IkiWiki/Plugin/openid.pm

   1 #!/usr/bin/perl
   2 # OpenID support.
   3 package IkiWiki::Plugin::openid;
   4
   5 use warnings;
   6 use strict;
   7 use IkiWiki;
   8
   9 sub import { #{{{
  10         hook(type => "checkconfig", id => "smiley", call => \&checkconfig);
  11         hook(type => "auth", id => "skeleton", call => \&auth);
  12 } # }}}
  13
  14 sub checkconfig () { #{{{
  15         # Currently part of the OpenID code is in CGI.pm, and is enabled by
  16         # this setting.
  17         # TODO: modularise it all out into this plugin..
  18         $config{openid}=1;
  19 } #}}}
  20
  21 sub auth ($$) { #{{{
  22         my $q=shift;
  23         my $session=shift;
  24
  25         if (defined $q->param('openid.mode')) {
  26                 my $csr=getobj($q, $session);
  27
  28                 if (my $setup_url = $csr->user_setup_url) {
  29                         IkiWiki::redirect($q, $setup_url);
  30                 }
  31                 elsif ($csr->user_cancel) {
  32                         IkiWiki::redirect($q, $config{url});
  33                 }
  34                 elsif (my $vident = $csr->verified_identity) {
  35                         $session->param(name => $vident->url);
  36                 }
  37         }
  38 } #}}}
  39
  40 sub validate ($$$$) { #{{{
  41         my $q=shift;
  42         my $session=shift;
  43         my $form=shift;
  44         my $openid_url=shift;
  45
  46         my $csr=getobj($q, $session);
  47
  48         my $claimed_identity = $csr->claimed_identity($openid_url);
  49         if (! $claimed_identity) {
  50                 # Put the error in the form and fail validation.
  51                 $form->field(name => "openid_url", comment => $csr->err);
  52                 return 0;
  53         }
  54         my $check_url = $claimed_identity->check_url(
  55                 return_to => IkiWiki::cgiurl(
  56                         do => $form->field("do"),
  57                         page => $form->field("page"),
  58                         title => $form->field("title"),
  59                         from => $form->field("from"),
  60                         subpage => $form->field("subpage")
  61                 ),
  62                 trust_root => $config{cgiurl},
  63                 delayed_return => 1,
  64         );
  65         # Redirect the user to the OpenID server, which will
  66         # eventually bounce them back to auth() above.
  67         IkiWiki::redirect($q, $check_url);
  68         exit 0;
  69 } #}}}
  70
  71 sub getobj ($$) { #{{{
  72         my $q=shift;
  73         my $session=shift;
  74
  75         eval q{use Net::OpenID::Consumer};
  76         error($@) if $@;
  77
  78         my $ua;
  79         eval q{use LWPx::ParanoidAgent};
  80         if (! $@) {
  81                 $ua=LWPx::ParanoidAgent->new;
  82         }
  83         else {
  84                 $ua=LWP::UserAgent->new;
  85         }
  86
  87         # Store the secret in the session.
  88         my $secret=$session->param("openid_secret");
  89         if (! defined $secret) {
  90                 $secret=$session->param(openid_secret => time);
  91         }
  92
  93         return Net::OpenID::Consumer->new(
  94                 ua => $ua,
  95                 args => $q,
  96                 consumer_secret => $secret,
  97                 required_root => $config{cgiurl},
  98         );
  99 } #}}}
 100
 101 1