55b1c4b1729cfa0ef97bf704dd182340eff33ab7
[ikiwiki.git] / IkiWiki / Plugin / openid.pm
1 #!/usr/bin/perl
2 # OpenID support.
3 package IkiWiki::Plugin::openid;
4
5 use warnings;
6 use strict;
7 use IkiWiki;
8
9 sub import { #{{{
10         hook(type => "checkconfig", id => "smiley", call => \&checkconfig);
11         hook(type => "auth", id => "skeleton", call => \&auth);
12 } # }}}
13
14 sub checkconfig () { #{{{
15         # Currently part of the OpenID code is in CGI.pm, and is enabled by
16         # this setting.
17         # TODO: modularise it all out into this plugin..
18         $config{openid}=1;
19 } #}}}
20
21 sub auth ($$) { #{{{
22         my $q=shift;
23         my $session=shift;
24
25         if (defined $q->param('openid.mode')) {
26                 my $csr=getobj($q, $session);
27
28                 if (my $setup_url = $csr->user_setup_url) {
29                         IkiWiki::redirect($q, $setup_url);
30                 }
31                 elsif ($csr->user_cancel) {
32                         IkiWiki::redirect($q, $config{url});
33                 }
34                 elsif (my $vident = $csr->verified_identity) {
35                         $session->param(name => $vident->url);
36                 }
37         }
38 } #}}}
39
40 sub validate ($$$$) { #{{{
41         my $q=shift;
42         my $session=shift;
43         my $form=shift;
44         my $openid_url=shift;
45
46         my $csr=getobj($q, $session);
47
48         my $claimed_identity = $csr->claimed_identity($openid_url);
49         if (! $claimed_identity) {
50                 # Put the error in the form and fail validation.
51                 $form->field(name => "openid_url", comment => $csr->err);
52                 return 0;
53         }
54         my $check_url = $claimed_identity->check_url(
55                 return_to => IkiWiki::cgiurl(
56                         do => $form->field("do"),
57                         page => $form->field("page"),
58                         title => $form->field("title"),
59                         from => $form->field("from"),
60                         subpage => $form->field("subpage")
61                 ),
62                 trust_root => $config{cgiurl},
63                 delayed_return => 1,
64         );
65         # Redirect the user to the OpenID server, which will
66         # eventually bounce them back to auth() above.
67         IkiWiki::redirect($q, $check_url);
68         exit 0;
69 } #}}}
70
71 sub getobj ($$) { #{{{
72         my $q=shift;
73         my $session=shift;
74
75         eval q{use Net::OpenID::Consumer};
76         error($@) if $@;
77
78         my $ua;
79         eval q{use LWPx::ParanoidAgent};
80         if (! $@) {
81                 $ua=LWPx::ParanoidAgent->new;
82         }
83         else {
84                 $ua=LWP::UserAgent->new;
85         }
86
87         # Store the secret in the session.
88         my $secret=$session->param("openid_secret");
89         if (! defined $secret) {
90                 $secret=$session->param(openid_secret => time);
91         }
92
93         return Net::OpenID::Consumer->new(
94                 ua => $ua,
95                 args => $q,
96                 consumer_secret => $secret,
97                 required_root => $config{cgiurl},
98         );
99 } #}}}
100
101 1