]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/openid.pm
ensure state is dropped when a page stops embeddeding the version
[git.ikiwiki.info.git] / IkiWiki / Plugin / openid.pm
1 #!/usr/bin/perl
2 # OpenID support.
3 package IkiWiki::Plugin::openid;
5 use warnings;
6 use strict;
7 use IkiWiki 2.00;
9 sub import { #{{{
10         hook(type => "getopt", id => "openid", call => \&getopt);
11         hook(type => "auth", id => "openid", call => \&auth);
12         hook(type => "formbuilder_setup", id => "openid",
13                 call => \&formbuilder_setup, last => 1);
14 } # }}}
16 sub getopt () { #{{{
17         eval q{use Getopt::Long};
18         error($@) if $@;
19         Getopt::Long::Configure('pass_through');
20         GetOptions("openidsignup=s" => \$config{openidsignup});
21 } #}}}
23 sub formbuilder_setup (@) { #{{{
24         my %params=@_;
26         my $form=$params{form};
27         my $session=$params{session};
28         my $cgi=$params{cgi};
29         
30         # Give up if module is unavailable to avoid needing to depend on
31         # it.
32         eval q{use Net::OpenID::Consumer};
33         if ($@) {
34                 debug("unable to load Net::OpenID::Consumer, not enabling OpenID login");
35                 return;
36         }
38         if ($form->title eq "signin") {
39                 # This avoids it displaying a redundant label for the
40                 # OpenID fieldset.
41                 $form->fieldsets("OpenID");
43                 $form->field(
44                         name => "openid_url",
45                         label => gettext("Log in with")." ".htmllink("", "", "ikiwiki/OpenID", noimageinline => 1),
46                         fieldset => "OpenID",
47                         size => 30,
48                         comment => ($config{openidsignup} ? " | <a href=\"$config{openidsignup}\">".gettext("Get an OpenID")."</a>" : "")
49                 );
51                 # Handle submission of an OpenID as validation.
52                 if ($form->submitted && $form->submitted eq "Login" &&
53                     defined $form->field("openid_url") && 
54                     length $form->field("openid_url")) {
55                         $form->field(
56                                 name => "openid_url",
57                                 validate => sub {
58                                         validate($cgi, $session, shift, $form);
59                                 },
60                         );
61                         # Skip all other required fields in this case.
62                         foreach my $field ($form->field) {
63                                 next if $field eq "openid_url";
64                                 $form->field(name => $field, required => 0,
65                                         validate => '/.*/');
66                         }
67                 }
68         }
69         elsif ($form->title eq "preferences") {
70                 if (! defined $form->field(name => "name")) {
71                         $form->field(name => "OpenID", disabled => 1,
72                                 value => $session->param("name"), 
73                                 size => 50, force => 1,
74                                 fieldset => "login");
75                 }
76         }
77 }
79 sub validate ($$$;$) { #{{{
80         my $q=shift;
81         my $session=shift;
82         my $openid_url=shift;
83         my $form=shift;
85         my $csr=getobj($q, $session);
87         my $claimed_identity = $csr->claimed_identity($openid_url);
88         if (! $claimed_identity) {
89                 if ($form) {
90                         # Put the error in the form and fail validation.
91                         $form->field(name => "openid_url", comment => $csr->err);
92                         return 0;
93                 }
94                 else {
95                         error($csr->err);
96                 }
97         }
99         my $check_url = $claimed_identity->check_url(
100                 return_to => IkiWiki::cgiurl(do => "postsignin"),
101                 trust_root => $config{cgiurl},
102                 delayed_return => 1,
103         );
104         # Redirect the user to the OpenID server, which will
105         # eventually bounce them back to auth()
106         IkiWiki::redirect($q, $check_url);
107         exit 0;
108 } #}}}
110 sub auth ($$) { #{{{
111         my $q=shift;
112         my $session=shift;
114         if (defined $q->param('openid.mode')) {
115                 my $csr=getobj($q, $session);
117                 if (my $setup_url = $csr->user_setup_url) {
118                         IkiWiki::redirect($q, $setup_url);
119                 }
120                 elsif ($csr->user_cancel) {
121                         IkiWiki::redirect($q, $config{url});
122                 }
123                 elsif (my $vident = $csr->verified_identity) {
124                         $session->param(name => $vident->url);
125                 }
126                 else {
127                         error("OpenID failure: ".$csr->err);
128                 }
129         }
130         elsif (defined $q->param('openid_identifier')) {
131                 # myopenid.com affiliate support
132                 validate($q, $session, $q->param('openid_identifier'));
133         }
134 } #}}}
136 sub getobj ($$) { #{{{
137         my $q=shift;
138         my $session=shift;
140         eval q{use Net::OpenID::Consumer};
141         error($@) if $@;
143         my $ua;
144         eval q{use LWPx::ParanoidAgent};
145         if (! $@) {
146                 $ua=LWPx::ParanoidAgent->new;
147         }
148         else {
149                 $ua=LWP::UserAgent->new;
150         }
152         # Store the secret in the session.
153         my $secret=$session->param("openid_secret");
154         if (! defined $secret) {
155                 $secret=rand;
156                 $session->param(openid_secret => $secret);
157         }
159         return Net::OpenID::Consumer->new(
160                 ua => $ua,
161                 args => $q,
162                 consumer_secret => sub { return shift()+$secret },
163                 required_root => $config{cgiurl},
164         );
165 } #}}}