PageRenderTime 48ms CodeModel.GetById 17ms RepoModel.GetById 1ms app.codeStats 0ms

/provider/index.php

https://gitlab.com/cel/nameid
PHP | 408 lines | 291 code | 60 blank | 57 comment | 20 complexity | de7da0f2b8cf8a69db680640e3fa4185 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.     NameID, a namecoin based OpenID identity provider.
    4. 

  4.     Copyright (C) 2013-2016 by Daniel Kraft <d@domob.eu>
    5. 

    6. 

  6.     This program is free software: you can redistribute it and/or modify
    7. 

  7.     it under the terms of the GNU Affero General Public License as published by
    8. 

  8.     the Free Software Foundation, either version 3 of the License, or
    9. 

  9.     (at your option) any later version.
    10. 

    11. 

  11.     This program is distributed in the hope that it will be useful,
    12. 

  12.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.     GNU Affero General Public License for more details.
    15. 

    16. 

  16.     You should have received a copy of the GNU Affero General Public License
    17. 

  17.     along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. */
    19. 

  19. 

  20. /* Main page.  */
    21. 

  21. 

  22. require_once ("lib/config.inc.php");
    23. 

  23. 

  24. require_once ("lib/html.inc.php");
    25. 

  25. require_once ("lib/messages.inc.php");
    26. 

  26. require_once ("lib/openid.inc.php");
    27. 

  27. require_once ("lib/request.inc.php");
    28. 

  28. require_once ("lib/session.inc.php");
    29. 

  29. 

  30. require_once ("libauth/authenticator.inc.php");
    31. 

  31. require_once ("libauth/namecoin_rpc.inc.php");
    32. 

  32. require_once ("libauth/namecoin_interface.inc.php");
    33. 

  33. 

  34. require_once ("Auth/OpenID/Discover.php");
    35. 

  35. 

  36. $status = "unknown";
    37. 

  37. 

  38. // Disable caching.
    39. 

  39. header("Cache-Control: no-cache");
    40. 

  40. header("Pragma: no-cache");
    41. 

  41. 

  42. // Construct the basic worker classes.
    43. 

  43. $session = new Session ($sessionName);
    44. 

  44. $rpc = new HttpNamecoin ($rpcHost, $rpcPort, $rpcUser, $rpcPassword);
    45. 

  45. $nc = new NamecoinInterface ($rpc, $namePrefix);
    46. 

  46. $req = new RequestHandler ();
    47. 

  47. $openid = new OpenID ($session, $nc);
    48. 

  48. $html = new HtmlOutput ();
    49. 

  49. $msg = new MessageList ($html);
    50. 

  50. 

  51. /**
    52. 

  52.  * Try handling an XRDS request.
    53. 

  53.  */
    54. 

  54. function tryXRDS ()
    55. 

  55. {
    56. 

  56.   global $req;
    57. 

  57.   global $status;
    58. 

  58.   global $serverUri;
    59. 

  59. 

  60.   if ($status === "unknown" && $req->check ("xrds"))
    61. 

  61.     {
    62. 

  62.       $xrds = $req->getString ("xrds");
    63. 

  63.       switch ($xrds)
    64. 

  64.         {
    65. 

  65.         case "general":
    66. 

  66.           header ("Content-Type: application/xrds+xml");
    67. 

  67.           echo "<?xml version='1.0' encoding='utf-8' ?>\n";
    68. 

  68. ?>
    69. 

  69. <xrds:XRDS
    70. 

  70.     xmlns:xrds="xri://$xrds"
    71. 

  71.     xmlns="xri://$xrd*($v*2.0)">
    72. 

  72.   <XRD>
    73. 

  73.     <Service priority="0">
    74. 

  74.       <Type><?php echo Auth_OpenID_TYPE_2_0_IDP; ?></Type>
    75. 

  75.       <URI><?php echo "$serverUri?view=openid"; ?></URI>
    76. 

  76.     </Service>
    77. 

  77.   </XRD>
    78. 

  78. </xrds:XRDS>
    79. 

  79. <?php
    80. 

  80.           $status = "xrds";
    81. 

  81.           break;
    82. 

  82. 

  83.         case "identity":
    84. 

  84.           header ("Content-Type: application/xrds+xml");
    85. 

  85.           echo "<?xml version='1.0' encoding='utf-8' ?>\n";
    86. 

  86. ?>
    87. 

  87. <xrds:XRDS
    88. 

  88.     xmlns:xrds="xri://$xrds"
    89. 

  89.     xmlns="xri://$xrd*($v*2.0)">
    90. 

  90.   <XRD>
    91. 

  91.     <Service priority="0">
    92. 

  92.       <Type><?php echo Auth_OpenID_TYPE_2_0; ?></Type>
    93. 

  93.       <Type><?php echo Auth_OpenID_TYPE_1_1; ?></Type>
    94. 

  94.       <URI><?php echo "$serverUri?view=openid"; ?></URI>
    95. 

  95.     </Service>
    96. 

  96.   </XRD>
    97. 

  97. </xrds:XRDS>
    98. 

  98. <?php
    99. 

  99.           $status = "xrds";
    100. 

  100.           break;
    101. 

  101.         }
    102. 

  102.     }
    103. 

  103. }
    104. 

  104. 

  105. /**
    106. 

  106.  * Try to get the data for an identity page and update the
    107. 

  107.  * global state accordingly.
    108. 

  108.  */
    109. 

  109. function tryIdentityPage ()
    110. 

  110. {
    111. 

  111.   global $req, $nc;
    112. 

  112.   global $status, $identityName, $identityPage;
    113. 

  113.   global $serverUri;
    114. 

  114. 

  115.   if ($status === "unknown" && $req->check ("name"))
    116. 

  116.     {
    117. 

  117.       $name = $req->getString ("name");
    118. 

  118.       $identityName = $name;
    119. 

  119.       try
    120. 

  120.         {
    121. 

  121.           $identityPage = $nc->getIdValue ($name);
    122. 

  122. 

  123.           /* Also send XRDS location for the user identity page.  */
    124. 

  124.           $xrds = "$serverUri?xrds=identity&name=" . urlencode ($identityName);
    125. 

  125.           header ("X-XRDS-Location: $xrds");
    126. 

  126. 

  127.           $status = "identityPage";
    128. 

  128.         }
    129. 

  129.       catch (NameNotFoundException $exc)
    130. 

  130.         {
    131. 

  131.           $status = "identityNotFound";
    132. 

  132.         }
    133. 

  133.     }
    134. 

  134. }
    135. 

  135. 

  136. /**
    137. 

  137.  * Try to perform a user requested action and update the global
    138. 

  138.  * state accordingly.
    139. 

  139.  */
    140. 

  140. function tryAction ()
    141. 

  141. {
    142. 

  142.   global $req, $session, $msg, $nc, $openid;
    143. 

  143.   global $status;
    144. 

  144.   global $serverUri;
    145. 

  145. 

  146.   if ($status === "unknown" && $req->check ("action"))
    147. 

  147.     {
    148. 

  148.       $action = $req->getString ("action");
    149. 

  149.       switch ($action)
    150. 

  150.         {
    151. 

  151.         case "login":
    152. 

  152.           if ($req->getSubmitButton ("cancel"))
    153. 

  153.             $openid->cancel ();
    154. 

  154.           assert ($req->getSubmitButton ("login"));
    155. 

  155. 

  156.           $identity = $req->getString ("identity");
    157. 

  157.           $signature = $req->getString ("signature");
    158. 

  158. 

  159.           $version = $req->getInteger ("version");
    160. 

  160.           if ($version !== 1)
    161. 

  161.             throw new RuntimeException ("Unsupported signature"
    162. 

  162.                                         ." version: $version");
    163. 

  163. 

  164.           /* Redirect to loginForm in case an exception is thrown
    165. 

  165.              below (i. e., authentication fails).  */
    166. 

  166.           $status = "loginForm";
    167. 

  167. 

  168.           $auth = new Authenticator ($nc, $serverUri);
    169. 

  169.           try
    170. 

  170.             {
    171. 

  171.               $res = $auth->login ($identity, $signature,
    172. 

  172.                                    $session->getNonce ());
    173. 

  173.               assert ($res === TRUE);
    174. 

  174.               $session->setUser ($identity);
    175. 

  175.             }
    176. 

  176.           catch (LoginFailure $err)
    177. 

  177.             {
    178. 

  178.               throw new UIError ($err->getMessage ());
    179. 

  179.             }
    180. 

  180. 

  181.           /* No exception thrown means success.  */
    182. 

  182.           $msg->addMessage ("You have logged in successfully.");
    183. 

  183.           $status = "loggedIn";
    184. 

  184.           break;
    185. 

  185. 

  186.         case "logout":
    187. 

  187.           $session->setUser (NULL);
    188. 

  188.           $msg->addMessage ("You have been logged out successfully.");
    189. 

  189.           $status = "loginForm";
    190. 

  190.           break;
    191. 

  191. 

  192.         case "trust":
    193. 

  193.           if ($req->getSubmitButton ("notrust"))
    194. 

  194.             $openid->cancel ();
    195. 

  195.           assert ($req->getSubmitButton ("trust"));
    196. 

  196.           $openid->authenticate ();
    197. 

  197.           break;
    198. 

  198. 

  199.         default:
    200. 

  200.           // Ignore unknown action request.
    201. 

  201.           break;
    202. 

  202.         }
    203. 

  203.     }
    204. 

  204. }
    205. 

  205. 

  206. /**
    207. 

  207.  * Try to interpret a requested view.
    208. 

  208.  */
    209. 

  209. function tryView ()
    210. 

  210. {
    211. 

  211.   global $req, $session, $openid;
    212. 

  212.   global $status;
    213. 

  213. 

  214.   if ($status === "unknown" && $req->check ("view"))
    215. 

  215.     {
    216. 

  216.       $view = $req->getString ("view");
    217. 

  217.       switch ($view)
    218. 

  218.         {
    219. 

  219.         case "openid":
    220. 

  220.           /* Start the OpenID authentication process.  */
    221. 

  221. 

  222.           /* Handle OpenID request if there is one.  This stores it
    223. 

  223.              in the session.  */
    224. 

  224.           $openid->decodeRequest ();
    225. 

  225.           /* Fall through, since we want to login now.  */
    226. 

  226. 

  227.         case "login":
    228. 

  228.           $userLoggedIn = $session->getUser ();
    229. 

  229.           if ($userLoggedIn === NULL)
    230. 

  230.             $status = "loginForm";
    231. 

  231.           else
    232. 

  232.             $status = "loggedIn";
    233. 

  233.           break;
    234. 

  234. 

  235.         case "addon":
    236. 

  236.         case "contact":
    237. 

  237.         case "faq":
    238. 

  238.           $status = $view;
    239. 

  239.           break;
    240. 

  240. 

  241.         default:
    242. 

  242.           // Just leave status as unknown.
    243. 

  243.           break;
    244. 

  244.         }
    245. 

  245.     }
    246. 

  246. }
    247. 

  247. 

  248. /**
    249. 

  249.  * Perform all page actions, possibly throwing a UIError.
    250. 

  250.  */
    251. 

  251. function performActions ()
    252. 

  252. {
    253. 

  253.   global $session;
    254. 

  254.   global $status;
    255. 

  255.   global $serverUri;
    256. 

  256. 

  257.   tryXRDS ();
    258. 

  258.   tryIdentityPage ();
    259. 

  259.   tryAction ();
    260. 

  260.   tryView ();
    261. 

  261. 

  262.   /* If nothing matched, show the default page and send XRDS header.  */
    263. 

  263.   if ($status === "unknown")
    264. 

  264.     {
    265. 

  265.       header ("X-XRDS-Location: $serverUri?xrds=general");
    266. 

  266.       $status = "default";
    267. 

  267.     }
    268. 

  268. }
    269. 

  269. 

  270. // Now perform the action and catch errors.
    271. 

  271. $msg->runWithErrors ("performActions");
    272. 

  272. 

  273. // Set some global values for the pages.
    274. 

  274. switch ($status)
    275. 

  275.   {
    276. 

  276.   case "loginForm":
    277. 

  277.     $loginNonce = $session->generateNonce ($nonceBytes);
    278. 

  278.     break;
    279. 

  279. 

  280.   case "loggedIn":
    281. 

  281.     $loggedInUser = $session->getUser ();
    282. 

  282. 

  283.     /* If we have a pending request, redirect to trust page.  */
    284. 

  284.     $openidReq = $session->getRequestInfo ();
    285. 

  285.     if ($openidReq)
    286. 

  286.       {
    287. 

  287.         $status = "confirmTrust";
    288. 

  288.         $trustRoot = $openidReq->trust_root;
    289. 

  289.       }
    290. 

  290. 

  291.     break;
    292. 

  292. 

  293.   default:
    294. 

  294.     // Nothing to be done any more.
    295. 

  295.     break;
    296. 

  296.   }
    297. 

  297. 

  298. // Clean up.  msg and html have to be kept for later.
    299. 

  299. $req->close ();
    300. 

  300. $nc->close ();
    301. 

  301. $openid->close ();
    302. 

  302. $session->close ();
    303. 

  303. 

  304. // Finish off if this request was only for an XRDS file.
    305. 

  305. if ($status === "xrds")
    306. 

  306.   {
    307. 

  307.     $html->close ();
    308. 

  308.     return;
    309. 

  309.   }
    310. 

  310. 

  311. /* ************************************************************************** */
    312. 

  312. 

  313. /* Set encoding to UTF-8.  */
    314. 

  314. header ("Content-Type: text/html; charset=utf-8");
    315. 

  315. 

  316. ?>
    317. 

  317. <!DOCTYPE html>
    318. 

  318. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    319. 

  319. <head>
    320. 

  320. 

  321. <title>NameID: Your Crypto-OpenID</title>
    322. 

  322. 

  323. <meta charset="utf-8" />
    324. 

  324. 

  325. <link rel="stylesheet" type="text/css" href="layout/main.css" />
    326. 

  326. <link rel="stylesheet" type="text/css" href="layout/bootstrap.min.css" />
    327. 

  327. 

  328. </head>
    329. 

  329. <body>
    330. 

  330. 

  331.   <div class="navbar navbar-fixed-top">
    332. 

  332.     <div class="navbar-inverse">
    333. 

  333.       <div class="navbar-inner">
    334. 

  334.         <a class="brand" href="?">NameID</a>
    335. 

  335.         <ul class="nav">
    336. 

  336. <?php
    337. 

  337. $classHome = "";
    338. 

  338. $classLogin = "";
    339. 

  339. $classAddOn = "";
    340. 

  340. $classFAQ = "";
    341. 

  341. $classContact = "";
    342. 

  342. switch ($status)
    343. 

  343.   {
    344. 

  344.   case "default":
    345. 

  345.     $classHome = "active";
    346. 

  346.     break;
    347. 

  347. 

  348.   case "loginForm":
    349. 

  349.   case "loggedIn":
    350. 

  350.     $classLogin = "active";
    351. 

  351.     break;
    352. 

  352. 

  353.   case "addon":
    354. 

  354.     $classAddOn = "active";
    355. 

  355.     break;
    356. 

  356. 

  357.   case "faq":
    358. 

  358.     $classFAQ = "active";
    359. 

  359.     break;
    360. 

  360. 

  361.   case "contact":
    362. 

  362.     $classContact = "active";
    363. 

  363.     break;
    364. 

  364. 

  365.   default:
    366. 

  366.     // Something else, ignore.
    367. 

  367.     break;
    368. 

  368.   }
    369. 

  369. ?>
    370. 

  370.           <li class="<?php echo $classHome; ?>"><a href="?">Home</a></li>
    371. 

  371.           <li class="<?php echo $classLogin; ?>">
    372. 

  372.             <a href="?view=login">Your ID</a>
    373. 

  373.           </li>
    374. 

  374.           <li class="<?php echo $classAddOn; ?>">
    375. 

  375.             <a href="?view=addon">Add-On</a>
    376. 

  376.           </li>
    377. 

  377.           <li class="<?php echo $classFAQ; ?>"><a href="?view=faq">FAQs</a></li>
    378. 

  378.           <li class="<?php echo $classContact; ?>">
    379. 

  379.             <a href="?view=contact">Contact</a>
    380. 

  380.           </li>
    381. 

  381.         </ul>
    382. 

  382.       </div>
    383. 

  383.     </div>
    384. 

  384.   </div>
    385. 

  385. 

  386.   <div class="container">
    387. 

  387. <?php
    388. 

  388. $fromIndex = "yes";
    389. 

  389. include ("pages/$status.php");
    390. 

  390. ?>
    391. 

  391.   </div>
    392. 

  392. 

  393.   <hr />
    394. 

  394. 

  395.   <p class="text-center">Copyright &copy; 2013&ndash;2016
    396. 

  396. by <a href="http://www.domob.eu/">Daniel Kraft</a>.
    397. 

  397. <b>NameID</b> is free software under the terms of the
    398. 

  398. <a href="https://www.gnu.org/licenses/agpl-3.0.html">AGPL v3</a>,
    399. 

  399. check out the <a href="https://gitlab.com/nameid/nameid">source code</a>!</p>
    400. 

  400. 

  401.   <p class="text-center">BTC: 1<b>Nameid</b>3brhZrbTN1M7t6afMAfVBiGioJT
    402. 

  402. | NMC: <b>NAmeid</b>5L2ZcaQFszYwk4sa929zbQymaaWa</p>
    403. 

  403. 

  404. </body>
    405. 

  405. </html>
    406. 

  406. <?php
    407. 

  407. $html->close ();
    408. 

  408. ?>
    409. 

  409.