config ('delegate_webid_auth_to', $this->name);
+ $this->idp_delegation_link = forge_get_config('idp_delegation_link', $this->name);
+
+ }
+
+ /**
+ * Display a link redirecting to a WebID IdP, to test a delegated auth
+ * @param string $callback : callback which the IdP will invoke through with signed parameters
+ * @param string $message : alternative message for the link
+ * @return string html
+ */
+ function displayAuthentifyViaIdPLink($callback, $message = FALSE) {
+ if (!$message) {
+ $message = sprintf( _('Click here to delegate authentication of your WebID to %s'), $this->delegate_webid_auth_to);
+ }
+ $html = '<a href="' . $this->idp_delegation_link . '?authreqissuer='. $callback .'">';
+ $html .= $message .'</a>';
+ return $html;
+ }
+
+ /**
+ * Display a form to redirect to the WebID IdP
+ * @param unknown_type $params
+ * @return boolean
+ */
+ function displayAuthForm(&$params) {
+ if (!$this->isRequired() && !$this->isSufficient()) {
+ return true;
+ }
+ $return_to = $params['return_to'];
+
+ $result = '';
+
+ $result .= '<p>';
+ $result .= _('Cookies must be enabled past this point.');
+ $result .= '</p>';
+
+ // TODO Use a trusted IdP that was configured previously by the forge admin, and which is trusted by the libAuthentication checks
+ //$result .= '<a href="https://foafssl.org/srv/idp?authreqissuer='. util_make_url('/plugins/authwebid/post-login.php') .'">Click here to Login via foafssl.org</a>';
+ //echo "<br />";
+ $result .= '<b>'. $this->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/post-login.php') ) . '</b>';
+ $result .= ' ('. _('You need to have bound such a WebID to your existing fusionforge account in advance') .')';
+
+ $params['html_snippets'][$this->name] = $result;
+
+ }
+
+ /**
+ * Is there a valid session?
+ * @param unknown_type $params
+ */
+ function checkAuthSession(&$params) {
+ $this->saved_user = NULL;
+ $user = NULL;
+
+ if (isset($params['auth_token']) && $params['auth_token'] != '') {
+ $user_id = $this->checkSessionToken($params['auth_token']);
+ } else {
+ $user_id = $this->checkSessionCookie();
+ }
+ if ($user_id) {
+ $user = user_get_object($user_id);
+ } else {
+ if ($this->delegatedAuthentifier && $this->delegatedAuthentifier->identity) {
+ $username = $this->getUserNameFromWebIDIdentity($this->delegatedAuthentifier->identity);
+ if ($username) {
+ $user = $this->startSession($username);
+ }
+ }
+ }
+
+ if ($user) {
+ if ($this->isSufficient()) {
+ $this->saved_user = $user;
+ $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
+
+ } else {
+ $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
+ }
+ } else {
+ if ($this->isRequired()) {
+ $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
+ } else {
+ $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
+ }
+ }
+ }
+
+ /**
+ * Retrieve the user_name for a WebID URI stored in DB as a known ID
+ * @param string $webid_identity
+ * @return string
+ */
+ public function getUserNameFromWebIDIdentity($webid_identity) {
+ $user_name = FALSE;
+ $res = db_query_params('SELECT users.user_name FROM users, plugin_authwebid_user_identities WHERE users.user_id = plugin_authwebid_user_identities.user_id AND webid_identity=$1',
+ array($webid_identity));
+ if($res) {
+ $row = db_fetch_array_by_row($res, 0);
+ if($row) {
+ $user_name = $row['user_name'];
+ }
+ }
+ return $user_name;
+ }
+
+ /**
+ * Check if a WebID is already used and bound to an account
+ * @param string $webid_identity
+ * @return boolean
+ */
+ public function existStoredWebID($webid_identity) {
+ $res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE webid_identity =$1',
+ array($webid_identity));
+ if ($res && db_numrows($res) > 0) {
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
+ }
+
+ /**
+ * Load WebIDs already bound to an account (not the pending ones)
+ * @param string $user_id
+ * @return array
+ */
+ public function getStoredBoundWebIDs($user_id) {
+ $boundwebids = array();
+ $res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE user_id =$1',
+ array($user_id));
+ if($res) {
+ $i = 0;
+
+ while ($row = db_fetch_array($res)) {
+ $webid_identity = $row['webid_identity'];
+ // filter out the pending ones, prefixes by 'pending:'
+ if (substr($webid_identity, 0, 8) != 'pending:') {
+ $boundwebids[] = $webid_identity;
+ }
+ }
+ }
+ return $boundwebids;
+ }
+
+ /**
+ * Check if a WebID is pending confirmation of binding for a user
+ * @param string $user_id
+ * @param string $webid_identity
+ * @return boolean
+ */
+ public function isStoredPendingWebID($user_id, $webid_identity) {
+ // the pending WebIDs will be prefixed in the DB by 'pending:'
+ $webid_identity = 'pending:' . $webid_identity;
+ $res = db_query_params('SELECT COUNT(*) FROM plugin_authwebid_user_identities WHERE user_id =$1 AND webid_identity =$2',
+ array ($user_id, $webid_identity));
+ if ($res && db_numrows($res) > 0) {
+ $arr = db_fetch_array($res);
+ if ($arr[0] == '1') {
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+ }
+ else {
+ return FALSE;
+ }
+ }
+
+ /**
+ * Load WebIDs already stored, but pending confirmation by a user
+ * @param string $user_id
+ * @return array
+ */
+ public function getStoredPendingWebIDs($user_id) {
+ $pendingwebids = array();
+ $res = db_query_params('SELECT webid_identity FROM plugin_authwebid_user_identities WHERE user_id =$1',
+ array($user_id));
+ if($res) {
+ $i = 0;
+
+ while ($row = db_fetch_array($res)) {
+ $webid_identity = $row['webid_identity'];
+ // return them as plain WebIDs without the 'pending:' prefix
+ if (substr($webid_identity, 0, 8) == 'pending:') {
+ $pendingwebids[] = substr($webid_identity, 8);
+ }
+ }
+ }
+ return $pendingwebids;
+ }
+
+ /**
+ * Convert a WebID pending binding to a bound one
+ * @param string $user_id
+ * @param string $webid_identity
+ * @return string
+ */
+ public function bindStoredWebID($user_id, $webid_identity) {
+ $error_msg = NULL;
+ // remove the 'pending:' prefix
+ $res = db_query_params('UPDATE plugin_authwebid_user_identities SET webid_identity=$1 WHERE user_id =$2 AND webid_identity =$3',
+ array ($webid_identity, $user_id, 'pending:'.$webid_identity)) ;
+ if (!$res) {
+ $error_msg = sprintf(_('Cannot bind new identity: %s'), db_error());
+ }
+ return $error_msg;
+ }
+
+ /**
+ * Store a WebID as pending binding to an account
+ * @param string $user_id
+ * @param string $webid_identity
+ * @return string
+ */
+ public function addStoredPendingWebID($user_id, $webid_identity) {
+ $error_msg = NULL;
+ // make sure not to add as pending to one account an already bound WebID for another
+ if ($this->existStoredWebID($webid_identity)) {
+ $error_msg = _('WebID already used');
+ }
+ else {
+ // prefix it with the 'pending:' prefix
+ $webid_identity = 'pending:' . $webid_identity;
+ // make sure to not add the same pending WebID for two different accounts
+ if ($this->existStoredWebID($webid_identity)) {
+ $error_msg = _('WebID already pending binding');
+ }
+ $res = db_query_params('INSERT INTO plugin_authwebid_user_identities (user_id, webid_identity) VALUES ($1,$2)',
+ array ($user_id, $webid_identity)) ;
+ if (!$res || db_affected_rows($res) < 1) {
+ $error_msg = sprintf(_('Cannot insert new identity: %s'), db_error());
+ }
+ }
+ return $error_msg;
+ }
+
+ /**
+ * Remove a WebID (possibly pending) from the table
+ * @param string $user_id
+ * @param string $webid_identity
+ * @return string
+ */
+ public function removeStoredWebID($user_id, $webid_identity) {
+ $error_msg = NULL;
+ $res = db_query_params('DELETE FROM plugin_authwebid_user_identities WHERE user_id=$1 AND webid_identity=$2',
+ array($user_id, $webid_identity));
+ if (!$res || db_affected_rows($res) < 1) {
+ $error_msg = sprintf(_('Cannot delete identity: %s'), db_error());
+ }
+ return $error_msg;
+ }
+
+ /**
+ * Check if we just got invoked back as a callback by the IdP which validated a WebID
+ * @return boolean
+ */
+ public function justBeenAuthenticatedByIdP() {
+
+ // We should trust lib WebIDDelegatedAuth unless the admin wants to play by customizing by doing something like the commented code below
+ /*
+ // initialize the WebID lib handler which will read the posted args
+ $IDPCertificates = array ( 'foafssl.org' =>
+ "-----BEGIN PUBLIC KEY-----
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFboiwS5HzsQAAerGOj8
+ Zk6qvEf2QVarlm+c1fxd6f3OoQ9ezib1LjXitw+z2xcLG8lzaTmKOU0jw7KZp6WL
+ W6gqhAWj2BQ1Lkl9R7aAUpA3ypk52gik8u/5JiWpTt1EV99DP5XNzzQ/QVjkvBlj
+ rY+1ZeM+XtKzGfbK7eWh583xn3AE6maprXfLAo3BjUWJOQe0VHGYgrBVOcRQrSQ6
+ 34/f+jk22tmYZRzdTT/ZCadeLd7NryIeJbEu0W105JYvKodawSM3/zjt4fXFIPyB
+ z8vHHmHRd2syDWqUy46YVQfqCfUBdXkHbvVQBtAfvRGUhYbFQm926an6z9uRE5LC
+ aQIDAQAB
+ -----END PUBLIC KEY-----
+ ");
+
+ //$certRepository = new Authentication_X509CertRepo($IDPCertificates);
+ */
+
+ // We don't rely on the PHP session, as we're in FusionForge
+ $create_session = FALSE;
+ //$this->delegatedAuthentifier = new Authentication_Delegated($create_session, NULL, NULL, $certRepository);
+ $this->delegatedAuthentifier = new Authentication_Delegated($create_session);
+
+ return $this->delegatedAuthentifier->isAuthenticated();
+ }
+
+ /**
+ * Return current WebID if the delegated Auth has proceeded
+ * @return string
+ */
+ public function getCurrentWebID() {
+ $webid = FALSE;
+ if ($this->delegatedAuthentifier) {
+ $webid = $this->delegatedAuthentifier->webid;
+ }
+ return $webid;
+ }
+
+ protected function declareConfigVars() {
+ parent::declareConfigVars();
+
+ // Change vs default
+ forge_define_config_item ('required', $this->name, 'no');
+ forge_set_config_item_bool ('required', $this->name) ;
+
+ // Change vs default
+ forge_define_config_item ('sufficient', $this->name, 'no');
+ forge_set_config_item_bool ('sufficient', $this->name) ;
+
+ // Default delegated WebID IdP to use
+ forge_define_config_item ('delegate_webid_auth_to', $this->name, 'auth.my-profile.eu');
+
+ //URL of the delegated auth on the IdP which accepts a ?authreqissuer=callback invocation
+ // for ex, for : https://auth.my-profile.eu/auth/?authreqissuer=http://fusionforge.example.com/callback.php :
+ forge_define_config_item ('idp_delegation_link', $this->name, 'https://auth.my-profile.eu/auth/');
+
+ }
+
+ /**
+ * Displays link to WebID identities management tab in user's page ('usermenu' hook)
+ * @param unknown_type $params
+ */
+ public function usermenu($params) {
+ global $G_SESSION, $HTML;
+ $text = $this->text; // this is what shows in the tab
+ if ($G_SESSION->usesPlugin($this->name)) {
+ //$param = '?type=user&id=' . $G_SESSION->getId() . "&pluginname=" . $this->name; // we indicate the part we�re calling is the user one
+ echo $HTML->PrintSubMenu (array ($text), array ('/plugins/authwebid/index.php'), array(_('coin pan')));
+ }
+ }
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
--- /dev/null
+<?php
+
+/** External authentication via WebID for FusionForge
+ *
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+global $gfplugins;
+require_once $gfplugins.'authwebid/include/AuthWebIDPlugin.class.php' ;
+
+$authWebIDPluginObject = new AuthWebIDPlugin ;
+
+register_plugin ($authWebIDPluginObject) ;
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
--- /dev/null
+Package: @PACKAGE@-plugin-authwebid
+Architecture: all
+Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web, libwebiddelegatedauth-php, ${misc:Depends}
+Description: collaborative development tool - WebID consumer authentication plugin
--- /dev/null
+ This plugin contains an WebID consumer authentication mechanism for
+ FusionForge. It allows users to authenticate against external WebID
+ providers.
--- /dev/null
+usr/share/@OLDPACKAGE@/plugins/authwebid/bin
+usr/share/@OLDPACKAGE@/plugins/authwebid/www
+usr/share/@OLDPACKAGE@/plugins/authwebid/common
--- /dev/null
+plugins/authwebid/README
--- /dev/null
+plugins/authwebid/include usr/share/@OLDPACKAGE@/plugins/authwebid/
+plugins/authwebid/www usr/share/@OLDPACKAGE@/plugins/authwebid/
+plugins/authwebid/etc/*.ini etc/@PACKAGE@/config.ini.d/
+plugins/authwebid/db/* usr/share/@OLDPACKAGE@/plugins/authwebid/db/
+plugins/authwebid/bin/* usr/share/@OLDPACKAGE@/plugins/authwebid/bin/
+
--- /dev/null
+/usr/share/@OLDPACKAGE@/plugins/authwebid/www /usr/share/@OLDPACKAGE@/www/plugins/authwebid
--- /dev/null
+<?php
+
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011-2012, Olivier Berger & Institut Mines-Telecom
+ *
+ * This program was initially developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once ('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+
+session_require_login();
+
+// get global users vars
+$u =& user_get_object(user_getid());
+if (!$u || !is_object($u)) {
+ exit_error(_('Could Not Get User'));
+} elseif ($u->isError()) {
+ exit_error($u->getErrorMessage(),'my');
+}
+
+$plugin = plugin_get_object('authwebid');
+
+// we receive this when addition or deletion is confirmed
+$webid_identity = htmlspecialchars(trim(getStringFromRequest('webid_identity', 'http://')));
+
+// When invoked back by the IdP, the request is signed
+if (getStringFromRequest('sig') != '') {
+
+ // First, verify that we indeed got invoked back as a callback of the IdP delegated auth
+ if ( $plugin->justBeenAuthenticatedByIdP() ) {
+
+ // We can then trust the webid set by WebIDDelegatedAuth lib
+ $webid_identity = $plugin->getCurrentWebID();
+
+ // Now, if we went back to the IdP in order to confirm a pending binding, it's time to bind it
+ if ( $plugin->isStoredPendingWebID($u->getID(), $webid_identity) ) {
+
+ $error_msg = $plugin->bindStoredWebID($u->getID(), $webid_identity);
+ if ($error_msg) {
+ $webid_identity = 'http://';
+ } else {
+ $feedback = _('The IdP has confirmed that you own this WebID. It is now bound to your account.');
+ }
+ }
+ else {
+ // or it's the first time we went to the IdP, and we wait until the confirmation of the binding to really use it
+ $error_msg = $plugin->addStoredPendingWebID($u->getID(), $webid_identity);
+ if ($error_msg) {
+ $webid_identity = 'http://';
+ } else {
+ $feedback = _('The IdP has confirmed that you own a WebID. Please confirm you want to bind it to your account.');
+ }
+ }
+ }
+}
+
+// If called to remove an identity
+if (getStringFromRequest('delete') != '') {
+
+ $error_msg = $plugin->removeStoredWebID($u->getID(), $webid_identity);
+
+ if (!$error_msg) {
+ $feedback = _('Identity successfully deleted');
+ $webid_identity = 'http://';
+ }
+}
+
+// In all cases, we display the management screen
+
+$title = sprintf(_('Manage WebID identities for user %1$s'), $u->getUnixName());
+site_user_header(array('title'=>$title));
+
+echo $HTML->boxTop(_('My WebID identities'));
+
+?>
+ <h2><?php echo _('Bind a new WebID'); ?></h2>
+
+ <p><?php
+
+ echo _('You can add your own WebID identities in the form below.') . '<br />';
+ echo _('Once you have confirmed their binding to your fusionforge account, you may use them to login.') ?></p>
+
+ <?php
+ // display a table of WebIDs pending binding
+ $pendingwebids = $plugin->getStoredPendingWebIDs($u->getID());
+ if( count($pendingwebids) ) {
+ echo $HTML->listTableTop(array(_('Already pending WebIDs you could bind to your account'), ''));
+
+ $i = 0;
+ foreach($pendingwebids as $webid_identity) {
+ echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+ echo '<td><i>'. $webid_identity .'</i></td>';
+ echo '<td><b>'. $plugin->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/index.php'), _('Confirm binding')) . '</b></td>';
+ echo '<td><a href="'.util_make_uri ('/plugins/authwebid/').'?webid_identity='. urlencode('pending:'.$webid_identity) .'&delete=1">'. _('remove') . '</a></td>';
+ echo '</tr>';
+ $i++;
+ }
+ echo $HTML->listTableBottom();
+ }
+ ?>
+ <!-- This form isn't one any more actually, but decorations is nice like this -->
+ <form name="new_identity" action="<?php echo util_make_uri ('/plugins/authwebid/'); ?>" method="post">
+ <fieldset>
+ <legend><?php echo _('Bind a new WebID'); ?></legend>
+ <p>
+ <?php
+ echo '</p><p>';
+ // redirect link to the IdP
+ // This might as well confirm binding just as if using the Confirm link, if user has only one WebID recognized by the IdP
+ echo '<b>'. $plugin->displayAuthentifyViaIdPLink( util_make_url('/plugins/authwebid/index.php'),
+ sprintf( _('Click here to initiate the addition of a new WebID validated via %s'),
+ $plugin->delegate_webid_auth_to)) . '</b>';
+ ?>
+ </p>
+ </fieldset>
+ </form>
+
+ <h2><?php echo _('My WebIDs'); ?></h2>
+
+ <?php
+
+ // now display existing bound identities
+
+
+ $boundwebids = $plugin->getStoredBoundWebIDs($u->getID());
+
+ if(count($boundwebids)) {
+ echo $HTML->listTableTop(array(_('WebIDs already bound to your account, which you can use to login'), ''));
+ $i = 0;
+
+ foreach($boundwebids as $webid_identity) {
+ echo '<tr '.$HTML->boxGetAltRowStyle($i).'>';
+ echo '<td>'. $webid_identity .'</td>';
+ echo '<td><a href="'.util_make_uri ('/plugins/authwebid/').'?webid_identity='. urlencode($webid_identity) .'&delete=1">'. _('remove') . '</a></td>';
+ echo '</tr>';
+ $i++;
+ }
+
+ echo $HTML->listTableBottom();
+ }
+ else {
+ echo '<p>'. _("You haven't yet bound any WebID to your account") . '</p>';
+ }
+
+
+ echo $HTML->boxBottom();
+
+site_user_footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
--- /dev/null
+<?php
+/** External authentication via WebID for FusionForge
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Olivier Berger & Institut Telecom
+ *
+ * This program was developped in the frame of the COCLICO project
+ * (http://www.coclico-project.org/) with financial support of the Paris
+ * Region council.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+// FIXME : WTF ?!?!?!?
+Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
+Header( "Cache-Control: no-cache");
+Header( "Cache-Control: must-revalidate");
+
+require_once('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
+
+// WebID framework
+require_once('WebIDDelegatedAuth/lib/Authentication.php');
+
+$plugin = plugin_get_object('authwebid');
+
+$return_to = getStringFromRequest('return_to');
+//$login = getStringFromRequest('login');
+
+//$webid_identifier = getStringFromRequest('webid');
+$triggered = getIntFromRequest('triggered');
+
+if (forge_get_config('use_ssl') && !session_issecure()) {
+ //force use of SSL for login
+ // redirect
+ session_redirect_external('https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
+}
+
+ // TODO check error param in request
+ if ( $plugin->justBeenAuthenticatedByIdP() ) {
+ //echo "authenticated as :";
+ //print_r($plugin->delegatedAuthentifier);
+ //exit(0);
+
+ // initiate session
+ if ($plugin->isSufficient()) {
+ $user = False;
+
+ $username = $plugin->getUserNameFromWebIDIdentity($plugin->getCurrentWebID());
+ if ($username) {
+ $user_tmp = user_get_object_by_name($username);
+ if($user_tmp->usesPlugin($plugin->name)) {
+ $user = $plugin->startSession($username);
+ }
+ else {
+ $warning_msg = _('WebID plugin not activated for the user account');
+ }
+ }
+
+ if($user) {
+ $feedback = _('The IdP has confirmed that you own this WebID bound to your account. Welcome.');
+ // redirect to the proper place in the forge
+ if ($return_to) {
+ validate_return_to($return_to);
+
+ session_redirect($return_to);
+ } else {
+ session_redirect("/my");
+ }
+ }
+ else {
+ $warning_msg = sprintf (_("Unknown user with identity '%s'"),$plugin->getCurrentWebID());
+ }
+ }
+ }
+ else {
+ echo "error :". $plugin->delegatedAuthentifier->authnDiagnostic;
+ print_r($plugin->delegatedAuthentifier);
+ exit(0);
+ }
+ //}
+
+ // Otherwise, display the login form again
+ display_login_page($return_to, $triggered);
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>