From 4ac25942dee332b3227501e50525101a5f85fc6b Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Fri, 24 Jun 2011 22:07:26 +0200 Subject: [PATCH] you can now use your owncloud url as openid provider --- apps/user_openid/appinfo/app.php | 4 +++ apps/user_openid/phpmyid.php | 50 ++++++++++++++++++++------------ apps/user_openid/user.php | 11 ++++++- 3 files changed, 45 insertions(+), 20 deletions(-) diff --git a/apps/user_openid/appinfo/app.php b/apps/user_openid/appinfo/app.php index 2e238ed3f2..d6eacfc0a3 100644 --- a/apps/user_openid/appinfo/app.php +++ b/apps/user_openid/appinfo/app.php @@ -5,6 +5,10 @@ if (!in_array ('curl', get_loaded_extensions())){ return; } +$urlBase=((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST']; +OC_UTIL::addHeader('link',array('rel'=>'openid.server', 'href'=>$urlBase.OC_HELPER::linkTo( "user_openid", "user.php" ).'/')); +OC_UTIL::addHeader('link',array('rel'=>'openid.delegate', 'href'=>$urlBase.OC_HELPER::linkTo( "user_openid", "user.php" ).'/')); + require_once 'apps/user_openid/user_openid.php'; OC_APP::addSettingsPage( array( "id" => "user_openid_settings", 'order'=>1, "href" => OC_HELPER::linkTo( "user_openid", "settings.php" ), "name" => "OpenID")); diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index 69cd711162..7991b87c6d 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -198,16 +198,18 @@ function associate_mode () { function authorize_mode () { global $profile; global $USERNAME; + global $IDENTITY; // this is a user session // the user needs refresh urls in their session to access this mode if (! isset($_SESSION['post_auth_url']) || ! isset($_SESSION['cancel_auth_url'])) error_500('You may not access this mode directly.'); - + + $profile['idp_url']=$IDENTITY; if (isset($_SERVER['PHP_AUTH_USER']) && $profile['authorized'] === false && $_SERVER['PHP_AUTH_USER']==$USERNAME) { if (OC_USER::checkPassword($USERNAME, $_SERVER['PHP_AUTH_PW'])) {// successful login! - + error_log('success'); // return to the refresh url if they get in $_SESSION['openid_auth']=true; $_SESSION['openid_user']=$USERNAME; @@ -367,7 +369,7 @@ function checkid ( $wait ) { } // transfer the user to the url accept mode if they're paranoid - if ($wait == 1 && isset($profile['paranoid']) && $profile['paranoid'] === true && (! session_is_registered('accepted_url') || $_SESSION['accepted_url'] != $trust_root)) { + if ($wait == 1 && isset($profile['paranoid']) && $profile['paranoid'] === true && (! isset($_SESSION['accepted_url']) || $_SESSION['accepted_url'] != $trust_root)) { $_SESSION['cancel_accept_url'] = $cancel_url; $_SESSION['post_accept_url'] = $profile['req_url']; $_SESSION['unaccepted_url'] = $trust_root; @@ -381,11 +383,11 @@ function checkid ( $wait ) { } // make sure i am this identifier - if ($identity != $profile['idp_url']) { - debug("Invalid identity: $identity"); - debug("IdP URL: " . $profile['idp_url']); - error_get($return_to, "Invalid identity: '$identity'"); - } +// if ($identity != $profile['idp_url']) { +// debug("Invalid identity: $identity"); +// debug("IdP URL: " . $profile['idp_url']); +// error_get($return_to, "Invalid identity: '$identity'"); +// } // begin setting up return keys $keys = array( @@ -393,9 +395,9 @@ function checkid ( $wait ) { ); // if the user is not logged in, transfer to the authorization mode - if ($_SESSION['openid_auth'] === false || $USERNAME != $_SESSION['openid_user']) { + if ($USERNAME=='' || $_SESSION['openid_auth'] === false || $USERNAME != $_SESSION['openid_user']) { // users can only be logged in to one url at a time - $_SESSION['auth_username'] = null; + $_SESSION['openid_user'] = null; $_SESSION['auth_url'] = null; if ($wait) { @@ -562,6 +564,9 @@ function logout_mode () { function no_mode () { global $USERNAME, $profile; $tmpl = new OC_TEMPLATE( 'user_openid', 'nomode', 'guest' ); + if(substr($profile['req_url'],-1,1)!=='/'){//the identity should always end with a / + $profile['req_url'].='/'; + } $tmpl->addHeader('link',array('rel'=>'openid.server', 'href'=>$profile['req_url'])); $tmpl->addHeader('link',array('rel'=>'openid.delegate', 'href'=>$profile['idp_url'])); $tmpl->assign('user',$USERNAME); @@ -1267,11 +1272,11 @@ function secret ( $handle ) { session_start(); debug('Started session to acquire key: ' . session_id()); - $secret = session_is_registered('shared_secret') + $secret = isset($_SESSION['shared_secret']) ? base64_decode($_SESSION['shared_secret']) : false; - $expiration = session_is_registered('expiration') + $expiration = isset($_SESSION['expiration']) ? $_SESSION['expiration'] : null; @@ -1632,22 +1637,29 @@ $GLOBALS['proto'] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'h // Set the authorization state - DO NOT OVERRIDE $profile['authorized'] = false; +global $IDENTITY; +global $USERNAME; + // Set a default IDP URL if (! array_key_exists('idp_url', $profile)) - $profile['idp_url'] = sprintf("%s://%s%s%s", - $proto, - $_SERVER['SERVER_NAME'], - $port, - $_SERVER['PHP_SELF']); + $profile['idp_url'] = $IDENTITY; -// Determine the requested URL - DO NOT OVERRIDE +//Determine the requested URL - DO NOT OVERRIDE $profile['req_url'] = sprintf("%s://%s%s", $proto, $_SERVER['HTTP_HOST'], // $port,//host already includes the path $_SERVER["REQUEST_URI"]); -error_log($profile['req_url']); +$fullId=urlencode('.php/'.$USERNAME); +$incompleteId=urlencode('.php/'); + +if(!strpos($profile['req_url'],$fullId)){ + $profile['req_url']=str_replace($incompleteId,$fullId,$profile['req_url']); +} + +error_log('inc id: '.$fullId); +error_log('req url: '.$profile['req_url']); // Set the default allowance for testing if (! array_key_exists('allow_test', $profile)) diff --git a/apps/user_openid/user.php b/apps/user_openid/user.php index 2199e5f9e5..52af9ba3a5 100644 --- a/apps/user_openid/user.php +++ b/apps/user_openid/user.php @@ -22,15 +22,24 @@ */ $USERNAME=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],'.php/')+5); -if(strpos($USERNAME,'?')){ +if(strpos($USERNAME,'?')!==false){ $USERNAME=substr($USERNAME,0,strpos($USERNAME,'?')); } + +if($USERNAME=='' and isset($_SERVER['PHP_AUTH_USER'])){ + $USERNAME=$_SERVER['PHP_AUTH_USER']; +} + +$RUNTIME_NOAPPS=true; +$RUNTIME_NOAPPS=false; require_once '../../lib/base.php'; if(!OC_USER::userExists($USERNAME)){ $USERNAME=''; } +global $WEBROOT; +$IDENTITY=((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$WEBROOT.'/apps/user_openid/user.php/'.$USERNAME; require_once 'phpmyid.php';