Added OpenID authentication plugin (based on work from Rob and Jason Kendall)

Refactord authentication and user plugins to improve flexibility and decoupling

git-svn-id: http://joomlacode.org/svn/joomla/development/trunk@6025 6f6e1ebd-4c2b-0410-823f-f34bde69bce9

CHANGELOG.php

@@ -43,6 +43,8 @@ Legend:
 17-Dec-2006 Johan Janssens
  + Added PHP OpenID library to the framework
  + Added Joomla! User plugin, moved login, logout and sessions cleaning into this plugin
+ + Added OpenID authentication plugin (based on work from Rob and Jason Kendall)
+ ^ Refactord authentication and user plugins to improve flexibility and decoupling
  ! Changes require a reinstall
 
 17-Dec-2006 Rastin Mehr
@@ -116,7 +118,7 @@ Legend:
 
 27-Nov-2006 Louis Landry
  - Removed MagPie Feed parser
- + Added SimplePie Feed parser -- Thanks CoolAcid --
+ + Added SimplePie Feed parser (suggested by Jason Kendall)
  ! Much improved feed parsing and feed support
 
 27-Nov-2006 Johan Janssens

administrator/language/en-GB/en-GB.plg_authentication_ldap.ini

@@ -27,7 +27,6 @@ MAP EMAIL=Map: Email
 MAP USER ID=Map: User ID
 MAP PASSWORD=Map: Password
 AUTHORIZATION METHOD=Authorization Method
-AUTO CREATE USERS=Auto Create Users
 ANONYMOUS COMPARE=Anonymous Compare
 AUTHENTICATE THEN BIND=Authenticate then Bind
 BIND AS USER=Bind as User

administrator/language/en-GB/en-GB.plg_user_joomla.ini

@@ -0,0 +1,10 @@
+# version 1.5.x 2005-11-07 15:30:00
+# Joomla! Project
+# copyright Copyright (C) 2005 - 2006 Open Source Matters. All rights reserved.
+# license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
+
+# Note : All ini files need to be saved as UTF-8
+
+AUTO REGISTER USERS=Auto Register Users
+PARAMAUTOCREATEUSERS=Automatically create registered users where possible
+

components/com_login/login.php

@@ -113,7 +113,7 @@ class LoginController
 
 		$username = JRequest::getVar( 'username' );
 		$password = JRequest::getVar( 'password' );
-		$return = JRequest::getVar('return', false);
+		$return   = JRequest::getVar('return', false);
 		
 		$error = $mainframe->login($username, $password);
 

installation/sql/joomla.sql

@@ -350,7 +350,7 @@ INSERT INTO `#__plugins` VALUES (18, 'Search - Newsfeeds', 'newsfeeds', 'search'
 INSERT INTO `#__plugins` VALUES (19, 'Content - Load Module', 'loadmodule', 'content', 0, 6, 1, 0, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (20, 'Authentication - Joomla', 'joomla', 'authentication', 0, 1, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (21, 'Authentication - LDAP', 'ldap', 'authentication', 0, 2, 0, 1, 0, 0, '0000-00-00 00:00:00', '');
-INSERT INTO `#__plugins` VALUES (22, 'Authentication - GMail', 'gmail', 'authentication', 0, 0, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
+INSERT INTO `#__plugins` VALUES (22, 'Authentication - GMail', 'gmail', 'authentication', 0, 4, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (23, 'Request Modifier - Joomla', 'joomla.request', 'system', 0, 2, 1, 1, 0, 0, '0000-00-00 00:00:00', 'mode=1\r\nrealnames=0');
 INSERT INTO `#__plugins` VALUES (25, 'Content - Page Navigation','pagenavigation','content',0,2,1,1,0,0,'0000-00-00 00:00:00','');
 INSERT INTO `#__plugins` VALUES (26, 'Editor - XStandard Lite 1.7', 'xstandard', 'editors', 0, 0, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
@@ -359,6 +359,7 @@ INSERT INTO `#__plugins` VALUES (28, 'XML-RPC - Blogger API', 'blogger', 'xmlrpc
 #INSERT INTO `#__plugins` VALUES (29, 'XML-RPC - MetaWeblog API', 'metaweblog', 'xmlrpc', 0, 7, 0, 1, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (30, 'Editor Button - Readmore','readmore','editors-xtd',0,0,1,0,0,0,'0000-00-00 00:00:00','');
 INSERT INTO `#__plugins` VALUES (31, 'User - Joomla!', 'joomla', 'user', 0, 0, 1, 0, 0, 0, '0000-00-00 00:00:00', '');
+INSERT INTO `#__plugins` VALUES (32, 'Authentication - OpenID', 'openid', 'authentication', 0, 3, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
 
 # --------------------------------------------------------
 

installation/sql/joomla_backward.sql

@@ -350,7 +350,7 @@ INSERT INTO `#__plugins` VALUES (18, 'Search - Newsfeeds', 'newsfeeds', 'search'
 INSERT INTO `#__plugins` VALUES (19, 'Content - Load Module', 'loadmodule', 'content', 0, 6, 1, 0, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (20, 'Authentication - Joomla', 'joomla', 'authentication', 0, 1, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (21, 'Authentication - LDAP', 'ldap', 'authentication', 0, 2, 0, 1, 0, 0, '0000-00-00 00:00:00', '');
-INSERT INTO `#__plugins` VALUES (22, 'Authentication - GMail', 'gmail', 'authentication', 0, 0, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
+INSERT INTO `#__plugins` VALUES (22, 'Authentication - GMail', 'gmail', 'authentication', 0, 4, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (23, 'Request Modifier - Joomla', 'joomla.request', 'system', 0, 2, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (25, 'Content - Page Navigation','pagenavigation','content',0,2,1,1,0,0,'0000-00-00 00:00:00','');
 INSERT INTO `#__plugins` VALUES (26, 'Editor - XStandard Lite 1.7', 'xstandard', 'editors', 0, 0, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
@@ -358,6 +358,8 @@ INSERT INTO `#__plugins` VALUES (27, 'XML-RPC - Joomla', 'joomla', 'xmlrpc', 0,
 INSERT INTO `#__plugins` VALUES (28, 'XML-RPC - Blogger API', 'blogger', 'xmlrpc', 0, 7, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
 #INSERT INTO `#__plugins` VALUES (29, 'XML-RPC - MetaWeblog API', 'metaweblog', 'xmlrpc', 0, 7, 1, 1, 0, 0, '0000-00-00 00:00:00', '');
 INSERT INTO `#__plugins` VALUES (30, 'Editor Button - Readmore','readmore','editors-xtd',0,0,1,0,0,0,'0000-00-00 00:00:00','');
+INSERT INTO `#__plugins` VALUES (31, 'User - Joomla!', 'joomla', 'user', 0, 0, 1, 0, 0, 0, '0000-00-00 00:00:00', '');
+INSERT INTO `#__plugins` VALUES (32, 'Authentication - OpenID', 'openid', 'authentication', 0, 3, 0, 0, 0, 0, '0000-00-00 00:00:00', '');
 
 # --------------------------------------------------------
 

libraries/joomla/application/application.php

@@ -325,16 +325,16 @@ class JApplication extends JObject
 
 		// Get the global JAuthenticate object
 		jimport( 'joomla.user.authenticate');
-		$auth = & JAuthenticate::getInstance();
-		$authenticated = $auth->authenticate($credentials);
+		$authenticate = & JAuthenticate::getInstance();
+		$response     = $authenticate->authenticate($username, $password);
 
-		if ($authenticated !== false)
+		if (is_a($response, 'JAuthenticateResponse'))
 		{
 			// Import the user plugin group
 			JPluginHelper::importPlugin('user');
 
 			// OK, the credentials are authenticated.  Lets fire the onLogin event
-			$results = $this->triggerEvent('onLogin', array($credentials, $remember));
+			$results = $this->triggerEvent('onLoginUser', array((array)$response, $remember));
 
 			/*
 			 * If any of the user plugins did not successfully
@@ -375,7 +375,7 @@ class JApplication extends JObject
 		JPluginHelper::importPlugin('user');
 
 		// OK, the credentials are built. Lets fire the onLogout event
-		$results = $this->triggerEvent('onLogout', array($parameters));
+		$results = $this->triggerEvent('onLogoutUser', array($parameters));
 
 		/*
 		 * If any of the authentication plugins did not successfully complete
@@ -570,10 +570,13 @@ class JApplication extends JObject
 		$storage = & JTable::getInstance('session');
 		$storage->purge( intval( $this->getCfg( 'lifetime' ) * 60) );
 
-		if ($storage->load( $session->getId() )) {
+		if ($storage->load( $session->getId() )) 
+		{
 			// Session cookie exists, update time in session table
 			$storage->update();
-		} else {
+		} 
+		else 
+		{
 			//create persistance store in the session
 			$session->set('registry', new JRegistry('session'));
 

libraries/joomla/database/table/user.php

@@ -21,31 +21,95 @@
  */
 class JTableUser extends JTable
 {
-	/** @var int Unique id*/
+	/** 
+	 * Unique id
+	 * 
+	 * @var int 
+	 */
 	var $id				= null;
-	/** @var string The users real name (or nickname)*/
+	
+	/** 
+	 * The users real name (or nickname)
+	 * 
+	 * @var string 
+	 */
 	var $name			= null;
-	/** @var string The login name*/
+	
+	/** 
+	 * The login name
+	 * 
+	 * @var string 
+	 */
 	var $username		= null;
-	/** @var string email*/
+	
+	/** 
+	 * The email
+	 * 
+	 * @var string 
+	 */
 	var $email			= null;
-	/** @var string MD5 encrypted password*/
+	
+	/** 
+	 * MD5 encrypted password
+	 * 
+	 * @var string 
+	 */
 	var $password		= null;
-	/** @var string */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var string 
+	 */
 	var $usertype		= null;
-	/** @var int */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var int 
+	 */
 	var $block			= null;
-	/** @var int */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var int 
+	 */
 	var $sendEmail		= null;
-	/** @var int The group id number */
+	
+	/** 
+	 * The group id number 
+	 * 
+	 * @var int 
+	 */
 	var $gid			= null;
-	/** @var datetime */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var datetime 
+	 */
 	var $registerDate	= null;
-	/** @var datetime */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var datetime 
+	 */
 	var $lastvisitDate	= null;
-	/** @var string activation hash*/
+	
+	/** 
+	 * Description
+	 * 
+	 * @var string activation hash
+	 */
 	var $activation		= null;
-	/** @var string */
+	
+	/** 
+	 * Description
+	 * 
+	 * @var string 
+	 */
 	var $params			= null;
 
 	/**
@@ -71,22 +135,23 @@ class JTableUser extends JTable
 			$this->_error = JText::_( 'Please enter your name.' );
 			return false;
 		}
-
+		
 		if (trim( $this->username ) == '') {
 			$this->_error = JText::_( 'Please enter a user name.');
 			return false;
 		}
 
+		
 		if (eregi( "[\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-]", $this->username) || JString::strlen( $this->username ) < 3) {
 			$this->_error = sprintf( JText::_( 'VALID_AZ09' ), JText::_( 'Username' ), 2 );
 			return false;
 		}
-
+	
 		if ((trim($this->email == "")) || (preg_match("/[\w\.\-]+@\w+[\w\.\-]*?\.\w{1,4}/", $this->email )==false)) {
 			$this->_error = JText::_( 'WARNREG_MAIL' );
 			return false;
 		}
-
+		
 		// check for existing username
 		$query = "SELECT id"
 		. "\n FROM #__users "

libraries/joomla/user/authenticate.php

@@ -12,6 +12,21 @@
 * See COPYRIGHT.php for copyright notices and details.
 */
 
+/**
+ * This is the status code returned when the authentication is success.
+ */
+define('JAUTHENTICATE_STATUS_SUCCESS', 1);
+
+/**
+ * Status to indicate cancellation of authentication.
+ */
+define('JAUTHENTICATE_STATUS_CANCEL', 2);
+
+/**
+ * This is the status code returned when the authentication failed
+ */
+define('JAUTHENTICATE_STATUS_FAILURE', 4);
+
 /**
  * Authorization class, provides an interface for the Joomla authentication system
  *
@@ -76,11 +91,12 @@ class JAuthenticate extends JObject
 	 * objects to run their respective authentication routines.
 	 *
 	 * @access public
-	 * @param array $credentials  The credentials to authenticate.
+	 * @param string 	The username.
+	 * @param string 	The password.
 	 * @return mixed Integer userid for valid user if credentials are valid or boolean false if they are not
 	 * @since 1.5
 	 */
-	function authenticate($credentials)
+	function authenticate($username, $password)
 	{
 		// Initialize variables
 		$auth = false;
@@ -89,56 +105,43 @@ class JAuthenticate extends JObject
 		$dispatcher = &JEventDispatcher::getInstance();
 
 		// Time to authenticate the credentials.  Lets fire the auth event
-		$results = $dispatcher->trigger( 'onAuthenticate', $credentials);
-
+		$results = $dispatcher->trigger( 'onAuthenticate', array($username, $password));
+		
 		/*
 		 * Check each of the results to see if a valid user ID was returned. and use the
-		 * furst ID to log into the system.
+		 * first ID to log into the system.
+		 
 		 * Any errors raised in the plugin should be returned via the JAuthenticateResponse
 		 * and handled appropriately.
 		 */
 		foreach($results as $result)
 		{
-			switch($result->type) 
+			switch($result->status) 
 			{
-				case 'success':
+				case JAUTHENTICATE_STATUS_SUCCESS :
 				{
-					if(JUserHelper::getUserId( $credentials['username'] )) {
-						// Whilst a plugin may validate the login, it might not actually exist
-						return true;
-					} else {
-						// Authentication failed
-						$results = $dispatcher->trigger( 'onAuthenticateFailure', $credentials, $result);
-						return false;
+					if(empty($result->username)) {
+						$result->username = $username;
 					}
+					
+					if(empty($result->fullname)) {
+						$result->fullname = $username;
+					}
+					
+					//TODO :: this needs to be changed, should only return at the end
+					return $result;
+					
 				}	break;
 					
-				case 'autocreate':
+				case JAUTHENTICATE_STATUS_CANCEL :
 				{
-					// We need to create the user if they don't exist
-					if(intval(JUserHelper::getUserId($credentials['username']))) { return true; }
-					
-					$user = new JUser();
-					$user->set( 'id', 0 );
-					$user->set( 'name', $result->fullname );
-					$user->set( 'username', $credentials['username'] );
-					$user->set( 'gid', $result->gid );
-					$user->set( 'usertype', $result->usertype );
-					$user->set( 'email', $result->email );	// Result should contain an email
-					
-					if($user->save()) {
-						return true;
-					} else {
-						// Authentication failed
-						$results = $dispatcher->trigger( 'onAuthenticateFailure', $credentials, $result);
-						return false;
-					}
-				}	break;
+					// do nothing
+				} break;
 				
-				default:
-					// Authentication failed
-					$results = $dispatcher->trigger( 'onAuthenticateFailure', $credentials, $result);
-					break;
+				case JAUTHENTICATE_STATUS_FAILURE :
+				{
+					//do nothing
+				}	break;
 			}
 		}
 
@@ -445,19 +448,20 @@ class JAuthenticateHelper
 class JAuthenticateResponse extends JObject
 {
 	/** 
-	 * Response Type (success, failure, critical_failure, error, critical_error,autocreate)
-	 * 
-	 * @var type string  
-	 * @access public
-	 */
-	var $type 			= null;
-	/** 
-	 * Name of Response
+	 * User type (refers to the authentication method used)
 	 * 
 	 * @var name string
 	 * @access public
 	 */
-	var $name 			= '';
+	var $type	= '';
+	
+	/** 
+	 * Response status (see status codes)
+	 * 
+	 * @var type string  
+	 * @access public
+	 */
+	var $status 		= 4;
 	
 	/** 
 	 *  The error message
@@ -468,15 +472,23 @@ class JAuthenticateResponse extends JObject
 	var $error_message 	= '';
 	
 	/** 
-	 * Flag to autocreate a user
+	 * Any UTF-8 string that the End User wants to use as a username.
 	 * 
-	 * @var autocreate int  
+	 * @var fullname string 
 	 * @access public
 	 */
-	var $autocreate		= 0;
-
+	var $username 		= '';
+	
 	/** 
-	 * The fullname of the user (JUser->name)
+	 * The email address of the End User as specified in section 3.4.1 of [RFC2822]
+	 * 
+	 * @var email string  
+	 * @access public
+	 */
+	var $email			= '';
+	
+	/** 
+	 * UTF-8 string free text representation of the End User's full name.
 	 * 
 	 * @var fullname string 
 	 * @access public
@@ -484,37 +496,67 @@ class JAuthenticateResponse extends JObject
 	var $fullname 		= '';
 	
 	/** 
-	 * The group id to use (default should be fine for most uses)
+	 * The End User's date of birth as YYYY-MM-DD. Any values whose representation uses 
+	 * fewer than the specified number of digits should be zero-padded. The length of this 
+	 * value MUST always be 10. If the End User user does not want to reveal any particular 
+	 * component of this value, it MUST be set to zero.
 	 * 
-	 * @var gid int  
-	 * @access public 
-	 */
-	var $gid 			= 18;
-	
-	/** 
-	 * The usertype to use (default should be fine for most uses)
+	 * For instance, if a End User wants to specify that his date of birth is in 1980, but 
+	 * not the month or day, the value returned SHALL be "1980-00-00".
 	 * 
-	 * @var usertype string  
+	 * @var fullname string 
 	 * @access public
 	 */
-	var $usertype 		= 'Registered';
+	var $birthdate	 	= '';
 	
 	/** 
-	 * The email to use
+	 * The End User's gender, "M" for male, "F" for female.
 	 * 
-	 * @var email string  
+	 * @var fullname string 
 	 * @access public
 	 */
-	var $email			= '';
-
+	var $gender 		= '';
+	
+	/** 
+	 * UTF-8 string free text that SHOULD conform to the End User's country's postal system.
+	 * 
+	 * @var fullname string 
+	 * @access public
+	 */
+	var $postcode 		= '';
+	
+	/** 
+	 * The End User's country of residence as specified by ISO3166.
+	 * 
+	 * @var fullname string 
+	 * @access public
+	 */
+	var $country 		= '';
+	
+	/** 
+	 * End User's preferred language as specified by ISO639.
+	 * 
+	 * @var fullname string 
+	 * @access public
+	 */
+	var $language 		= '';
+	
+	/** 
+	 * ASCII string from TimeZone database  
+	 * 
+	 * @var fullname string 
+	 * @access public
+	 */
+	var $timezone 		= '';
+	
 	/**
 	 * Constructor
 	 *
-	 * @param string $name The name of the response
+	 * @param string $name The type of the response
 	 * @since 1.5
 	 */
-	function __construct($name) {
-		$this->name = $name;
+	function __construct($type) {
+		$this->type = $type;
 	}
 }
 ?>

libraries/joomla/user/user.php

@@ -76,8 +76,7 @@ class JUser extends JObject
 		$this->_params = new JParameter( '' );
 
 		// Load the user if it exists
-		if (!empty($identifier))
-		{
+		if (!empty($identifier)) {
 			$this->_load($identifier);
 		}
 	}
@@ -386,8 +385,7 @@ class JUser extends JObject
 		$this->_params->loadINI($this->_table->params);
 
 		// If the table user id is set, lets set the id for the JUser object.
-		if ($this->get( 'id' ))
-		{
+		if ($this->get( 'id' )) {
 			$this->_id = $this->get( 'id' );
 		}
 
@@ -410,7 +408,8 @@ class JUser extends JObject
 		 * don't ya think?
 		 */
 		$me = & JFactory::getUser();
-
+		
+		
 		/*
 		 * Now that we have gotten all the field handling out of the way, time
 		 * to check and store the object.
@@ -420,7 +419,7 @@ class JUser extends JObject
 			$this->_setError("JUser::save: ".$this->_table->getError());
 			return false;
 		}
-
+		
 		// if user is made a Super Admin group and user is NOT a Super Admin
 		if ( $this->get('gid') == 25 && $me->get('gid') != 25 )
 		{
@@ -442,8 +441,7 @@ class JUser extends JObject
 		 * the JUserModel ... if a fail condition exists throw a warning
 		 */
 		$result = false;
-		if (!$result = $this->_table->store())
-		{
+		if (!$result = $this->_table->store()) {
 			$this->_setError("JUser::save: ".$this->_table->getError());
 		}
 
@@ -452,8 +450,7 @@ class JUser extends JObject
 		 * might happen if we just inserted a new user... and need to update
 		 * this objects id value with the inserted id.
 		 */
-		if (empty($this->_id))
-		{
+		if (empty($this->_id)) {
 			$this->_id = $this->get( 'id' );
 		}
 

plugins/authentication/gmail.php

@@ -17,7 +17,7 @@ jimport('joomla.application.plugin.helper');
 /**
  * GMail Authenticate Plugin
  *
- * @author Samuel Moffatt <pasamio@gmail.com>
+ * @author Samuel Moffatt <sam.moffatt@joomla.org>
  * @package Joomla
  * @subpackage JFramework
  * @since 1.5
@@ -94,14 +94,13 @@ class JAuthenticateGMail extends JPlugin
 
 		if ($success)
 		{
-			$return->autocreate  = 1;
-			$return->type 		= 'autocreate';		// Autocreate is the default, the system will create as needed
+			$return->status 	= JAUTHENTICATE_STATUS_SUCCESS;
 			$return->email 		= $username;
 			$return->fullname 	= $username;
 		}
 		else
 		{
-			$return->type 		  = 'failure';
+			$return->status 	   = JAUTHENTICATE_STATUS_FAILURE;
 			$return->error_message = 'Failed to authenticate: ' . $message;
 		}
 		return $return;

plugins/authentication/gmail.xml

@@ -8,7 +8,7 @@
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
 	<version>1.5</version>
-    <description>Handles user authentication with a GMail account</description>
+    <description>Handles user authentication with a GMail account (Requires cURL)</description>
     <files>
         <filename plugin="gmail">gmail.php</filename>
     </files>

plugins/authentication/joomla.php

@@ -52,7 +52,7 @@ class JAuthenticateJoomla extends JPlugin
 	function onAuthenticate( $username, $password )
 	{
 		global $mainframe;
-
+		
 		// Initialize variables
 		$conditions = '';
 
@@ -76,11 +76,11 @@ class JAuthenticateJoomla extends JPlugin
 
 		if($result)
 		{
-			$return->type = 'success';
+			$return->status = JAUTHENTICATE_STATUS_SUCCESS;
 		}
 		else
 		{
-			$return->type = 'error';
+			$return->status = JAUTHENTICATE_STATUS_FAILURE;
 			$return->error_message = 'Invalid response from database';
 		}
 		return $return;

plugins/authentication/ldap.php

@@ -18,13 +18,13 @@ jimport('joomla.client.ldap');
 /**
  * LDAP Authenticate Plugin
  *
- * @author Louis Landry <louis.landry@joomla.org>
+ * @author Sam Moffatt <sam.moffatt@joomla.org>
  * @package Joomla
  * @subpackage JFramework
  * @since 1.5
  */
-class JAuthenticateLdap extends JPlugin {
-
+class JAuthenticateLdap extends JPlugin 
+{
 	/**
 	 * Constructor
 	 *
@@ -59,40 +59,37 @@ class JAuthenticateLdap extends JPlugin {
 		// Get a database connector
 		$db = JFactory::getDBO();
 
-		// If we are in the admin panel, make sure we have access to it
-		if ($mainframe->isAdmin()) {
-			$conditions = "AND gid > 22";
-		}
-
 		// load plugin parameters
 	 	$plugin =& JPluginHelper::getPlugin('authentication', 'ldap');
-	 	$pluginParams = new JParameter( $plugin->params );
-
-		$ldap = new JLDAP($pluginParams);
+	 	$params = new JParameter( $plugin->params );
 
+		$ldap   = new JLDAP($params);
 		$result = new JAuthenticateResponse('LDAP');
 
 		if (!$ldap->connect())
 		{
 			//die('Unable to connect to ldap server');
-			$result->type = 'failure';
+			$result->status = JAUTHENTICATE_STATUS_FAILURE;
 			$result->error_message = 'Unable to connect to LDAP server';
 			return $result;
 		}
 
-		$auth_method = $pluginParams->get('auth_method');
+		$auth_method = $params->get('auth_method');
 
 		switch($auth_method)
 		{
 			case 'anonymous':
 			{
 				// Need to do some work!
-				if($ldap->anonymous_bind()) {
+				if($ldap->anonymous_bind()) 
+				{
 					// Comparison time
-					$success = $ldap->compare(str_replace("[username]",$username,$pluginParams->get('users_dn')),$pluginParams->get('ldap_password'),$password);
-				} else {
+					$success = $ldap->compare(str_replace("[username]",$username,$params->get('users_dn')),$params->get('ldap_password'),$password);
+				} 
+				else 
+				{
 					//die('Anonymous bind failed');
-					$result->type = 'failure';
+					$result->status = JAUTHENTICATE_STATUS_FAILURE;
 					$result->error_message = 'Anonymous bind failed.';
 					return $result;
 				}
@@ -106,9 +103,10 @@ class JAuthenticateLdap extends JPlugin {
 
 			case 'authbind':
 			{	// First bind as a search enabled account
-				if($ldap->bind()) {
-					$ldap_uid = $pluginParams->get('ldap_uid');
-					$userdetails = $ldap->simple_search($pluginParams->get('ldap_uid').'='.$username);
+				if($ldap->bind()) 
+				{
+					$ldap_uid = $params->get('ldap_uid');
+					$userdetails = $ldap->simple_search($params->get('ldap_uid').'='.$username);
 					if(isset($userdetails[0][$ldap_uid][0])) {
 						$success = $ldap->bind($userdetails[0][dn], $password,1);
 					}
@@ -117,12 +115,15 @@ class JAuthenticateLdap extends JPlugin {
 
 			case 'authenticated':
 			{
-				if($ldap->bind()) {
+				if($ldap->bind()) 
+				{
 					// Comparison time
-					$success = $ldap->compare(str_replace("[username]",$username,$pluginParams->get('users_dn')),$pluginParams->get('ldap_password'),$password);
-				} else {
+					$success = $ldap->compare(str_replace("[username]",$username,$params->get('users_dn')),$params->get('ldap_password'),$password);
+				} 
+				else 
+				{
 					//die('Authenticated Bind Failed');
-					$result->type = 'failure';
+					$result->status = JAUTHENTICATE_STATUS_FAILURE;
 					$result->error_message = 'Authenticated bind failed.';
 					return $result;
 				}
@@ -131,37 +132,25 @@ class JAuthenticateLdap extends JPlugin {
 
 		if(!$success)
 		{
-			$result->type = 'error';
+			$result->status = JAUTHENTICATE_STATUS_FAILURE;
 			$result->error_message = 'Failed to bind to LDAP server';
 		}
 		else
 		{
-			$result->type = 'success';	// By default autocreate is disabled.
+			$result->status = JAUTHENTICATE_STATUS_SUCCESS;
 
-			if (intval($pluginParams->get('autocreate')))
+			$userdetails 	= $ldap->simple_search(str_replace("[search]", $username, $params->get('search_string')));
+			$ldap_email 	= $params->get('ldap_email');
+			$ldap_fullname  = $params->get('ldap_fullname');
+
+			if (isset($userdetails[0][$ldap_email][0]))
 			{
-				$userdetails = $ldap->simple_search(str_replace("[search]", $username, $pluginParams->get('search_string')));
-				//die(str_replace("[search]", $username, $pluginParams->get('search_string')));
-				$ldap_email = $pluginParams->get('ldap_email');
-				$ldap_fullname = $pluginParams->get('ldap_fullname');
+				$result->email = $userdetails[0][$ldap_email][0];
 
-				if (isset($userdetails[0][$ldap_email][0]))
-				{
-					$result->type = 'autocreate';
-					$result->email = $userdetails[0][$ldap_email][0];
-
-					if(isset($userdetails[0][$ldap_fullname][0])) {
-						$result->fullname = $userdetails[0][$ldap_fullname][0];
-					} else {
-						$result->fullname = $username;
-					}
-
-					$result->autocreate = 1;		// May change the handling of this in the future
-				}
-				else
-				{
-				    $result->type = 'failure';
-				    $result->error_message = 'Unable to map email!';
+				if(isset($userdetails[0][$ldap_fullname][0])) {
+					$result->fullname = $userdetails[0][$ldap_fullname][0];
+				} else {
+					$result->fullname = $username;
 				}
 			}
 		}

plugins/authentication/ldap.xml

@@ -40,10 +40,6 @@
 		<param name="username" type="text" size="20" default="" label="Connect username" description="PARAMCONNECTSTRING" />
 		<param name="password" type="password" size="20" default="" label="Connect password" description="PARAMCONNECTPASSWORD" />
 		<param name="@spacer" type="spacer" default="" label="" description="" />
-		<param name="autocreate" type="radio" default="0" label="Auto Create Users" description="PARAMAUTOCREATEUSERS">
-			<option value="0">No</option>
-			<option value="1">Yes</option>
-		</param>
 		<param name="ldap_fullname" type="text" size="20" default="fullName" label="Map FullName" description="PARAMMAPFN" />
 		<param name="ldap_email" type="text" size="20" default="mail" label="Map Email" description="PARAMMAPEMAIL" />
 		<param name="ldap_uid" type="text" size="20" default="uid" label="Map User ID" description="PARAMMAPUID" />

plugins/authentication/openid.php

@@ -0,0 +1,63 @@
+<?php
+/**
+* @version $Id: gmail.php 5509 2006-10-19 11:45:15Z pasamio $
+* @package Joomla
+* @subpackage JFramework
+* @copyright Copyright (C) 2005 - 2006 Open Source Matters. All rights reserved.
+* @license GNU/GPL, see LICENSE.php
+* Joomla! is free software. This version may have been modified pursuant
+* to the GNU General Public License, and as distributed it includes or
+* is derivative of works licensed under the GNU General Public License or
+* other free or open source software licenses.
+* See COPYRIGHT.php for copyright notices and details.
+*/
+jimport('joomla.application.plugin.helper');
+/**
+ * OpenID JAuthenticate Plugin
+ *
+ * @author	Johan Janssens <johan.janssens@joomla.org>
+ * @package Joomla
+ * @subpackage openID
+ * @since 1.5
+ */
 
 class JAuthenticateOpenID extends JPlugin 
 {
+    /**
+     * Constructor
+     *
+     * For php4 compatability we must not use the __constructor as a constructor for plugins
+     * because func_get_args ( void ) returns a copy of all passed arguments NOT references.
+     * This causes problems with cross-referencing necessary for the observer design pattern.
+     *
+     * @param object $subject The object to observe
+     * @since 1.5
+     */
+    function JAuthenticateOpenID(& $subject) {
+		parent::__construct($subject);
+    }
+
+    /**
+     * This method should handle any authentication and report back to the subject
+     *
+     * @access	public
+     * @param	string	$username	Username for authentication
+     * @param	string	$password	Password for authentication
+     * @return	object	JAuthenticateResponse
+     * @since 1.5
+     */
+    function onAuthenticate( $username, $password )
+    {
+		global $mainframe;
		
		//OpenID plugin requires DOM xml module to be installed
		if(version_compare( phpversion(), '5.0' ) < 0) {
			return;
		}
+
+	 	 // Require the OpenID consumer.
+		jimport ('openid.consumer');
+
		// Access the session data
+		$session =& JFactory::getSession();
			
+	    // load plugin parameters
+		$plugin =& JPluginHelper::getPlugin('authentication', 'openid');
+		$params = new JParameter( $plugin->params );
		
		// create response object
+		$return = new JAuthenticateResponse('openid');
			
		// Need to check for bcmath or gmp - if not, use the dumb mode.
		// TODO: Should dump an error to debug saying we are dumb

      	global $_Auth_OpenID_math_extensions;
		$ext = Auth_OpenID_detectMathLibrary($_Auth_OpenID_math_extensions);
		if (!isset($ext['extension']) || !isset($ext['class'])) {
			define ("Auth_OpenID_NO_MATH_SUPPORT", true);
		}
			
		// Create and/or start using the data store
		$store_path = JPATH_ROOT . '/tmp/_joomla_openid_store';
		if (!file_exists($store_path) && !mkdir($store_path)) {
			print "Could not create the FileStore directory '$store_path'. " . " Please check the effective permissions.";
			exit (0);
		}

		// Create store object		
		$store = new Auth_OpenID_FileStore($store_path);

	  	// Create a consumer object
		$consumer = new Auth_OpenID_Consumer($store);
+
+		if (!$session->get('_openid_consumer_last_token')) 
		{
+			// Begin the OpenID authentication process.
			if(!$request = $consumer->begin($username))
			{
				$return->type = JAUTHENTICATE_STATUS_FAILURE;
				$return->error_message = 'Authentication error : could not connect to the openid server';
				return $return;
			}
	    	
	    	// Request simple registration information
			$request->addExtensionArg('sreg', 'required' , 'email');
			$request->addExtensionArg('sreg', 'optional', 'fullname');
			$request->addExtensionArg('sreg', 'optional', 'language');
			$request->addExtensionArg('sreg', 'optional', 'timezone');
			
			$uri = JFactory::getURI();
			$url = $uri->toString();
	    
			$process_url = sprintf("index.php?option=com_login&task=login&username=%s&return=%s", $username, $url);
			$redirect_url = $request->redirectURL(JURI::base(), JURI::base().'/'.$process_url);

			$session->set('trust_url', JURI::base());
			$session->pause();

			// Redirect the user to the OpenID server for authentication.  Store
	    	// the token for this authentication so we can verify the response.
			$mainframe->redirect($redirect_url);                                 
			return false;
		}
			
		$response = $consumer->complete(JRequest::get('get'));
				
		switch ($response->status)
		{
			case Auth_OpenID_SUCCESS :
			{
				$sreg = $response->extensionResponse('sreg');
					
				$return->status   = JAUTHENTICATE_STATUS_SUCCESS;
				$return->email    = isset($sreg['email'])    ? $sreg['email']    : "";
				$return->fullname = isset($sreg['fullname']) ? $sreg['fullname'] : "";
				$return->language = isset($sreg['language']) ? $sreg['language'] : "";
				$return->timezone = isset($sreg['timezone']) ? $sreg['timezone'] : "";
				
			} break;
					
			case Auth_OpenID_CANCEL :
			{	
				$return->status = JAUTHENTICATE_STATUS_CANCEL;
				$return->error_message = 'Authentication failed';
			} break;
					
			case Auth_OpenID_FAILURE :
			{	
				$return->status = JAUTHENTICATE_STATUS_FAILURE;
				$return->error_message = 'Authentication cancelled';
			} break;
		}
				
		return $return;
+    }
+}
+?>

plugins/authentication/openid.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<install version="1.5" type="plugin"  group="auth">
+    <name>Authentication - GMail</name>
+    <author>Joomla! Project</author>
+	<creationDate>February 2006</creationDate>
+	<copyright>(C) 2006 Open Source Matters. All rights reserved.</copyright>
+	<license>http://www.gnu.org/copyleft/gpl.html GNU/GPL</license>
+	<authorEmail>admin@joomla.org</authorEmail>
+	<authorUrl>www.joomla.org</authorUrl>
+	<version>1.5</version>
+    <description>Handles user authentication with an OpenID (Requires PHP5)</description>
+    <files>
+        <filename plugin="openid">openid.php</filename>
+    </files>
+    <params />
+</install>

plugins/user/example.php

@@ -17,7 +17,7 @@ jimport('joomla.application.plugin.helper');
 /**
  * Example User Plugin
  *
- * @author		Louis Landry <louis.landry@joomla.org>
+ * @author		Johan Janssens  <johan.janssens@joomla.org>
  * @package		Joomla
  * @subpackage	JFramework
  * @since 		1.5
@@ -129,7 +129,7 @@ class JUserExample extends JPlugin {
 	 * @return	boolean	True on success
 	 * @since	1.5
 	 */
-	function onLogin($user)
+	function onLoginUser($user)
 	{
 		// Initialize variables
 		$success = false;
@@ -158,7 +158,7 @@ class JUserExample extends JPlugin {
 	 * @return boolean True on success
 	 * @since 1.5
 	 */
-	function onLogout($user)
+	function onLogoutUser($user)
 	{
 		// Initialize variables
 		$success = false;

plugins/user/joomla.php

@@ -73,57 +73,78 @@ class JUserJoomla extends JPlugin
 	 * @return	boolean	True on success
 	 * @since	1.5
 	 */
-	function onLogin($user, $remember)
+	function onLoginUser($user, $remember)
 	{
+		// load plugin parameters
+	 	$plugin =& JPluginHelper::getPlugin('authentication', 'joomla');
+	 	$params = new JParameter( $plugin->params );
+		
+		// We need to create the user if they don't exist
+		if(!$id = intval(JUserHelper::getUserId($user['username']))) 
+		{
+			$my = new JUser();
+			$my->set( 'id'			, 0 );
+			$my->set( 'name'		, $user['fullname'] );
+			$my->set( 'username'	, $user['username'] );
+			$my->set( 'email'		, $user['email'] );	// Result should contain an email (check)
+			$my->set( 'gid'			, 18 );			  	//Make configurable
+			$my->set( 'usertype'	, 'Registered' ); 	//Make configurable
+					
+			if(!$my->save()) {
+				return false;
+			}
+			
+			//get the id of the new user
+			$id = intval($my->get('id'));
+		}
+					
 		// Get the JUser object for the user to login
-		$user =& JUser::getInstance( $user['username'] );
+		$my =& JUser::getInstance( $id );
 
 		// If the user is blocked, redirect with an error
-		if ($user->get('block') == 1) {
-			return JError::raiseWarning(
-             	'SOME_ERROR_CODE', JText::_('E_NOLOGIN_BLOCKED')
-            	);
+		if ($my->get('block') == 1) {
+			return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_NOLOGIN_BLOCKED'));
 		}
 
 		// Fudge the ACL stuff for now...
 		// TODO: Implement ACL :)
 		jimport('joomla.factory');
 		$acl = &JFactory::getACL();
-		$grp = $acl->getAroGroup($user->get('id'));
-		$row->gid = 1;
+		$grp = $acl->getAroGroup($my->get('id'));
+		$my->set('gid', 1);
 
 		// ToDO: Add simple mapping based on the group table to allow positive references between content and user groups
 		if ($acl->is_group_child_of($grp->name, 'Registered', 'ARO') || $acl->is_group_child_of($grp->name, 'Public Backend', 'ARO')) {
 				// fudge Authors, Editors, Publishers and Super Administrators into the Special Group
-				$user->set('gid', 2);
+				$my->set('gid', 2);
 		}
-		$user->set('usertype', $grp->name);
+		$my->set('usertype', $grp->name);
 
 		// Register the needed session variables
 		$session =& JFactory::getSession();
-		$session->set('session.user.id', $user->get('id'));
+		$session->set('session.user.id', $my->get('id'));
 
 		// Get the session object
 		$table = & JTable::getInstance('session');
 		$table->load( $session->getId() );
 
 		$table->guest 		= 0;
-		$table->username 	= $user->get('username');
-		$table->userid 		= intval($user->get('id'));
-		$table->usertype 	= $user->get('usertype');
-		$table->gid 			= intval($user->get('gid'));
+		$table->username 	= $my->get('username');
+		$table->userid 		= intval($my->get('id'));
+		$table->usertype 	= $my->get('usertype');
+		$table->gid 		= intval($my->get('gid'));
 
 		$table->update();
 
 		// Hit the user last visit field
-		$user->setLastVisit();
+		$my->setLastVisit();
 
 		// Set remember me option
 		if ($remember == 'yes')
 		{
 			$lifetime = time() + 365*24*60*60;
-			setcookie( 'usercookie[username]', $user->get('username'), $lifetime, '/' );
-			setcookie( 'usercookie[password]', $user->get('password'), $lifetime, '/' );
+			setcookie( 'usercookie[username]', $my->get('username'), $lifetime, '/' );
+			setcookie( 'usercookie[password]', $my->get('password'), $lifetime, '/' );
 		}
 
 		return true;
@@ -137,7 +158,7 @@ class JUserJoomla extends JPlugin
 	 * @return boolean True on success
 	 * @since 1.5
 	 */
-	function onLogout($user)
+	function onLogoutUser($user)
 	{
 		$session =& JFactory::getSession();
 

plugins/user/joomla.xml

@@ -12,5 +12,10 @@
 	<files>
 		<filename plugin="joomla">joomla.php</filename>
 	</files>
-	<params/>
+	<params>
+		<param name="autoregister" type="radio" default="0" label="Auto Create Users" description="PARAMAUTOCREATEUSERS">
+			<option value="0">No</option>
+			<option value="1">Yes</option>
+		</param>
+	</params>
 </install>

tmp/index.html

@@ -1 +0,0 @@
-<html><body bgcolor="#FFFFFF"></body></html>