[Rt-commit] r9156 - in rt/branches/3.7-EXPERIMENTAL: . etc html/Callbacks html/Callbacks/OpenID html/Callbacks/OpenID/Elements html/Callbacks/OpenID/Elements/Login html/Callbacks/OpenID/autohandler

jesse at bestpractical.com jesse at bestpractical.com
Wed Sep 26 12:07:07 EDT 2007 

Author: jesse
Date: Wed Sep 26 12:07:06 2007
New Revision: 9156

Added:
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/Elements/
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/Elements/Login/
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/Elements/Login/Default
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/autohandler/
   rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/autohandler/Auth
Modified:
   rt/branches/3.7-EXPERIMENTAL/   (props changed)
   rt/branches/3.7-EXPERIMENTAL/etc/RT_Config.pm.in
   rt/branches/3.7-EXPERIMENTAL/sbin/rt-test-dependencies.in

Log:
 r61191 at pinglin:  jesse | 2007-07-25 00:54:08 -0400
 * First cut of in-core openid support
 


Modified: rt/branches/3.7-EXPERIMENTAL/etc/RT_Config.pm.in
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/etc/RT_Config.pm.in	(original)
+++ rt/branches/3.7-EXPERIMENTAL/etc/RT_Config.pm.in	Wed Sep 26 12:07:06 2007
@@ -477,6 +477,15 @@
 
 Set($WebExternalAuth , undef);
 
+
+# If $WebOpenIdAuth is enabled, RT will allow OpenID logins. New users who present
+# OpenID Credentials will be created as unprivileged users with their OpenID as their Name.
+# To enable OpenID Support, you need to install LWPx::ParanoidAgent, Cache::FileCache
+# and Net::OpenID::Consumer.
+#
+Set($WebOpenIdAuth, undef);
+
+
 # If $WebFallbackToInternalAuth is undefined, the user is allowed a chance
 # of fallback to the login screen, even if REMOTE_USER failed.
 

Added: rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/Elements/Login/Default
==============================================================================
--- (empty file)
+++ rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/Elements/Login/Default	Wed Sep 26 12:07:06 2007
@@ -0,0 +1,13 @@
+<%init>
+return unless (RT->Config->Get( 'WebOpenIdAuth'));
+</%init>
+<div class="input-row">
+<h3><&|/l&>Login with OpenID</&></h3>
+</div>
+    <span class="label"><&|/l&>OpenID</&>:</span>
+    <span class="input"><input name="openid" /></span>
+</div>
+
+<div class="button-row">
+    <span class="input"><input type="submit" class="button" value="<&|/l&>Login with OpenID</&>" /></span>
+</div>

Added: rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/autohandler/Auth
==============================================================================
--- (empty file)
+++ rt/branches/3.7-EXPERIMENTAL/html/Callbacks/OpenID/autohandler/Auth	Wed Sep 26 12:07:06 2007
@@ -0,0 +1,91 @@
+<%INIT>
+return unless (RT->Config->Get( 'WebOpenIdAuth'));
+use Net::OpenID::Consumer;
+use LWPx::ParanoidAgent;
+use Cache::FileCache;
+
+my $openid_url = ref( $ARGS{openid} ) ? $ARGS{openid}->[0] : $ARGS{openid};
+my $user;
+my $check_url;
+
+# Livejournal misencodes responses...
+if ($ARGS{'openid.sig'}) {
+my $sig = $m->cgi_object->param('openid.sig') ||'';
+$sig =~ s/ /+/g;
+$m->cgi_object->param( 'openid.sig' => $sig );
+}
+
+
+my $root_user = RT::User->new($RT::SystemUser);
+my $csr = Net::OpenID::Consumer->new(
+    ua              => LWPx::ParanoidAgent->new,
+    args            => \%ARGS,
+    cache           => Cache::FileCache->new,
+    consumer_secret => $RT::DatabasePassword,
+    required_root => $RT::WebURL,
+);
+
+
+if ($openid_url) {
+    my $claimed_identity = $csr->claimed_identity("$openid_url");
+    $check_url = $claimed_identity->check_url(
+        return_to      => $RT::WebURL,
+        delayed_return => 1,
+        trust_root     => $RT::WebURL,
+    );
+    RT::Interface::Web::Redirect($check_url);
+}
+if ( $ARGS{"openid.mode"} ) {
+    if ( my $setup_url = $csr->user_setup_url ) {
+
+        # redirect/link/popup user to $setup_url
+        RT::Interface::Web::Redirect($setup_url);
+    } elsif ( $csr->user_cancel ) {
+    } elsif ( my $vident = $csr->verified_identity ) {
+        $user = $vident->url;
+    } else {
+        die ( "Error validating identity: " . $csr->err );
+    }
+}
+
+# if the user isn't logged in and we got credentials from OpenID, load them
+if ( ( !$session{'CurrentUser'} ) && ($user) ) {
+
+    # set a global user so we know elsewhere we're using OpenID for auth
+    $session{'OpenID'} = $user;
+
+    # OpenID has verified that the user has control of this e-mail address,
+    # so it's okay to use it to get a valid RT user
+
+    # we've got a valid user, so try to load
+    $session{'CurrentUser'} = RT::CurrentUser->new();
+    $session{'CurrentUser'}->LoadByCols( Name => $user );
+    
+    if ( $session{'CurrentUser'}->id ) {
+        $RT::Logger->info($session{'CurrentUser'}->Name ." logged in with openid"); 
+    } else {
+        my $UserObj = RT::User->new($RT::SystemUser);
+        my ( $id, $msg ) = $UserObj->Create(
+            Name => $user,
+
+            #RealName => $user->{'name'},
+            #EmailAddress => $user->{'email'},
+            Privileged => 0,
+        );
+        $RT::Logger->info($user ." attempted an account creation with OpenID: $msg");
+        if ( $UserObj->id ) {
+
+            # created the user, now load them as the current user
+            $session{'CurrentUser'}->Load( $UserObj->id );
+            $session{'i'}++;
+            # redirect the user to their preference page to add more info
+            RT::Interface::Web::Redirect( $RT::WebURL . '/User/Prefs.html' );
+        } else {
+
+            # we couldn't create the user.  abort abort abort!
+            delete $session{'CurrentUser'};
+            die( loc( "Cannot create user: [_1]", $msg ) );
+        }
+    }
+}
+</%INIT>

Modified: rt/branches/3.7-EXPERIMENTAL/sbin/rt-test-dependencies.in
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/sbin/rt-test-dependencies.in	(original)
+++ rt/branches/3.7-EXPERIMENTAL/sbin/rt-test-dependencies.in	Wed Sep 26 12:07:06 2007
@@ -64,6 +64,7 @@
     'with-SPEEDYCGI',                     'with-MODPERL1',
     'with-MODPERL2',                      'with-DEV',
     'with-STANDALONE',
+    'with-OPENID',
     'download=s',
     'repository=s'
 );
@@ -77,6 +78,7 @@
     'with-MASON' => 1,
     'with-CORE' => 1,
     'with-CLI' => 1,
+    'with-OPENID' => 0,
     'with-MAILGATE' => 1, 
     'with-DEV' => @RT_DEVEL_MODE@, 
     'with-STANDALONE' => @RT_STANDALONE@,
@@ -156,7 +158,8 @@
 	--with-modperl1		Libraries needed to support the modperl 1 handler
 	--with-modperl2		Libraries needed to support the modperl 2 handler
 
-	--with-dev		Tools needed for RT development
+	--with-dev		    Tools needed for RT development
+    --with-openid       Libraries needed to support OpenID logins
 
 You can also specify -v or --verbose to list the status of all dependencies,
 rather than just the missing ones.
@@ -304,10 +307,16 @@
 $deps{'SQLITE'} = [ text_to_hash( << '.') ];
 DBD::SQLite 1.00
 .
+$deps{'OPENID'} = [text_to_hash(<< '.')];
+Net::OpenID::Consumer
+LWPx::ParanoidAgent
+Cache::FileCache
+.
+
 
 if ($args{'download'}) {
 
-    download_mods();
+    dowoload_mods();
 }

More information about the Rt-commit mailing list