<?php
/**
 * OpenID login plugin
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Andreas Gohr <andi@splitbrain.org>
 */

// must be run within Dokuwiki
if(!defined('DOKU_INC')) die();

if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
require_once(DOKU_PLUGIN.'action.php');
require_once(DOKU_PLUGIN.'openid/openid.php');

class action_plugin_openid extends DokuWiki_Action_Plugin {

    /**
     * return some info
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function getInfo(){
        return array(
            'author' => 'Andreas Gohr',
            'email'  => 'andi@splitbrain.org',
            'date'   => '2008-06-26',
            'name'   => 'OpenID Plugin',
            'desc'   => 'Use OpenID to log into the Wiki without creating an account',
            'url'    => 'http://wiki:splitbrain.org/plugin:openid',
        );
    }

    /**
     * register the eventhandlers
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function register(&$controller){
        $controller->register_hook('HTML_LOGINFORM_OUTPUT',
                                   'BEFORE',
                                   $this,
                                   'handle_loginform_injection',
                                   array());
        $controller->register_hook('ACTION_ACT_PREPROCESS',
                                   'BEFORE',
                                   $this,
                                   'handle_act_preprocess',
                                   array());
        $controller->register_hook('TPL_ACT_UNKNOWN',
                                   'BEFORE',
                                   $this,
                                   'handle_act_unknown',
                                   array());
    }

    /**
     * Returns the Consumer URL
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function _self($do){
        global $ID;
        return wl($ID,'do='.$do,true,'&');
    }

    /**
     * Handles the openid action and tries to do an autologin
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function handle_act_preprocess(&$event, $param){
        // handle the openid login action
        if($event->data == 'openid'){
            $event->stopPropagation();
            $event->preventDefault();

            if($_REQUEST['openid_url']){
                // login form was just submitted
                $oid = new OpenIDConsumer($this->_self('openid'),$_REQUEST['openid_url']);
                if($oid->findIdentity()){
                    $oid->checkid_setup(); // script ends here with redirect
                }else{
                    msg($oid->error,-1);
                    return; // fall through to login form
                }
            }
        }

        // check if we just returned from the OpenID provider
        // if yes, verify the received data
        // if no, check if we should do an auto login

        if($_GET['openid_mode'] == 'cancel'){
            // User cancelled the authentication
            msg('Authentication canceled',0);
            return; // fall through to what ever action was called
        }elseif($_GET['openid_mode'] == 'id_res'){
            // The OpenID provider confirmed the ID, verify the answer
            $oid = new OpenIDConsumer($this->_self($event->data),$_GET['openid_identity']);
            if($oid->findIdentity()){
                if($oid->check_authentication()){
                    // verification success -> login
                    $this->_loginOIDuser();
                    if($event->data = 'openid'){
                        $event->_default = true; //use default checking for show
                        $event->data = 'show'; // leave login form
                    }
                }else{
                    // Step 3: failed
                    msg($oid->error,-1);
                    return; // fall through to what ever action was called
                }
            }else{
                msg($oid->error,-1);
                return; // fall through to what ever action was called
            }
        }elseif(!$_SERVER['REMOTE_USER'] && $event->data != 'logout'){
            // Should we autologin?
            $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
            list($user,$sticky,$pass) = split('\|',$cookie,3);
            if($sticky && strpos($user,'http://') === 0){
#dbg($user);
                // sticky and URL as username, okay let's do it
                $oid = new OpenIDConsumer($this->_self($event->data),$user);
                if($oid->findIdentity()){
                    $oid->checkid_setup(); // script ends here with redirect
                }
                // errors are silently ignored
            }
        }
        return; // fall through to what ever action was called
    }

    /**
     * Create the OpenID login form
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function handle_act_unknown(&$event, $param){
        if($event->data != 'openid') return; // nothing to do for us

        // we can handle it -> prevent others
        $event->stopPropagation();
        $event->preventDefault();

        // display the login form
        global $lang;
        echo $this->plugin_locale_xhtml('intro');
        ?>
        <div class="centeralign">
        <form action="<?php echo script()?>" accept-charset="<?php echo $lang['encoding']?>"
            method="post" id="openid__login">
        <fieldset>
            <legend><?php echo $this->getLang('loginlabel')?></legend>
            <input type="hidden" name="id" value="<?php echo $ID?>" />
            <input type="hidden" name="do" value="openid" />
            <label class="block">
                <span><?php echo $this->getLang('identifier')?></span>
                <input type="text" name="openid_url" id="openid__url"
                    value="<?php echo formText($_REQUEST['openid_url'])?>"
                    class="edit" id="focus__this" />
            </label><br />
            <input type="submit" value="<?php echo $lang['btn_login']?>" class="button" />
        </fieldset>
        </form>
        </div>
        <?php
    }

    /**
     * Insert link to OpenID into usual login form
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function handle_loginform_injection(&$event, $param){
        $msg = $this->getLang('loginlink');
        $msg = sprintf("<p>$msg</p>",$this->_self('openid'));
        $pos = $event->data->findElementByAttribute('type','submit');
        $event->data->insertElement($pos+2,$msg);
    }

    /**
     * Gets called when a OpenID login was succesful
     *
     * We store available userinfo in Session and Cookie
     *
     * @author Andreas Gohr <andi@splitbrain.org>
     */
    function _loginOIDuser(){
        global $conf;
        global $USERINFO;
        global $INFO;


        $user = $_GET['openid'];
        $pass = md5(uniqid(rand(), true)); //pseudo pass

        $_SERVER['REMOTE_USER'] = $user;
        $USERINFO['pass'] = $pass;
        $USERINFO['name'] = $_GET['openid_sreg_fullname'];
        if(!$USERINFO['name']) $USERINFO['name'] = $_GET['openid_sreg_nickname'];
        if(!$USERINFO['name']) $USERINFO['name'] = preg_replace('!^https?://!','',$user);
        $USERINFO['name'] .= ' (OpenID)';
        $USERINFO['mail'] = $_GET['openid_sreg_email'];
        $USERINFO['grps'] = array($conf['defaultgroup'],'openid');

        // set cookie
        $sticky = true;
        $cookie = base64_encode("$user|$sticky|openid");
        if($sticky) $time = time()+60*60*24*365; //one year
        setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL);

        // set session after reopening it
        session_start();
        $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
        $_SESSION[DOKU_COOKIE]['auth']['pass'] = 'openid';
        $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
        $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
        session_write_close();

        // auth data has changed, reinit the $INFO array
        $INFO = pageinfo();
    }
}