Index: /trunk/openid2-server/plugins/openid2-server/config.yaml =================================================================== --- /trunk/openid2-server/plugins/openid2-server/config.yaml (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/config.yaml (revision 529) @@ -0,0 +1,23 @@ +id: openid2-server +name: OpenID2 Server +version: 2.0 + +tags: + function: + OpenID2ServerURL: $openid2server::OpenID2Server::Tags::openid_server_url + OpenID2Header: $openid2server::OpenID2Server::Tags::openid_header + +applications: + cms: + methods: + openid_xrds_id: + handler: $openid2server::OpenID2Server::App::openid_xrds + requires_login: 0 + openid_xrds: + handler: $openid2server::OpenID2Server::App::openid_xrds + requires_login: 0 + openid: + handler: $openid2server::OpenID2Server::App::openid + requires_login: 0 + openid_setup: $openid2server::OpenID2Server::App::setup + openid_confirm: $openid2server::OpenID2Server::App::confirm Index: /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/Tags.pm =================================================================== --- /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/Tags.pm (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/Tags.pm (revision 529) @@ -0,0 +1,20 @@ +package OpenID2Server::Tags; +use strict; + +sub openid_server_url { + my ($ctx, $args) = @_; + require MT::Template::Context; + my $path = MT::Template::Context::_hdlr_admin_cgi_path(@_); + $path .= $ctx->{config}->AdminScript . '?__mode=openid'; + $path; +} + +sub openid_header { + my $path = openid_server_url(@_); + my $header = qq{}; + return $header; +} + +1; +__END__ + Index: /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/App.pm =================================================================== --- /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/App.pm (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/lib/OpenID2Server/App.pm (revision 529) @@ -0,0 +1,179 @@ +package OpenID2Server::App; + +use strict; + +use Net::OpenID::Server; +use MT::Util qw( perl_sha1_digest_hex ); +use Data::Dumper; + +use constant IDENTIIFER_SELECT => 'http://specs.openid.net/auth/2.0/identifier_select'; + +sub llog { + open my $fh, '>>', 'c:\\temp\\hoge\\hoge.txt'; + print $fh '"'.join('","', @_) . '"'; + close $fh; +} + +sub openid_xrds { + my $app = shift; + my $plugin = $app->component('openid2-server'); + # return XRDS-YADIS document location + if ( 'GET' eq $app->request_method ) { + $app->response_content_type('application/xrds+xml'); + if ( 'openid_xrds' eq $app->mode ) { + my $param = { + openid2_endpoint => $app->base . $app->mt_uri('mode' => 'openid'), + openid1_endpoint => $app->base . $app->mt_uri('mode' => 'openid'), + }; + return $plugin->load_tmpl( 'xrds-server.tmpl', $param ); + } + elsif ( 'openid_xrds_id' eq $app->mode ) { + my $param = { + openid2_endpoint => + $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->param('id') }), + openid1_endpoint => + $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->param('id') }), + }; + return $plugin->load_tmpl( 'xrds-signon.tmpl', $param ); + } + } + elsif ( 'HEAD' eq $app->request_method ) { + $app->set_header( 'X-XRDS-Location' => $app->base . $app->mt_uri('mode' => $app->mode) ); + return q(); + } + return $app->error($plugin->translate('Invalid request')); +} + +sub _build_nos { + my $app = shift; + my $path = $app->uri; + if ($path =~ m!^/!) { + # relative path, prepend domain name + my $domain = "http://" . $ENV{'HTTP_HOST'}; + $path = $domain . $path; + } + return Net::OpenID::Server->new( + post_args => $app->{query}, + get_args => $app->{query}, + get_user => sub { $app }, + get_identity => \&get_identity, + is_identity => \&is_identity, + is_trusted => \&is_trusted, + server_secret => $app->config->SecretToken, + setup_url => $app->base . $app->mt_uri('mode' => 'openid_setup'), + endpoint_url => $app->base . $app->mt_uri('mode' => 'openid'), + ); +} + +sub openid { + my $app = shift; + + if ( 'HEAD' eq $app->request_method ) { + if ( $app->param('id') ) { + $app->set_header( 'X-XRDS-Location' => + $app->base . $app->mt_uri( + 'mode' => 'openid_xrds_id', + 'args' => { 'id' => $app->param('id') } + ) ); + } + else { + $app->set_header( 'X-XRDS-Location' => + $app->base . $app->mt_uri( + 'mode' => 'openid_xrds' + ) ); + } + return q(); + } + + my $plugin = $app->component('openid2-server'); + my $nos = _build_nos($app); + my ($type, $data) = $nos->handle_page(); + + if ( 'redirect' eq $type ) { + # we handle login by leveraging requires_login + $app->redirect($data); + } elsif ( 'setup' eq $type ) { + ## Was it an identity or trust failure? Cancel. + return $app->error( + $plugin->translate('Your account is not authorized to assert the requested identity.')) + if $app->user; + + my $url = $nos->setup_url; + $url .= '&'. $_ .'='. MT::Util::encode_url($data->{$_}) + for qw( trust_root return_to identity assoc_handle ns ); + return $app->redirect($url); + } + elsif ( 'GET' eq $app->request_method && ( my $id = $app->param('id') ) ) { + my $user = $app->model('author')->load($id); + if ( $user->url ) { + return $app->redirect( $user->url ); + } + } + else { + $app->response_content_type($type); + $app->set_header( 'X-XRDS-Location' => $app->base . $app->mt_uri('mode' => $app->mode) ); + return $data; + } + return $app->error($plugin->translate('Invalid request.')); + +} + +sub get_identity { + my ( $app, $identity ) = @_; + + return undef unless $app; + return undef unless $app->user; + + if ( IDENTIIFER_SELECT() eq $identity ) { + return undef; + } + $app->user->url; +} + +sub is_identity { + my ( $app, $identity ) = @_; + + return 0 unless $app; + return 0 unless $app->user; + $app->user->url eq $identity ? 1 : 0; +} + +sub is_trusted { + my ( $app, $trust_root, $is_identity ) = @_; + return 0 unless $app; + return 0 unless $app->user; + $is_identity; +} + +sub setup { + my $app = shift; + my $q = $app->param; + my $plugin = $app->component('openid2-server'); + my $nos = _build_nos($app); + + return $app->error($plugin->translate('Invalid login')) + unless $app->user; + + my %param = map { $_ => $q->param( $_ ) } + qw( return_to identity trust_root assoc_handle ns ); + $param{'ng_url'} = $nos->cancel_return_url( return_to => $q->param('return_to') ); + $plugin->load_tmpl( 'setup.tmpl', \%param ); +} + +sub confirm { + my $app = shift; + $app->validate_magic or return; + my $q = $app->param; + + my $nos = _build_nos($app); + my %param = map { $_ => $q->param( $_ ) } + qw( return_to identity trust_root assoc_handle ns ); + $param{'identity'} = + $app->base . $app->mt_uri('mode' => 'openid', args => { 'id' => $app->user->id }) + unless $param{'identity'}; + my $redirect = $nos->signed_return_url( %param ); + $app->redirect($redirect); +} + +1; +__END__ Index: /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-server.tmpl =================================================================== --- /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-server.tmpl (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-server.tmpl (revision 529) @@ -0,0 +1,18 @@ + + + + + http://specs.openid.net/auth/2.0/server + + + + + http://openid.net/signon/1.0 + + + + + Index: /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-signon.tmpl =================================================================== --- /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-signon.tmpl (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/tmpl/xrds-signon.tmpl (revision 529) @@ -0,0 +1,18 @@ + + + + + http://specs.openid.net/auth/2.0/signon + + + + + http://openid.net/signon/1.0 + + + + + Index: /trunk/openid2-server/plugins/openid2-server/tmpl/setup.tmpl =================================================================== --- /trunk/openid2-server/plugins/openid2-server/tmpl/setup.tmpl (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/tmpl/setup.tmpl (revision 529) @@ -0,0 +1,32 @@ +<__trans_section component="openid2-server"> +"> + + + +
"> + + " /> + " /> + " /> + " /> + " /> + "> + + <__trans phrase='You are logging in to [_1]. Click "Let Me In" to continue on to the site.' params=""> + +
+
+ +
+
+ ← "><__trans phrase="I do not want to log in."> +
+ + Index: /trunk/openid2-server/plugins/openid2-server/tmpl/xrds.tmpl =================================================================== --- /trunk/openid2-server/plugins/openid2-server/tmpl/xrds.tmpl (revision 529) +++ /trunk/openid2-server/plugins/openid2-server/tmpl/xrds.tmpl (revision 529) @@ -0,0 +1,18 @@ + + + + + http://specs.openid.net/auth/2.0/signon + + + + + http://openid.net/signon/1.0 + + + + + Index: /trunk/openid2-server/README =================================================================== --- /trunk/openid2-server/README (revision 529) +++ /trunk/openid2-server/README (revision 529) @@ -0,0 +1,81 @@ +OpenID Server for MT + +This is a Movable Type plugin that enables authors on your Movable +Type site to log into OpenID sites with their Movable Type logins. + +http://www.sixapart.com/movabletype/ +http://www.openid.net/ + + +DEPENDENCIES + +This software requires: + + * Movable Type 4.1 + +This distribution also contains the additional required Perl modules: + + * Net::OpenID::Server + Specifically the module in the development branche found in + http://code.sixapart.com/trac/openid/log/branches/openid2/perl/Net-OpenID-Server. + Tested on the revision 121 of it. + + + +INSTALLATION + +To install this plugin: + + 1. Unzip the archive to your Movable Type directory. + +Each author who wishes to use an OpenID must then set up their profile +pages. To set up your OpenID: + + 1. In your author profile, set your Website URL to the URL you + wish to use as your profile. + 2. In the section of that page, add the HTML tag: + + + + OR + + <$MTOpenID2Header$> + + If your profile page is a static HTML page, replace "" + with the CGIPath to the copy of Movable Type where the plugin + is installed. + +To sign in with OpenID: + + 1. When presented with an OpenID signon form, enter the URL to your + profile page. If you are not logged in to Movable Type, you will + be prompted to log in. + + Try logging into LiveJournal with your OpenID at: + + http://www.livejournal.com/openid/ + + (You'll have to log out first if you have a real LJ account.) + + Or, to test OpenID 2.0, try logging into Fastladder with your OpenID at: + + http://fastladder.com + +COPYRIGHT AND LICENCE + +Fumiaki Yoshimatsu + +This library is heavily inspired and in many places copied from +openid-server plugin. Below is the COPYRIGHT and LICENSE notice +of the original openid-server plugin. + +Updated for MT4 by Mark Carey (http://mt-hacks.com) + +Copyright 2005 Mark Paschal + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself. + +This software is based on a first draft by Brad Choate. Thanks, Brad! +