7c828ae5f8
To enable the admin panel: $config['admin']['panels'][] = 'openid'; Or to set them manually: $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/'; $config['openid']['required_team'] = 'my-project-cabal'; $config['site']['openidonly'] = true; OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility. Note: if it's set there, that value will override the setting from the database or config.php. Note that team restrictions are only really meaningful if a trusted provider is set; otherwise, any OpenID server could report back that users are members of the given team. Restrictions are checked only at OpenID authentication time and will not kick off people currently with a session open; existing remembered logins may also survive these changes. Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of WordPress teams integration plugin: https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
176 lines
4.8 KiB
PHP
176 lines
4.8 KiB
PHP
<?php
|
|
/*
|
|
* Wordpress Teams plugin
|
|
* Copyright (C) 2009-2010 Canonical Ltd.
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/**
|
|
* Provides an example OpenID extension to query user team/group membership
|
|
*
|
|
* This code is based on code supplied with the openid library for simple
|
|
* registration data.
|
|
*/
|
|
|
|
/**
|
|
* Require the Message implementation.
|
|
*/
|
|
require_once 'Auth/OpenID/Message.php';
|
|
require_once 'Auth/OpenID/Extension.php';
|
|
|
|
/**
|
|
* The team/group extension base class
|
|
*/
|
|
class Auth_OpenID_TeamsExtension extends Auth_OpenID_Extension {
|
|
var $ns_uri = 'http://ns.launchpad.net/2007/openid-teams';
|
|
var $ns_alias = 'lp';
|
|
var $request_field = 'query_membership';
|
|
var $response_field = 'is_member';
|
|
|
|
/**
|
|
* Get the string arguments that should be added to an OpenID
|
|
* message for this extension.
|
|
*/
|
|
function getExtensionArgs() {
|
|
$args = array();
|
|
|
|
if ($this->_teams) {
|
|
$args[$this->request_field] = implode(',', $this->_teams);
|
|
}
|
|
|
|
return $args;
|
|
}
|
|
|
|
/**
|
|
* Add the arguments from this extension to the provided message.
|
|
*
|
|
* Returns the message with the extension arguments added.
|
|
*/
|
|
function toMessage(&$message) {
|
|
if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) {
|
|
if ($message->namespaces->getAlias($this->ns_uri) != $this->ns_alias) {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
$message->updateArgs($this->ns_uri, $this->getExtensionArgs());
|
|
return $message;
|
|
}
|
|
|
|
/**
|
|
* Extract the team/group namespace URI from the given OpenID message.
|
|
* Handles OpenID 1 and 2.
|
|
*
|
|
* $message: The OpenID message from which to parse team/group data.
|
|
* This may be a request or response message.
|
|
*
|
|
* Returns the sreg namespace URI for the supplied message.
|
|
*
|
|
* @access private
|
|
*/
|
|
function _getExtensionNS(&$message) {
|
|
$alias = null;
|
|
$found_ns_uri = null;
|
|
|
|
// See if there exists an alias for the namespace
|
|
$alias = $message->namespaces->getAlias($this->ns_uri);
|
|
|
|
if ($alias !== null) {
|
|
$found_ns_uri = $this->ns_uri;
|
|
}
|
|
|
|
if ($alias === null) {
|
|
// There is no alias for this extension, so try to add one.
|
|
$found_ns_uri = Auth_OpenID_TYPE_1_0;
|
|
|
|
if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) {
|
|
// An alias for the string 'lp' already exists, but
|
|
// it's defined for something other than team/group membership
|
|
return null;
|
|
}
|
|
}
|
|
|
|
return $found_ns_uri;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* The team/group extension request class
|
|
*/
|
|
class Auth_OpenID_TeamsRequest extends Auth_OpenID_TeamsExtension {
|
|
function __init($teams) {
|
|
if (!is_array($teams)) {
|
|
if (!empty($teams)) {
|
|
$teams = explode(',', $teams);
|
|
} else {
|
|
$teams = Array();
|
|
}
|
|
}
|
|
|
|
$this->_teams = $teams;
|
|
}
|
|
|
|
function Auth_OpenID_TeamsRequest($teams) {
|
|
$this->__init($teams);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* The team/group extension response class
|
|
*/
|
|
class Auth_OpenID_TeamsResponse extends Auth_OpenID_TeamsExtension {
|
|
var $_teams = array();
|
|
|
|
function __init(&$resp, $signed_only=true) {
|
|
$this->ns_uri = $this->_getExtensionNS($resp->message);
|
|
|
|
if ($signed_only) {
|
|
$args = $resp->getSignedNS($this->ns_uri);
|
|
} else {
|
|
$args = $resp->message->getArgs($this->ns_uri);
|
|
}
|
|
|
|
if ($args === null) {
|
|
return null;
|
|
}
|
|
|
|
// An OpenID 2.0 response will handle the namespaces
|
|
if (in_array($this->response_field, array_keys($args)) && !empty($args[$this->response_field])) {
|
|
$this->_teams = explode(',', $args[$this->response_field]);
|
|
}
|
|
|
|
// Piggybacking on a 1.x request, however, won't so the field name will
|
|
// be different
|
|
elseif (in_array($this->ns_alias.'.'.$this->response_field, array_keys($args)) && !empty($args[$this->ns_alias.'.'.$this->response_field])) {
|
|
$this->_teams = explode(',', $args[$this->ns_alias.'.'.$this->response_field]);
|
|
}
|
|
}
|
|
|
|
function Auth_OpenID_TeamsResponse(&$resp, $signed_only=true) {
|
|
$this->__init($resp, $signed_only);
|
|
}
|
|
|
|
/**
|
|
* Get the array of teams the user is a member of
|
|
*
|
|
* @return array
|
|
*/
|
|
function getTeams() {
|
|
return $this->_teams;
|
|
}
|
|
}
|
|
|
|
?>
|