IkiWiki/Plugin/openid.pm

   1 #!/usr/bin/perl
   2 # OpenID support.
   3 package IkiWiki::Plugin::openid;
   4
   5 use warnings;
   6 use strict;
   7 use IkiWiki 2.00;
   8
   9 sub import { #{{{
  10         hook(type => "getopt", id => "openid", call => \&getopt);
  11         hook(type => "auth", id => "openid", call => \&auth);
  12         hook(type => "formbuilder_setup", id => "openid",
  13                 call => \&formbuilder_setup, last => 1);
  14 } # }}}
  15
  16 sub getopt () { #{{{
  17         eval q{use Getopt::Long};
  18         error($@) if $@;
  19         Getopt::Long::Configure('pass_through');
  20         GetOptions("openidsignup=s" => \$config{openidsignup});
  21 } #}}}
  22
  23 sub formbuilder_setup (@) { #{{{
  24         my %params=@_;
  25
  26         my $form=$params{form};
  27         my $session=$params{session};
  28         my $cgi=$params{cgi};
  29
  30         if ($form->title eq "signin") {
  31                 # This avoids it displaying a redundant label for the
  32                 # OpenID fieldset.
  33                 $form->fieldsets("OpenID");
  34
  35                 $form->field(
  36                         name => "openid_url",
  37                         label => gettext("Log in with")." ".htmllink("", "", "OpenID", noimageinline => 1),
  38                         fieldset => "OpenID",
  39                         size => 30,
  40                         comment => ($config{openidsignup} ? " | <a href=\"$config{openidsignup}\">".gettext("Get an OpenID")."</a>" : "")
  41                 );
  42
  43                 # Handle submission of an OpenID as validation.
  44                 if ($form->submitted && $form->submitted eq "Login" &&
  45                     defined $form->field("openid_url") &&
  46                     length $form->field("openid_url")) {
  47                         $form->field(
  48                                 name => "openid_url",
  49                                 validate => sub {
  50                                         validate($cgi, $session, shift, $form);
  51                                 },
  52                         );
  53                         # Skip all other required fields in this case.
  54                         foreach my $field ($form->field) {
  55                                 next if $field eq "openid_url";
  56                                 $form->field(name => $field, required => 0,
  57                                         validate => '/.*/');
  58                         }
  59                 }
  60         }
  61         elsif ($form->title eq "preferences") {
  62                 if (! defined $form->field(name => "name")) {
  63                         $form->field(name => "OpenID", disabled => 1,
  64                                 value => $session->param("name"),
  65                                 size => 50, force => 1,
  66                                 fieldset => "login");
  67                 }
  68         }
  69 }
  70
  71 sub validate ($$$;$) { #{{{
  72         my $q=shift;
  73         my $session=shift;
  74         my $openid_url=shift;
  75         my $form=shift;
  76
  77         my $csr=getobj($q, $session);
  78
  79         my $claimed_identity = $csr->claimed_identity($openid_url);
  80         if (! $claimed_identity) {
  81                 if ($form) {
  82                         # Put the error in the form and fail validation.
  83                         $form->field(name => "openid_url", comment => $csr->err);
  84                         return 0;
  85                 }
  86                 else {
  87                         error($csr->err);
  88                 }
  89         }
  90
  91         my $check_url = $claimed_identity->check_url(
  92                 return_to => IkiWiki::cgiurl(do => "postsignin"),
  93                 trust_root => $config{cgiurl},
  94                 delayed_return => 1,
  95         );
  96         # Redirect the user to the OpenID server, which will
  97         # eventually bounce them back to auth()
  98         IkiWiki::redirect($q, $check_url);
  99         exit 0;
 100 } #}}}
 101
 102 sub auth ($$) { #{{{
 103         my $q=shift;
 104         my $session=shift;
 105
 106         if (defined $q->param('openid.mode')) {
 107                 my $csr=getobj($q, $session);
 108
 109                 if (my $setup_url = $csr->user_setup_url) {
 110                         IkiWiki::redirect($q, $setup_url);
 111                 }
 112                 elsif ($csr->user_cancel) {
 113                         IkiWiki::redirect($q, $config{url});
 114                 }
 115                 elsif (my $vident = $csr->verified_identity) {
 116                         $session->param(name => $vident->url);
 117                 }
 118                 else {
 119                         error("OpenID failure: ".$csr->err);
 120                 }
 121         }
 122         elsif (defined $q->param('openid_identifier')) {
 123                 # myopenid.com affiliate support
 124                 validate($q, $session, $q->param('openid_identifier'));
 125         }
 126 } #}}}
 127
 128 sub getobj ($$) { #{{{
 129         my $q=shift;
 130         my $session=shift;
 131
 132         eval q{use Net::OpenID::Consumer};
 133         error($@) if $@;
 134
 135         my $ua;
 136         eval q{use LWPx::ParanoidAgent};
 137         if (! $@) {
 138                 $ua=LWPx::ParanoidAgent->new;
 139         }
 140         else {
 141                 $ua=LWP::UserAgent->new;
 142         }
 143
 144         # Store the secret in the session.
 145         my $secret=$session->param("openid_secret");
 146         if (! defined $secret) {
 147                 $secret=rand;
 148                 $session->param(openid_secret => $secret);
 149         }
 150
 151         return Net::OpenID::Consumer->new(
 152                 ua => $ua,
 153                 args => $q,
 154                 consumer_secret => sub { return shift()+$secret },
 155                 required_root => $config{cgiurl},
 156         );
 157 } #}}}
 158
 159 1