root/trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/App.pm @ 529

package OpenID2Server::App;

use strict;

use Net::OpenID::Server;
use MT::Util qw( perl_sha1_digest_hex );
use Data::Dumper;

use constant IDENTIIFER_SELECT => 'http://specs.openid.net/auth/2.0/identifier_select';

sub llog {
    open my $fh, '>>', 'c:\\temp\\hoge\\hoge.txt';
    print $fh '"'.join('","', @_) . '"';
    close $fh;
}

sub openid_xrds {
    my $app = shift;
    my $plugin = $app->component('openid2-server');
    # return XRDS-YADIS document location
    if ( 'GET' eq $app->request_method ) {
        $app->response_content_type('application/xrds+xml');
        if ( 'openid_xrds' eq $app->mode ) {
            my $param = {
                openid2_endpoint => $app->base . $app->mt_uri('mode' => 'openid'),
                openid1_endpoint => $app->base . $app->mt_uri('mode' => 'openid'),
            };
            return $plugin->load_tmpl( 'xrds-server.tmpl', $param );
        }
        elsif ( 'openid_xrds_id' eq $app->mode ) {
            my $param = {
                openid2_endpoint =>
                    $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->param('id') }),
                openid1_endpoint =>
                    $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->param('id') }),
            };
            return $plugin->load_tmpl( 'xrds-signon.tmpl', $param );
        }
    }
    elsif ( 'HEAD' eq $app->request_method ) {
        $app->set_header( 'X-XRDS-Location' => $app->base . $app->mt_uri('mode' => $app->mode) );
        return q();
    }
    return $app->error($plugin->translate('Invalid request'));
}

sub _build_nos {
    my $app = shift;
    my $path = $app->uri;
    if ($path =~ m!^/!) {
        # relative path, prepend domain name
        my $domain = "http://" . $ENV{'HTTP_HOST'};
        $path = $domain . $path;
    }
    return Net::OpenID::Server->new( 
        post_args     => $app->{query}, 
        get_args      => $app->{query}, 
        get_user      => sub { $app }, 
        get_identity  => \&get_identity, 
        is_identity   => \&is_identity, 
        is_trusted    => \&is_trusted, 
        server_secret => $app->config->SecretToken,
        setup_url     => $app->base . $app->mt_uri('mode' => 'openid_setup'), 
        endpoint_url  => $app->base . $app->mt_uri('mode' => 'openid'),
    ); 
}

sub openid {
    my $app = shift;

    if ( 'HEAD' eq $app->request_method ) {
        if ( $app->param('id') ) {
            $app->set_header( 'X-XRDS-Location' =>
                $app->base . $app->mt_uri(
                    'mode' => 'openid_xrds_id',
                    'args' => { 'id' => $app->param('id') }
            ) );
        }
        else {
            $app->set_header( 'X-XRDS-Location' =>
                $app->base . $app->mt_uri(
                    'mode' => 'openid_xrds'
            ) );
        }
        return q();
    }

    my $plugin = $app->component('openid2-server');
    my $nos = _build_nos($app);
    my ($type, $data) = $nos->handle_page();

    if ( 'redirect' eq $type ) {
        # we handle login by leveraging requires_login
        $app->redirect($data);
    } elsif ( 'setup' eq $type ) {
        ## Was it an identity or trust failure? Cancel.
        return $app->error(
          $plugin->translate('Your account is not authorized to assert the requested identity.'))
            if $app->user;

        my $url = $nos->setup_url;
        $url .= '&'. $_ .'='. MT::Util::encode_url($data->{$_})
            for qw( trust_root return_to identity assoc_handle ns );
        return $app->redirect($url);
    }
    elsif ( 'GET' eq $app->request_method && ( my $id = $app->param('id') ) ) {
        my $user = $app->model('author')->load($id);
        if ( $user->url ) {
            return $app->redirect( $user->url );
        }
    }
    else {
        $app->response_content_type($type);
        $app->set_header( 'X-XRDS-Location' => $app->base . $app->mt_uri('mode' => $app->mode) );
        return $data;
    }
    return $app->error($plugin->translate('Invalid request.'));

}

sub get_identity {
    my ( $app, $identity ) = @_;

    return undef unless $app;
    return undef unless $app->user;

    if ( IDENTIIFER_SELECT() eq $identity ) {
        return undef;
    }
    $app->user->url;
}

sub is_identity {
    my ( $app, $identity ) = @_;

    return 0 unless $app;
    return 0 unless $app->user;
    $app->user->url eq $identity ? 1 : 0;
}

sub is_trusted {
    my ( $app, $trust_root, $is_identity ) = @_; 
    return 0 unless $app;
    return 0 unless $app->user;
    $is_identity;
} 

sub setup {
    my $app = shift;
    my $q = $app->param;
    my $plugin = $app->component('openid2-server');
    my $nos = _build_nos($app);

    return $app->error($plugin->translate('Invalid login'))
        unless $app->user;

    my %param = map { $_ => $q->param( $_ ) }
        qw( return_to identity trust_root assoc_handle ns );
    $param{'ng_url'} = $nos->cancel_return_url( return_to => $q->param('return_to') );
    $plugin->load_tmpl( 'setup.tmpl', \%param );
}

sub confirm {
    my $app = shift;
    $app->validate_magic or return;
    my $q = $app->param;

    my $nos = _build_nos($app);
    my %param = map { $_ => $q->param( $_ ) }
        qw( return_to identity trust_root assoc_handle ns );
    $param{'identity'} = 
        $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->user->id })
            unless $param{'identity'};
    my $redirect = $nos->signed_return_url( %param );
    $app->redirect($redirect);
}

1;
__END__