From aa39949546e4b557f9919efe6af8634324fbb252 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Wed, 29 Sep 2010 06:42:48 +0000
Subject: [PATCH] OpenID SREG works !!!

---
 .../lib/Lemonldap/NG/Portal/AuthOpenID.pm     |  2 +-
 .../lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm |  1 +
 .../lib/Lemonldap/NG/Portal/OpenID/SREG.pm    | 30 +++++++------------
 .../lib/Lemonldap/NG/Portal/UserDBOpenID.pm   |  6 ++--
 4 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
index 0d3e258ae..4a60e60d9 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm
@@ -134,7 +134,7 @@ sub extractFormInfo {
                   )
                 {
                     if   ( $v =~ s/^!// ) { push @r, $k }
-                    else          { push @o, $k }
+                    else                  { push @o, $k }
                 }
                 else {
                     $self->lmLog(
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm
index ffe318f1c..559cc2b53 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenID.pm
@@ -173,6 +173,7 @@ sub openIDServer {
         },
         extensions => {
             sreg => sub {
+                return ( 1, {} ) unless (@_);
                 require Lemonldap::NG::Portal::OpenID::SREG;
                 return $self->Lemonldap::NG::Portal::OpenID::SREG::sregHook(@_);
             },
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm
index 2b591720d..8c794337c 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm
@@ -17,7 +17,8 @@ sub sregHook {
     my ( $self, $u, $trust_root, $is_id, $is_trusted, $prm ) = splice @_;
     my ( @req, @opt );
 
-    return 0 unless (%$prm);
+    # Refuse federation if rejected by user
+    return 0 if ( $self->param('confirm') == -1 );
     return ( 0, $prm ) unless ($is_id);
 
     $self->lmLog( "SREG start", 'debug' );
@@ -86,9 +87,6 @@ sub sregHook {
     # Now set datas
     my ( %r, %msg, %ag );
 
-    print STDERR Dumper( $self->{_prm} );
-    use Data::Dumper;
-
     # Requested parameters: check if already agreed or confirm is set
     foreach my $k (@req) {
         my $agree = $self->{sessionInfo}->{"_openidTrust$trust_root\_$k"};
@@ -105,7 +103,6 @@ sub sregHook {
           $self->{sessionInfo}->{ $self->{"openIdSreg_$k"} } || '';
     }
 
-    # TODO: NOTHING WORKS HERE
     # Optional parameters:
     foreach my $k (@opt) {
         $self->{"openIdSreg_$k"} =~ s/^\$//;
@@ -120,23 +117,18 @@ sub sregHook {
             }
 
             # If confirmation is returned, check the value for this field
-            elsif ( $self->param('confirm') ) {
-                my $ck;
+            elsif ( $self->param('confirm') == 1 ) {
+                my $ck = 0;
                 if ( defined( $self->param("sreg_$k") ) ) {
-                    my $ck = ( $self->param("sreg_$k") == 'OK' );
+                    $ck = ( $self->param("sreg_$k") == 'OK' ) || 0;
                 }
-                    # Store the value returned
-                    if ( !defined($agree) or $agree != $ck ) {
-                        $self->{sessionInfo}->{"_openidTrust$trust_root\_$k"} =
-                          1;
-                        $self->updateSession(
-                            { "_openidTrust$trust_root\_$k" => $ck } );
-                        $agree = $ck;
-                    }
 
-                # This case happends only if user manipulates form datas
-                elsif ( not defined($agree) ) {
-                    $accepted = 0;
+                # Store the value returned
+                if ( !defined($agree) or $agree != $ck ) {
+                    $self->{sessionInfo}->{"_openidTrust$trust_root\_$k"} = 1;
+                    $self->updateSession(
+                        { "_openidTrust$trust_root\_$k" => $ck } );
+                    $agree = $ck;
                 }
             }
         }
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm
index 23d1352c9..9d594c22b 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenID.pm
@@ -66,13 +66,13 @@ sub setSessionInfo {
                 $self->lmLog(
 "Required parameter $attr is not provided by OpenID server, aborted",
                     'warn'
-              );
+                );
 
                 # TODO: create a PE_* for that
-            return PE_ERROR;
+                return PE_ERROR;
+            }
         }
     }
-    }
     else {
         $self->abort('Only hash reference are supported now in exportedVars');
     }