2010-02-21 15:00:53 +01:00
|
|
|
##@file
|
|
|
|
# OpenID authentication backend file
|
|
|
|
|
|
|
|
##@class
|
2010-02-21 15:47:16 +01:00
|
|
|
# OpenID authentication backend class.
|
|
|
|
# The form must return a openIdUrl field
|
2010-02-21 15:00:53 +01:00
|
|
|
package Lemonldap::NG::Portal::AuthOpenID;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
|
|
|
use Net::OpenID::Consumer;
|
|
|
|
use LWP::UserAgent;
|
2010-06-04 10:35:53 +02:00
|
|
|
use Cache::FileCache;
|
2010-02-21 15:00:53 +01:00
|
|
|
|
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
|
|
## @apmethod int authInit()
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authInit {
|
|
|
|
my $self = shift;
|
2010-02-27 15:10:23 +01:00
|
|
|
unless ( $self->{openIdSecret} ) {
|
|
|
|
$self->abort( 'Bad configuration', 'openIdSecret field is required' );
|
|
|
|
}
|
2010-02-21 15:00:53 +01:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int extractFormInfo()
|
|
|
|
# Read username return by OpenID authentication system.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub extractFormInfo {
|
|
|
|
my $self = shift;
|
2010-02-27 15:10:23 +01:00
|
|
|
|
|
|
|
$self->{csr} = Net::OpenID::Consumer->new(
|
|
|
|
ua => LWP::UserAgent->new,
|
|
|
|
cache => Cache::FileCache->new,
|
|
|
|
args => $self,
|
|
|
|
consumer_secret => $self->{openIdSecret},
|
|
|
|
required_root => $self->{portal},
|
|
|
|
);
|
|
|
|
|
2010-02-21 15:00:53 +01:00
|
|
|
my ( $url, $openid );
|
|
|
|
|
|
|
|
# 1. If no openid element has been detected
|
2010-02-27 15:10:23 +01:00
|
|
|
$openid = $self->param('openid');
|
2010-02-21 15:00:53 +01:00
|
|
|
return PE_FIRSTACCESS
|
2010-02-27 15:10:23 +01:00
|
|
|
unless ( $url = $self->param('openIdUrl') or $openid );
|
2010-02-21 15:00:53 +01:00
|
|
|
|
|
|
|
# 2. Check OpenID responses
|
|
|
|
if ($openid) {
|
|
|
|
my $csr = $self->{csr};
|
|
|
|
|
|
|
|
# Remote error
|
|
|
|
unless ( $csr->is_server_response() ) {
|
|
|
|
$self->{msg} = 'No OpenID valid message found' . $csr->err();
|
|
|
|
$self->lmLog( $self->{msg}, 'debug' );
|
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
|
|
|
|
2010-02-21 15:47:16 +01:00
|
|
|
# If confirmation is needed
|
2010-02-21 15:00:53 +01:00
|
|
|
if ( my $setup_url = $csr->user_setup_url ) {
|
2010-02-27 15:10:23 +01:00
|
|
|
$self->lmLog( 'OpenID confirmation needed', 'debug' );
|
2010-02-21 15:47:16 +01:00
|
|
|
print $self->redirect($setup_url);
|
|
|
|
$self->quit();
|
2010-02-21 15:00:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Check if user has refused to share his authentication
|
|
|
|
elsif ( $csr->user_cancel() ) {
|
|
|
|
$self->{msg} = "OpenID request cancelled by user";
|
|
|
|
$self->lmLog( $self->{msg}, 'debug' );
|
|
|
|
return PE_FIRSTACCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
# TODO: check verified identity
|
2010-02-27 15:10:23 +01:00
|
|
|
elsif ( $self->{vident} = $csr->verified_identity ) {
|
|
|
|
$self->{user} = $self->{vident}->url();
|
|
|
|
$self->lmLog( "OpenID good authentication for $self->{user}",
|
|
|
|
'debug' );
|
|
|
|
$self->{mustRedirect} = 1;
|
2010-02-21 15:00:53 +01:00
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Other errors
|
|
|
|
else {
|
2010-02-27 15:10:23 +01:00
|
|
|
$self->{msg} = 'OpenID error: ' . $csr->err;
|
2010-02-21 15:47:16 +01:00
|
|
|
$self->lmLog( $self->{msg}, 'debug' );
|
|
|
|
return PE_ERROR;
|
2010-02-21 15:00:53 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# 3. Check if an OpenID url has been submitted
|
|
|
|
else {
|
|
|
|
my $claimed_identity = $self->{csr}->claimed_identity($url);
|
|
|
|
|
|
|
|
# Check if url is valid
|
|
|
|
unless ($claimed_identity) {
|
|
|
|
$self->{msg} = "OpenID error : " . $self->{csr}->err();
|
|
|
|
$self->lmLog( $self->{msg}, 'debug' );
|
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Redirect user
|
|
|
|
$self->lmLog( "OpenID redirection to $url", 'debug' );
|
2010-02-21 15:47:16 +01:00
|
|
|
|
|
|
|
# TODO: insert url=...
|
2010-02-21 15:00:53 +01:00
|
|
|
my $check_url = $claimed_identity->check_url(
|
2010-06-14 08:19:34 +02:00
|
|
|
return_to => $self->{portal} . '?openid=1',
|
|
|
|
trust_root => $self->{portal},
|
|
|
|
delayed_return => 1,
|
2010-02-21 15:00:53 +01:00
|
|
|
);
|
2010-02-21 15:47:16 +01:00
|
|
|
print $self->redirect($check_url);
|
|
|
|
$self->quit();
|
2010-02-21 15:00:53 +01:00
|
|
|
}
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int setAuthSessionInfo()
|
2010-04-14 17:37:57 +02:00
|
|
|
# Set _user and authenticationLevel.
|
2010-02-21 15:00:53 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub setAuthSessionInfo {
|
|
|
|
my $self = shift;
|
|
|
|
|
2010-03-15 10:53:56 +01:00
|
|
|
$self->{sessionInfo}->{'_user'} = $self->{user};
|
2010-02-21 15:00:53 +01:00
|
|
|
|
2010-04-14 17:37:57 +02:00
|
|
|
# authenticationLevel 4 for external authentication
|
|
|
|
$self->{sessionInfo}->{authenticationLevel} = 4;
|
|
|
|
|
2010-02-21 15:00:53 +01:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int authenticate()
|
|
|
|
# Does nothing.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authenticate {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
2010-02-27 23:37:59 +01:00
|
|
|
Lemonldap::NG::Portal::AuthOpenID - Perl extension for building Lemonldap::NG
|
2010-02-21 15:00:53 +01:00
|
|
|
compatible portals with OpenID authentication.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::SharedConf;
|
|
|
|
my $portal = new Lemonldap::NG::Portal::Simple(
|
|
|
|
configStorage => {...}, # See Lemonldap::NG::Portal
|
|
|
|
authentication => 'OpenID',
|
|
|
|
);
|
|
|
|
|
|
|
|
if($portal->process()) {
|
|
|
|
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
|
|
|
# the user was not redirected here.
|
|
|
|
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
|
|
|
|
print "...";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
# If the user enters here, IT MEANS THAT CAS REDIRECTION DOES NOT WORK
|
|
|
|
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
|
|
|
|
print "<html><body><h1>Unable to work</h1>";
|
|
|
|
print "This server isn't well configured. Contact your administrator.";
|
|
|
|
print "</body></html>";
|
|
|
|
}
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This library just overload few methods of Lemonldap::NG::Portal::Simple to use
|
|
|
|
OpenID authentication mechanism.
|
|
|
|
|
|
|
|
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>,
|
|
|
|
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
|
|
|
Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>,
|
|
|
|
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://forge.objectweb.org/tracker/?group_id=274>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2010-02-21 21:17:13 +01:00
|
|
|
Copyright (C) 2010 Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
2010-02-21 15:00:53 +01:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
|
|
|
at your option, any later version of Perl 5 you may have available.
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
|