'OWWLogin',
'version' => '2007/05/14',
'author' => 'Austin Che',
'url' => 'http://openwetware.org/wiki/User:Austin/Extensions/OWWLogin',
'description' => 'Allow subwikis to log in to OpenWetWare via OpenID',
);
$wgHooks['SpecialPage_initList'][] = 'wfOWWLoginSpecialPages';
require_once("Auth/OpenID/FileStore.php");
if ($wgOpenWetWare)
{
require_once("OpenID/Server.php");
$wgOpenIDServerForceAllowTrust = array("/.*\.openwetware\.org/");
// OpenIDServerCheck() calls OpenIDGetUserURL in Consumer.php to check if user is openid user
// but we don't allow openid users on the master wiki
// have to define here instead of using the version in Consumer.php as that accesses the user_openid table which we don't have
function OpenIDGetUserURL($user) { return null; }
}
else
{
require_once("OpenID/Consumer.php");
$wgOpenIDConsumerDenyByDefault = true; // don't allow people to login except from places we explicitly allow
$wgOpenIDConsumerAllow = array("/openwetware\.org/");
}
// not sure if different wikis can share the same location for the following
// the consumer and server path definitely have to be different
// once get memcached up, the following can be removed
$wgOpenIDConsumerStoreType = 'file';
$wgOpenIDConsumerStorePath = "/tmp/openid/consumer";
$wgOpenIDServerStoreType = 'file';
$wgOpenIDServerStorePath = "/tmp/openid/server";
function getOWWUserPage($user)
{
$t = Title::newFromText($user, NS_USER);
return "http://openwetware.org/wiki/User:" . $t->getPartialURL();
}
function wfExtensionSpecialOWWLogin()
{
global $wgMessageCache, $wgOut, $wgRequest, $wgOpenWetWare;
$wgMessageCache->addMessages(array('owwadmin' => 'Administer Accounts',
'owwpermissiondenied' => 'You are not allowed to login to this wiki.'));
// from OpenID.php
$wgMessageCache->addMessages(array('openidlogin' => 'Login with OpenID',
'openidfinish' => 'Finish OpenID login',
'openidserver' => 'OpenID server',
'openidconvert' => 'OpenID converter',
'openidlogininstructions' => 'Enter your OpenID identifier to log in:',
'openiderror' => 'Verification error',
'openiderrortext' => 'An error occured during verification of the OpenID URL.',
'openidconfigerror' => 'OpenID Configuration Error',
'openidconfigerrortext' => 'The OpenID storage configuration for this wiki is invalid. Please consult this site\'s administrator.',
'openidpermission' => 'OpenID permissions error',
'openidpermissiontext' => 'The OpenID you provided is not allowed to login to this server.',
'openidcancel' => 'Verification cancelled',
'openidcanceltext' => 'Verification of the OpenID URL was cancelled.',
'openidfailure' => 'Verification failed',
'openidfailuretext' => 'Verification of the OpenID URL failed.',
'openidsuccess' => 'Verification succeeded',
'openidsuccesstext' => 'Verification of the OpenID URL succeeded.',
'openidserverlogininstructions' => 'Enter your password below to log in to $3 as user $2 (user page $1).',
'openidtrustinstructions' => 'Check if you want to share data with $1.',
'openidallowtrust' => 'Allow $1 to trust this user account.',
'openidnopolicy' => 'Site has not specified a privacy policy.',
'openidpolicy' => 'Check the privacy policy for more information.',
'openidoptional' => 'Optional',
'openidrequired' => 'Required',
'openidnickname' => 'Nickname',
'openidfullname' => 'Fullname',
'openidemail' => 'Email address',
'openidlanguage' => 'Language',
));
$action = $wgRequest->getText('action', 'view');
if ($action == 'view') {
$title = $wgRequest->getText('title');
if (!isset($title) || strlen($title) == 0) {
// If there's no title, and Cache404 is in use, check using its stuff
if (defined('CACHE404_VERSION')) {
if ($_SERVER['REDIRECT_STATUS'] == 404) {
$url = getRedirectUrl($_SERVER);
if (isset($url)) {
$title = cacheUrlToTitle($url);
}
}
} else {
$title = wfMsg('mainpage');
}
}
$nt = Title::newFromText($title);
// If the page being viewed is a user page,
// generate the openid.server META tag and output
// the X-XRDS-Location. See the OpenIDXRDS
// special page for the XRDS output / generation
// logic.
if ($nt &&
($nt->getNamespace() == NS_USER) &&
strpos($nt->getText(), '/') === false)
{
$user = User::newFromName($nt->getText());
if ($user && $user->isLoggedIn())
{
if ($wgOpenWetWare)
{
$wgOut->addLink(array('rel' => 'openid.server',
'href' => OpenIDServerUrl()));
$rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName());
$wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL());
header('X-XRDS-Location', $rt->getFullURL());
}
else
{
$url = getOWWUserPage($user->getName());
$wgOut->setSubtitle("" .
"
" .
"$url" .
"");
}
}
}
}
}
function wfOWWLoginSpecialPages(&$list)
{
global $wgOpenWetWare;
if ($wgOpenWetWare)
{
// Defined in OpenID extension
// server
$list['OpenIDServer'] = array('UnlistedSpecialPage', 'OpenIDServer');
$list['OpenIDXRDS'] = array('UnlistedSpecialPage', 'OpenIDXRDS');
}
else
{
$list['OWWadmin'] = array('SpecialPage', 'OWWadmin', 'createaccount');
$list['Userlogin'] = array('SpecialPage', 'Userlogin', '', true, 'wfSpecialOWWLogin');
$list['OWWFinish'] = array('UnlistedSpecialPage', 'OWWFinish');
}
return true;
}
function wfSpecialOWWFinish($par)
{
// mostly copied from wfSpecialOpenIDFinish but with the create account code removed
// as we don't want people to be able to arbitrarily create accounts
global $wgUser, $wgOut, $wgRequest, $wgOWWAllowAllUsers;
if ($wgUser->isLoggedIn())
{
OpenIDAlreadyLoggedIn();
if ($wgUser->isAllowed('createaccount') && !$wgOWWAllowAllUsers)
$wgOut->addHTML("To create an account, go to Special:OWWadmin");
return;
}
$consumer = OpenIDConsumer();
$response = $consumer->complete($_GET);
if (!isset($response))
{
$wgOut->errorpage('openiderror', 'openiderrortext');
return;
}
switch ($response->status)
{
case Auth_OpenID_CANCEL:
// This means the authentication was cancelled.
$wgOut->errorpage('openidcancel', 'openidcanceltext');
break;
case Auth_OpenID_FAILURE:
$wgOut->errorpage('openidfailure', 'openidfailuretext');
break;
case Auth_OpenID_SUCCESS:
// This means the authentication succeeded.
$openid = $response->identity_url;
$sreg = $response->extensionResponse('sreg');
if (!isset($openid) || !isset($sreg['nickname']))
{
$wgOut->errorpage('openiderror', 'openiderrortext');
return;
}
$user = User::newFromName($sreg['nickname']);
$userid = $user->getID();
if (!$userid && $wgOWWAllowAllUsers)
{
$user->addToDatabase();
$userid = User::idFromName($sreg['nickname']);
}
if ($userid)
{
OpenIDUpdateUser($user, $sreg);
$wgUser = $user;
$wgUser->setOption('rememberpassword', 1); // *** hack to always save login credentials
$wgUser->saveSettings();
OpenIDFinishLogin($openid);
}
else
{
$wgOut->errorpage('openiderror', 'owwpermissiondenied');
}
}
}
function wfSpecialOWWadmin($par)
{
global $wgRequest, $wgUser, $wgOut;
$wgOut->setPagetitle("Local Wiki Access");
$username = $wgRequest->getText('username');
if (isset($username) && strlen($username) > 0)
{
$username = ucfirst($username);
$userid = User::idFromName($username);
if ($wgRequest->getBool('add'))
{
if ($userid)
$wgOut->addWikiText("User [[User:$username|$username]] already has access!");
else
{
// add new user to database
$user = User::newFromName($username);
$user->addToDatabase();
if (!$user->getID())
$wgOut->addHTML("Error adding user $username!");
else
$wgOut->addWikiText("User [[User:$username|$username]] added.");
}
}
else if ($wgRequest->getBool('remove'))
{
if ($wgUser->getName() == $username)
$wgOut->addHTML("You cannot remove access for yourself!");
else if (!$userid)
$wgOut->addHTML("User $username does not have access!");
else
{
// remove user from database
$dbw =& wfGetDB( DB_MASTER );
$dbw->delete('user', array('user_name' => $username));
$wgOut->addWikiText("User [[User:$username|$username]] removed.");
}
}
else
$wgOut->addHTML("
Not sure what to do with $username!");
}
// display form
$sk = $wgUser->getSkin();
$wgOut->addHTML("
Enter an OpenWetWare user name to permit or deny access to this wiki:
" .
'' .
"See all users at Special:Listusers");
}
function wfSpecialOWWLogin($par)
{
global $wgRequest, $wgUser, $wgOut;
if ($wgUser->isLoggedIn())
{
OpenIDAlreadyLoggedIn();
if ($wgUser->isAllowed('createaccount'))
$wgOut->addHTML("
To create an account, go to Special:OWWadmin");
return;
}
$username = User::getCanonicalName($wgRequest->getText('wpName'));
if ($username && strlen($username) > 0)
{
OpenIDLogin(getOWWUserPage($username), "OWWFinish");
}
else
{
global $wgCookiePrefix;
$username = $_COOKIE[$wgCookiePrefix.'UserName'] ? $_COOKIE[$wgCookiePrefix.'UserName'] : $_COOKIE['owwdbUserName'];
$sk = $wgUser->getSkin();
$ok = wfMsg('login');
$wgOut->setPagetitle("OpenWetWare Login");
$wgOut->addHTML("Enter your OpenWetWare user name to log in:
" .
'' .
'Note: You cannot be currently logged in to OpenWetWare as a different user.
You need to be either not logged in or logged in as the above user.');
}
}
// from OpenID.php
function getOpenIDStore($storeType, $prefix, $options)
{
global $wgOut;
switch ($storeType) {
case 'memcached':
case 'memc':
require_once("OpenID/MemcStore.php");
return new OpenID_MemcStore($prefix);
case 'file':
return new Auth_OpenID_FileStore($options['path']);
default:
$wgOut->errorPage('openidconfigerror', 'openidconfigerrortext');
}
}
?>