'OWWLogin',
'version' => '2007/05/14',
'author' => 'Austin Che',
'url' => 'http://openwetware.org/wiki/User:Austin/Extensions/OWWLogin',
'description' => 'Allow subwikis to log in to OpenWetWare via OpenID',
);
$wgHooks['SpecialPage_initList'][] = 'wfOWWLoginSpecialPages';
require_once("Auth/OpenID/FileStore.php");
if ($wgOpenWetWare)
{
require_once("OpenID/Server.php");
$wgOpenIDServerForceAllowTrust = array("/.*\.openwetware\.org/");
// OpenIDServerCheck() calls OpenIDGetUserURL in Consumer.php to check if user is openid user
// but we don't allow openid users on the master wiki
// have to define here instead of using the version in Consumer.php as that accesses the user_openid table which we don't have
function OpenIDGetUserURL($user) { return null; }
}
else
{
require_once("OpenID/Consumer.php");
$wgOpenIDConsumerDenyByDefault = true; // don't allow people to login except from places we explicitly allow
$wgOpenIDConsumerAllow = array("/openwetware\.org/");
}
// not sure if different wikis can share the same location for the following
// the consumer and server path definitely have to be different
// once get memcached up, the following can be removed
$wgOpenIDConsumerStoreType = 'file';
$wgOpenIDConsumerStorePath = "/tmp/openid/consumer";
$wgOpenIDServerStoreType = 'file';
$wgOpenIDServerStorePath = "/tmp/openid/server";
function getOWWUserPage($user)
{
$t = Title::newFromText($user, NS_USER);
return "http://openwetware.org/wiki/User:" . $t->getPartialURL();
}
function wfExtensionSpecialOWWLogin()
{
global $wgMessageCache, $wgOut, $wgRequest, $wgOpenWetWare;
$wgMessageCache->addMessages(array('owwadmin' => 'Administer Accounts',
'owwpermissiondenied' => 'You are not allowed to login to this wiki.'));
// from OpenID.php
$wgMessageCache->addMessages(array('openidlogin' => 'Login with OpenID',
'openidfinish' => 'Finish OpenID login',
'openidserver' => 'OpenID server',
'openidconvert' => 'OpenID converter',
'openidlogininstructions' => 'Enter your OpenID identifier to log in:',
'openiderror' => 'Verification error',
'openiderrortext' => 'An error occured during verification of the OpenID URL.',
'openidconfigerror' => 'OpenID Configuration Error',
'openidconfigerrortext' => 'The OpenID storage configuration for this wiki is invalid. Please consult this site\'s administrator.',
'openidpermission' => 'OpenID permissions error',
'openidpermissiontext' => 'The OpenID you provided is not allowed to login to this server.',
'openidcancel' => 'Verification cancelled',
'openidcanceltext' => 'Verification of the OpenID URL was cancelled.',
'openidfailure' => 'Verification failed',
'openidfailuretext' => 'Verification of the OpenID URL failed.',
'openidsuccess' => 'Verification succeeded',
'openidsuccesstext' => 'Verification of the OpenID URL succeeded.',
'openidserverlogininstructions' => 'Enter your password below to log in to $3 as user $2 (user page $1).',
'openidtrustinstructions' => 'Check if you want to share data with $1.',
'openidallowtrust' => 'Allow $1 to trust this user account.',
'openidnopolicy' => 'Site has not specified a privacy policy.',
'openidpolicy' => 'Check the privacy policy for more information.',
'openidoptional' => 'Optional',
'openidrequired' => 'Required',
'openidnickname' => 'Nickname',
'openidfullname' => 'Fullname',
'openidemail' => 'Email address',
'openidlanguage' => 'Language',
));
$action = $wgRequest->getText('action', 'view');
if ($action == 'view') {
$title = $wgRequest->getText('title');
if (!isset($title) || strlen($title) == 0) {
// If there's no title, and Cache404 is in use, check using its stuff
if (defined('CACHE404_VERSION')) {
if ($_SERVER['REDIRECT_STATUS'] == 404) {
$url = getRedirectUrl($_SERVER);
if (isset($url)) {
$title = cacheUrlToTitle($url);
}
}
} else {
$title = wfMsg('mainpage');
}
}
$nt = Title::newFromText($title);
// If the page being viewed is a user page,
// generate the openid.server META tag and output
// the X-XRDS-Location. See the OpenIDXRDS
// special page for the XRDS output / generation
// logic.
if ($nt &&
($nt->getNamespace() == NS_USER) &&
strpos($nt->getText(), '/') === false)
{
$user = User::newFromName($nt->getText());
if ($user && $user->isLoggedIn())
{
if ($wgOpenWetWare)
{
$wgOut->addLink(array('rel' => 'openid.server',
'href' => OpenIDServerUrl()));
$rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName());
$wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL());
header('X-XRDS-Location', $rt->getFullURL());
}
else
{
$url = getOWWUserPage($user->getName());
$wgOut->setSubtitle("" .
" " .
"$url" .
"");
}
}
}
}
}
function wfOWWLoginSpecialPages(&$list)
{
global $wgOpenWetWare;
if ($wgOpenWetWare)
{
// Defined in OpenID extension
// server
$list['OpenIDServer'] = array('UnlistedSpecialPage', 'OpenIDServer');
$list['OpenIDXRDS'] = array('UnlistedSpecialPage', 'OpenIDXRDS');
}
else
{
$list['OWWadmin'] = array('SpecialPage', 'OWWadmin', 'createaccount');
$list['Userlogin'] = array('SpecialPage', 'Userlogin', '', true, 'wfSpecialOWWLogin');
$list['OWWFinish'] = array('UnlistedSpecialPage', 'OWWFinish');
}
return true;
}
function wfSpecialOWWFinish($par)
{
// mostly copied from wfSpecialOpenIDFinish but with the create account code removed
// as we don't want people to be able to arbitrarily create accounts
global $wgUser, $wgOut, $wgRequest, $wgOWWAllowAllUsers;
if ($wgUser->isLoggedIn())
{
OpenIDAlreadyLoggedIn();
if ($wgUser->isAllowed('createaccount') && !$wgOWWAllowAllUsers)
$wgOut->addHTML("
To create an account, go to Special:OWWadmin"); return; } $consumer = OpenIDConsumer(); $response = $consumer->complete($_GET); if (!isset($response)) { $wgOut->errorpage('openiderror', 'openiderrortext'); return; } switch ($response->status) { case Auth_OpenID_CANCEL: // This means the authentication was cancelled. $wgOut->errorpage('openidcancel', 'openidcanceltext'); break; case Auth_OpenID_FAILURE: $wgOut->errorpage('openidfailure', 'openidfailuretext'); break; case Auth_OpenID_SUCCESS: // This means the authentication succeeded. $openid = $response->identity_url; $sreg = $response->extensionResponse('sreg'); if (!isset($openid) || !isset($sreg['nickname'])) { $wgOut->errorpage('openiderror', 'openiderrortext'); return; } $user = User::newFromName($sreg['nickname']); $userid = $user->getID(); if (!$userid && $wgOWWAllowAllUsers) { $user->addToDatabase(); $userid = User::idFromName($sreg['nickname']); } if ($userid) { OpenIDUpdateUser($user, $sreg); $wgUser = $user; $wgUser->setOption('rememberpassword', 1); // *** hack to always save login credentials $wgUser->saveSettings(); OpenIDFinishLogin($openid); } else { $wgOut->errorpage('openiderror', 'owwpermissiondenied'); } } } function wfSpecialOWWadmin($par) { global $wgRequest, $wgUser, $wgOut; $wgOut->setPagetitle("Local Wiki Access"); $username = $wgRequest->getText('username'); if (isset($username) && strlen($username) > 0) { $username = ucfirst($username); $userid = User::idFromName($username); if ($wgRequest->getBool('add')) { if ($userid) $wgOut->addWikiText("User [[User:$username|$username]] already has access!"); else { // add new user to database $user = User::newFromName($username); $user->addToDatabase(); if (!$user->getID()) $wgOut->addHTML("Error adding user $username!"); else $wgOut->addWikiText("User [[User:$username|$username]] added."); } } else if ($wgRequest->getBool('remove')) { if ($wgUser->getName() == $username) $wgOut->addHTML("You cannot remove access for yourself!"); else if (!$userid) $wgOut->addHTML("User $username does not have access!"); else { // remove user from database $dbw =& wfGetDB( DB_MASTER ); $dbw->delete('user', array('user_name' => $username)); $wgOut->addWikiText("User [[User:$username|$username]] removed."); } } else $wgOut->addHTML("
Not sure what to do with $username!"); } // display form $sk = $wgUser->getSkin(); $wgOut->addHTML("
Enter an OpenWetWare user name to permit or deny access to this wiki:
" . '' . "See all users at Special:Listusers"); } function wfSpecialOWWLogin($par) { global $wgRequest, $wgUser, $wgOut; if ($wgUser->isLoggedIn()) { OpenIDAlreadyLoggedIn(); if ($wgUser->isAllowed('createaccount')) $wgOut->addHTML("
To create an account, go to Special:OWWadmin"); return; } $username = User::getCanonicalName($wgRequest->getText('wpName')); if ($username && strlen($username) > 0) { OpenIDLogin(getOWWUserPage($username), "OWWFinish"); } else { global $wgCookiePrefix; $username = $_COOKIE[$wgCookiePrefix.'UserName'] ? $_COOKIE[$wgCookiePrefix.'UserName'] : $_COOKIE['owwdbUserName']; $sk = $wgUser->getSkin(); $ok = wfMsg('login'); $wgOut->setPagetitle("OpenWetWare Login"); $wgOut->addHTML("Enter your OpenWetWare user name to log in:
" . '' .
'Note: You cannot be currently logged in to OpenWetWare as a different user.
You need to be either not logged in or logged in as the above user.');
}
}
// from OpenID.php
function getOpenIDStore($storeType, $prefix, $options)
{
global $wgOut;
switch ($storeType) {
case 'memcached':
case 'memc':
require_once("OpenID/MemcStore.php");
return new OpenID_MemcStore($prefix);
case 'file':
return new Auth_OpenID_FileStore($options['path']);
default:
$wgOut->errorPage('openidconfigerror', 'openidconfigerrortext');
}
}
?>