projects / ikiwiki / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
actually, let's not use a fieldset label at all here, and use the
[ikiwiki] / IkiWiki / Plugin / openid.pm
1 #!/usr/bin/perl
2 # OpenID support.
3 package IkiWiki::Plugin::openid;
4
5 use warnings;
6 use strict;
7 use IkiWiki 2.00;
8
9 sub import { #{{{
10         hook(type => "getopt", id => "openid", call => \&getopt);
11         hook(type => "auth", id => "openid", call => \&auth);
12         hook(type => "formbuilder_setup", id => "openid",
13                 call => \&formbuilder_setup, last => 1);
14 } # }}}
15
16 sub getopt () { #{{{
17         eval q{use Getopt::Long};
18         error($@) if $@;
19         Getopt::Long::Configure('pass_through');
20         GetOptions("openidsignup=s" => \$config{openidsignup});
21 } #}}}
22
23 sub formbuilder_setup (@) { #{{{
24         my %params=@_;
25
26         my $form=$params{form};
27         my $session=$params{session};
28         my $cgi=$params{cgi};
29
30         if ($form->title eq "signin") {
31                 # This avoids it displaying a redundant label for the
32                 # OpenID fieldset.
33                 $form->fieldsets("OpenID");
34
35                 $form->field(
36                         name => "openid_url",
37                         label => gettext("Log in with")." ".htmllink("", "", "OpenID", noimageinline => 1),
38                         fieldset => "OpenID",
39                         size => 30,
40                         comment => ($config{openidsignup} ? " | <a href=\"$config{openidsignup}\">".gettext("Get an OpenID")."</a>" : "")
41                 );
42
43                 # Handle submission of an OpenID as validation.
44                 if ($form->submitted && $form->submitted eq "Login" &&
45                     defined $form->field("openid_url") && 
46                     length $form->field("openid_url")) {
47                         $form->field(
48                                 name => "openid_url",
49                                 validate => sub {
50                                         validate($cgi, $session, shift, $form);
51                                 },
52                         );
53                         # Skip all other required fields in this case.
54                         foreach my $field ($form->field) {
55                                 next if $field eq "openid_url";
56                                 $form->field(name => $field, required => 0,
57                                         validate => '/.*/');
58                         }
59                 }
60         }
61         elsif ($form->title eq "preferences") {
62                 if (! defined $form->field(name => "name")) {
63                         $form->field(name => "OpenID", disabled => 1,
64                                 value => $session->param("name"), 
65                                 size => 50, force => 1,
66                                 fieldset => "login");
67                 }
68         }
69 }
70
71 sub validate ($$$;$) { #{{{
72         my $q=shift;
73         my $session=shift;
74         my $openid_url=shift;
75         my $form=shift;
76
77         my $csr=getobj($q, $session);
78
79         my $claimed_identity = $csr->claimed_identity($openid_url);
80         if (! $claimed_identity) {
81                 if ($form) {
82                         # Put the error in the form and fail validation.
83                         $form->field(name => "openid_url", comment => $csr->err);
84                         return 0;
85                 }
86                 else {
87                         error($csr->err);
88                 }
89         }
90
91         my $check_url = $claimed_identity->check_url(
92                 return_to => IkiWiki::cgiurl(do => "postsignin"),
93                 trust_root => $config{cgiurl},
94                 delayed_return => 1,
95         );
96         # Redirect the user to the OpenID server, which will
97         # eventually bounce them back to auth()
98         IkiWiki::redirect($q, $check_url);
99         exit 0;
100 } #}}}
101
102 sub auth ($$) { #{{{
103         my $q=shift;
104         my $session=shift;
105
106         if (defined $q->param('openid.mode')) {
107                 my $csr=getobj($q, $session);
108
109                 if (my $setup_url = $csr->user_setup_url) {
110                         IkiWiki::redirect($q, $setup_url);
111                 }
112                 elsif ($csr->user_cancel) {
113                         IkiWiki::redirect($q, $config{url});
114                 }
115                 elsif (my $vident = $csr->verified_identity) {
116                         $session->param(name => $vident->url);
117                 }
118                 else {
119                         error("OpenID failure: ".$csr->err);
120                 }
121         }
122         elsif (defined $q->param('openid_identifier')) {
123                 # myopenid.com affiliate support
124                 validate($q, $session, $q->param('openid_identifier'));
125         }
126 } #}}}
127
128 sub getobj ($$) { #{{{
129         my $q=shift;
130         my $session=shift;
131
132         eval q{use Net::OpenID::Consumer};
133         error($@) if $@;
134
135         my $ua;
136         eval q{use LWPx::ParanoidAgent};
137         if (! $@) {
138                 $ua=LWPx::ParanoidAgent->new;
139         }
140         else {
141                 $ua=LWP::UserAgent->new;
142         }
143
144         # Store the secret in the session.
145         my $secret=$session->param("openid_secret");
146         if (! defined $secret) {
147                 $secret=rand;
148                 $session->param(openid_secret => $secret);
149         }
150
151         return Net::OpenID::Consumer->new(
152                 ua => $ua,
153                 args => $q,
154                 consumer_secret => sub { return shift()+$secret },
155                 required_root => $config{cgiurl},
156         );
157 } #}}}
158
159 1
Ikiwiki patches