1<?php
2/**
3 * Federated Login for DokuWiki - complete sign-in process class
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @link       http://www.dokuwiki.org/plugin:fedauth
7 * @author     Aoi Karasu <aoikarasu@gmail.com>
8 */
9
10/**
11 * Class responsible for completing the successful sign-in process using selected authentication service.
12 *
13 * @author     Aoi Karasu <aoikarasu@gmail.com>
14 */
15class fa_signedin extends fa_login {
16
17    /**
18     * Creates the class instance bound to a plugin instance and an authentication provider.
19     *
20     * @param objref $manager object reference to the admin plugin
21     * @param string $cmd name of the command to handle
22     * @param string $provid (optional) an authentication provider id
23     */
24    function __construct(&$manager, $cmd, $provid='') {
25        parent::__construct(&$manager, $cmd, $provid);
26    }
27
28    function process_signedin() {
29        global $ID;
30
31        $svc =& $this->getService(null); // parameter not required at this time
32        $result = $svc->response(wl($ID, 'do=fedauth', true, '&'));
33        if ($result == -1) {
34            return $this->error('authfailed');
35        }
36        else if ($result == -2) {
37            return $this->error('identitymissing');
38        }
39
40        $svcdata = (empty($_REQUEST['svcdata'])) ? '' : urldecode(base64_decode($_REQUEST['svcdata']));
41        return $this->_process_claimed_identity($result, $svcdata);
42    }
43
44    function _process_claimed_identity($claimedId, $svcdata) {
45        $store =& $this->getUserStore();
46        $uname = $store->getUsernameByIdentity($this->provid, $claimedId);
47        $pname = @$this->manager->providers->get($this->provid)->getName();
48
49        if (empty($_SERVER['REMOTE_USER'])) {
50            // not logged in; login or create
51            if ($uname === false) {
52                // claimed id not associated with local account
53                if (actionOK('register')) {
54                    // redirect to create new account
55                    $this->_storeTempAuth($claimedId, $svcdata, $pname);
56                    $_REQUEST['mode'] = 'register';
57                }
58                else {
59                    // inform that registration is disabled
60                    $this->msg($this->error('regdisabled', array('@PROVID@' => $pname)));
61                }
62            }
63            else {
64                // claimed id associated, login the user
65                $this->manager->cookie->set($uname, $this->provid, $svcdata, false /*$sticky*/);
66                $store->refreshUserDataEntry($claimedId);
67            }
68        }
69        else {
70            if ($uname !== false) {
71                // claimed id already assigned to user account, return error
72                $this->msg($this->error('alreadyassigned', array('@PROVID@' => $pname)));
73            }
74            else {
75                // add claimed id to user's identities store
76                $store->addUserDataEntry($this->provid, $claimedId);
77                $this->msg($this->success('loginadded', array('@PROVID@' => $pname)));
78            }
79        }
80
81        $this->success = true;
82        // redirect and exit process
83        send_redirect($this->restoreLocation());
84    }
85
86    /**
87     * Stores temporary login data until users creates local account.
88     */
89    function _storeTempAuth($claimedId, $svcdata, $pname) {
90        $_SESSION[DOKU_COOKIE]['fedauth']['tmpr'] = array(
91            'prid' => $this->provid,
92            'prnm' => $pname,
93            'ident' => $claimedId,
94            'svcd'  => $svcdata,
95            'email' => $_REQUEST['openid_sreg_email'],
96            'fullname' => $_REQUEST['openid_sreg_fullname'],
97            'nickname' => $_REQUEST['openid_sreg_nickname']
98        );
99    }
100
101} /* fa_signedin */
102
103/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
104