OpenID authentication skeleton

2010-02-21 14:00:53 +00:00 · 2010-02-21 14:00:53 +00:00 · 6a2270b73d
parent 3eac5ce288
commit 6a2270b73d
6 changed files with 195 additions and 4 deletions
--- a/build/lemonldap-ng/Makefile
+++ b/build/lemonldap-ng/Makefile
@ -455,7 +455,7 @@ cpan:	clean configure common_cpan handler_cpan portal_cpan manager_cpan
 		$(UNCOMPRESS) Lemonldap-NG-$$i-*.$(COMPRESSSUFFIX) \
 			$$($(COMPRESS) tzf Lemonldap-NG-$$i-*.$(COMPRESSSUFFIX) |grep META.yml); \
 		mv Lemonldap-NG-$$i-*/META.yml lemonldap-ng-$$($(PERL) -e "print lc('$$i')")/; \
-		rmdir Lemonldap-NG-$$i*/; \
+		rm -rf Lemonldap-NG-$$i*/; \
 		done

 common_cpan:	common_conf
--- a/modules/lemonldap-ng-portal/MANIFEST
+++ b/modules/lemonldap-ng-portal/MANIFEST
@ -104,6 +104,7 @@ lib/Lemonldap/NG/Portal/AuthLA.pm
 lib/Lemonldap/NG/Portal/AuthLDAP.pm
 lib/Lemonldap/NG/Portal/AuthMulti.pm
 lib/Lemonldap/NG/Portal/AuthNull.pm
+lib/Lemonldap/NG/Portal/AuthOpenID.pm
 lib/Lemonldap/NG/Portal/AuthProxy.pm
 lib/Lemonldap/NG/Portal/AuthRemote.pm
 lib/Lemonldap/NG/Portal/AuthSAML.pm
--- a/modules/lemonldap-ng-portal/META.yml
+++ b/modules/lemonldap-ng-portal/META.yml
@ -33,3 +33,4 @@ meta-spec:
 recommends:
    Email::Date::Format:  0
    MIME::Lite:           0
+    Net::OpenID::Consumer:  0
--- a/modules/lemonldap-ng-portal/Makefile.PL
+++ b/modules/lemonldap-ng-portal/Makefile.PL
@ -8,8 +8,9 @@ WriteMakefile(
    LICENSE      => 'gpl',
    META_MERGE   => {
        'recommends' => {
-            'MIME::Lite'          => 0,
-            'Email::Date::Format' => 0,
+            'Email::Date::Format'   => 0,
+            'Net::OpenID::Consumer' => 0,
+            'MIME::Lite'            => 0,
        },
    },
    BUILD_REQUIRES => { 'IO::String' => 0, },
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm
@ -81,7 +81,7 @@ compatible portals with Apache authentication.
    print $portal->redirect( -uri => 'https://portal/menu');
  }
  else {
-    # If the user enters here, IT MEANS THAT CAS REDIRECTION DOES NOT WORK
+    # If the user enters here, IT MEANS THAT APACHE AUTHENTICATION DOES NOT WORK
    print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
    print "<html><body><h1>Unable to work</h1>";
    print "This server isn't well configured. Contact your administrator.";
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
@ -0,0 +1,188 @@
+##@file
+# OpenID authentication backend file
+
+##@class
+# OpenID authentication backend class
+package Lemonldap::NG::Portal::AuthOpenID;
+
+use strict;
+use Lemonldap::NG::Portal::Simple;
+use Net::OpenID::Consumer;
+use LWP::UserAgent;
+
+our $VERSION = '0.1';
+
+## @apmethod int authInit()
+# @return Lemonldap::NG::Portal constant
+sub authInit {
+    my $self = shift;
+    $self->{csr} = Net::OpenID::Consumer->new(
+        ua              => LWP::UserAgent->new,
+        cache           => Cache::FileCache->new,
+        args            => $self,
+        consumer_secret => $self->{openIdSecret},
+        required_root   => $self->{portal},
+    );
+    PE_OK;
+}
+
+## @apmethod int extractFormInfo()
+# Read username return by OpenID authentication system.
+# @return Lemonldap::NG::Portal constant
+sub extractFormInfo {
+    my $self = shift;
+    my ( $url, $openid );
+
+    # 1. If no openid element has been detected
+    return PE_FIRSTACCESS
+      unless ( $url = $self->param('openIdUrl')
+        or $openid = $self->param('openid') );
+
+    # 2. Check OpenID responses
+    if ($openid) {
+        my $csr = $self->{csr};
+
+        # Remote error
+        unless ( $csr->is_server_response() ) {
+            $self->{msg} = 'No OpenID valid message found' . $csr->err();
+            $self->lmLog( $self->{msg}, 'debug' );
+            return PE_BADCREDENTIALS;
+        }
+
+        # TODO
+        if ( my $setup_url = $csr->user_setup_url ) {
+            $self->abort( 'Not implemented',
+                'OpenID setup URL not yet implemented' );
+        }
+
+        # Check if user has refused to share his authentication
+        elsif ( $csr->user_cancel() ) {
+            $self->{msg} = "OpenID request cancelled by user";
+            $self->lmLog( $self->{msg}, 'debug' );
+            return PE_FIRSTACCESS;
+        }
+
+        # TODO: check verified identity
+        elsif ( $self->{_openiduser} = $csr->verified_identity ) {
+
+            # TODO : set $self->{user}
+            return PE_OK;
+        }
+
+        # Other errors
+        else {
+            $self->abort( 'OpenID error', $csr->err() );
+        }
+    }
+
+    # 3. Check if an OpenID url has been submitted
+    else {
+        my $claimed_identity = $self->{csr}->claimed_identity($url);
+
+        # Check if url is valid
+        unless ($claimed_identity) {
+            $self->{msg} = "OpenID error : " . $self->{csr}->err();
+            $self->lmLog( $self->{msg}, 'debug' );
+            return PE_BADCREDENTIALS;
+        }
+
+        # Redirect user
+        $self->lmLog( "OpenID redirection to $url", 'debug' );
+        my $check_url = $claimed_identity->check_url(
+            return_to  => $self->{portal} . '?openid=1',
+            trust_root => $self->{portal},
+        );
+    }
+    PE_OK;
+}
+
+## @apmethod int setAuthSessionInfo()
+# Store user.
+# @return Lemonldap::NG::Portal constant
+sub setAuthSessionInfo {
+    my $self = shift;
+
+    # TODO
+
+    PE_OK;
+}
+
+## @apmethod int authenticate()
+# Does nothing.
+# @return Lemonldap::NG::Portal constant
+sub authenticate {
+    PE_OK;
+}
+
+1;
+__END__
+
+=head1 NAME
+
+=encoding utf8
+
+Lemonldap::NG::Portal::OpenID - Perl extension for building Lemonldap::NG
+compatible portals with OpenID authentication.
+
+=head1 SYNOPSIS
+
+  use Lemonldap::NG::Portal::SharedConf;
+  my $portal = new Lemonldap::NG::Portal::Simple(
+         configStorage     => {...}, # See Lemonldap::NG::Portal
+         authentication    => 'OpenID',
+    );
+
+  if($portal->process()) {
+    # Write here the menu with CGI methods. This page is displayed ONLY IF
+    # the user was not redirected here.
+    print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
+    print "...";
+  }
+  else {
+    # If the user enters here, IT MEANS THAT CAS REDIRECTION DOES NOT WORK
+    print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
+    print "<html><body><h1>Unable to work</h1>";
+    print "This server isn't well configured. Contact your administrator.";
+    print "</body></html>";
+  }
+
+=head1 DESCRIPTION
+
+This library just overload few methods of Lemonldap::NG::Portal::Simple to use
+OpenID authentication mechanism.
+
+See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
+
+=head1 SEE ALSO
+
+L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>,
+http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
+
+=head1 AUTHOR
+
+Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>,
+Xavier Guimard, E<lt>x.guimard@free.frE<gt>
+
+=head1 BUG REPORT
+
+Use OW2 system to report bug or ask for features:
+L<http://forge.objectweb.org/tracker/?group_id=274>
+
+=head1 DOWNLOAD
+
+Lemonldap::NG is available at
+L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright (C) 2007 by Thomas Chemineau,
+E<lt>thomas.chemineau@linagora.comE<gt> and
+Xavier Guimard E<lt>x.guimard@free.frE<gt>
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself, either Perl version 5.8.4 or,
+at your option, any later version of Perl 5 you may have available.
+
+=cut
+
+