lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm

202 lines
5.4 KiB
Perl
Raw Normal View History

2010-02-21 15:00:53 +01:00
##@file
# OpenID authentication backend file
##@class
2010-02-21 15:47:16 +01:00
# OpenID authentication backend class.
# The form must return a openIdUrl field
2010-02-21 15:00:53 +01:00
package Lemonldap::NG::Portal::AuthOpenID;
use strict;
use Lemonldap::NG::Portal::Simple;
use Net::OpenID::Consumer;
use LWP::UserAgent;
our $VERSION = '0.1';
## @apmethod int authInit()
# @return Lemonldap::NG::Portal constant
sub authInit {
my $self = shift;
2010-02-27 15:10:23 +01:00
unless ( $self->{openIdSecret} ) {
$self->abort( 'Bad configuration', 'openIdSecret field is required' );
}
2010-02-21 15:00:53 +01:00
PE_OK;
}
## @apmethod int extractFormInfo()
# Read username return by OpenID authentication system.
# @return Lemonldap::NG::Portal constant
sub extractFormInfo {
my $self = shift;
2010-02-27 15:10:23 +01:00
$self->{csr} = Net::OpenID::Consumer->new(
ua => LWP::UserAgent->new,
cache => Cache::FileCache->new,
args => $self,
consumer_secret => $self->{openIdSecret},
required_root => $self->{portal},
);
2010-02-21 15:00:53 +01:00
my ( $url, $openid );
# 1. If no openid element has been detected
2010-02-27 15:10:23 +01:00
$openid = $self->param('openid');
2010-02-21 15:00:53 +01:00
return PE_FIRSTACCESS
2010-02-27 15:10:23 +01:00
unless ( $url = $self->param('openIdUrl') or $openid );
2010-02-21 15:00:53 +01:00
# 2. Check OpenID responses
if ($openid) {
my $csr = $self->{csr};
# Remote error
unless ( $csr->is_server_response() ) {
$self->{msg} = 'No OpenID valid message found' . $csr->err();
$self->lmLog( $self->{msg}, 'debug' );
return PE_BADCREDENTIALS;
}
2010-02-21 15:47:16 +01:00
# If confirmation is needed
2010-02-21 15:00:53 +01:00
if ( my $setup_url = $csr->user_setup_url ) {
2010-02-27 15:10:23 +01:00
$self->lmLog( 'OpenID confirmation needed', 'debug' );
2010-02-21 15:47:16 +01:00
print $self->redirect($setup_url);
$self->quit();
2010-02-21 15:00:53 +01:00
}
# Check if user has refused to share his authentication
elsif ( $csr->user_cancel() ) {
$self->{msg} = "OpenID request cancelled by user";
$self->lmLog( $self->{msg}, 'debug' );
return PE_FIRSTACCESS;
}
# TODO: check verified identity
2010-02-27 15:10:23 +01:00
elsif ( $self->{vident} = $csr->verified_identity ) {
$self->{user} = $self->{vident}->url();
$self->lmLog( "OpenID good authentication for $self->{user}",
'debug' );
$self->{mustRedirect} = 1;
2010-02-21 15:00:53 +01:00
return PE_OK;
}
# Other errors
else {
2010-02-27 15:10:23 +01:00
$self->{msg} = 'OpenID error: ' . $csr->err;
2010-02-21 15:47:16 +01:00
$self->lmLog( $self->{msg}, 'debug' );
return PE_ERROR;
2010-02-21 15:00:53 +01:00
}
}
# 3. Check if an OpenID url has been submitted
else {
my $claimed_identity = $self->{csr}->claimed_identity($url);
# Check if url is valid
unless ($claimed_identity) {
$self->{msg} = "OpenID error : " . $self->{csr}->err();
$self->lmLog( $self->{msg}, 'debug' );
return PE_BADCREDENTIALS;
}
# Redirect user
$self->lmLog( "OpenID redirection to $url", 'debug' );
2010-02-21 15:47:16 +01:00
# TODO: insert url=...
2010-02-21 15:00:53 +01:00
my $check_url = $claimed_identity->check_url(
return_to => $self->{portal} . '?openid=1',
trust_root => $self->{portal},
);
2010-02-21 15:47:16 +01:00
print $self->redirect($check_url);
$self->quit();
2010-02-21 15:00:53 +01:00
}
PE_OK;
}
## @apmethod int setAuthSessionInfo()
# Store user.
# @return Lemonldap::NG::Portal constant
sub setAuthSessionInfo {
my $self = shift;
# TODO
PE_OK;
}
## @apmethod int authenticate()
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub authenticate {
PE_OK;
}
1;
__END__
=head1 NAME
=encoding utf8
2010-02-27 23:37:59 +01:00
Lemonldap::NG::Portal::AuthOpenID - Perl extension for building Lemonldap::NG
2010-02-21 15:00:53 +01:00
compatible portals with OpenID authentication.
=head1 SYNOPSIS
use Lemonldap::NG::Portal::SharedConf;
my $portal = new Lemonldap::NG::Portal::Simple(
configStorage => {...}, # See Lemonldap::NG::Portal
authentication => 'OpenID',
);
if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
print "...";
}
else {
# If the user enters here, IT MEANS THAT CAS REDIRECTION DOES NOT WORK
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
print "<html><body><h1>Unable to work</h1>";
print "This server isn't well configured. Contact your administrator.";
print "</body></html>";
}
=head1 DESCRIPTION
This library just overload few methods of Lemonldap::NG::Portal::Simple to use
OpenID authentication mechanism.
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
=head1 SEE ALSO
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>,
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
=head1 AUTHOR
Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>,
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
2010-02-21 21:17:13 +01:00
Copyright (C) 2010 Xavier Guimard E<lt>x.guimard@free.frE<gt>
2010-02-21 15:00:53 +01:00
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
=cut