/**
* Retieves user credentials from the current request and tries to
* authenticate the user with Erfurt.
*
* @param Zend_Controller_Request_Abstract $request The current request object
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
if ($credentials = $this->_getAuthHeaderCredentials($request)) {
switch ($credentials['type']) {
case 'basic':
$erfurt = OntoWiki::getInstance()->erfurt;
$logger = OntoWiki::getInstance()->logger;
// authenticate
$authResult = $erfurt->authenticate($credentials['username'], $credentials['password']);
if ($authResult->isValid()) {
$logger = OntoWiki::getInstance()->logger;
$logger->info("User '{$credentials['username']}' authenticated via HTTP.");
} else {
// if authentication attempt fails, send appropriate headers
$front = Zend_Controller_Front::getInstance();
$response = $front->getResponse();
$response->setRawHeader('HTTP/1.1 401 Unauthorized');
echo 'HTTP/1.1 401 Unauthorized';
return;
}
break;
case 'foaf+ssl':
$adapter = new Erfurt_Auth_Adapter_FoafSsl();
$authResult = $adapter->authenticateWithCredentials($credentials['creds']);
Erfurt_App::getInstance()->getAuth()->setIdentity($authResult);
if ($authResult->isValid()) {
$logger = OntoWiki::getInstance()->logger;
$logger->info('User authenticated with FOAF+SSL via HTTPS.');
}
break;
}
}
}
public function certAction()
{
$translate = $this->_owApp->translate;
OntoWiki::getInstance()->getNavigation()->disableNavigation();
$this->_helper->viewRenderer->setScriptAction('cert1');
$this->view->placeholder('main.window.title')->set($translate->_('Create Certificate - Step 1'));
require_once 'Erfurt/Auth/Adapter/FoafSsl.php';
if (!Erfurt_Auth_Adapter_FoafSsl::canCreateCertificates()) {
$this->view->errorFlag = true;
require_once 'OntoWiki/Message.php';
$this->_owApp->appendMessage(new OntoWiki_Message($translate->_('The creation of self signed certificates is not supported.'), OntoWiki_Message::ERROR));
return;
}
$this->view->formActionUrl = $this->_config->urlBase . 'auth/cert';
$this->view->formMethod = 'post';
$this->view->formClass = 'simple-input input-justify-left';
$this->view->formName = 'createcert';
$get = $this->_request->getQuery();
$post = $this->_request->getPost();
if (empty($get) && empty($post)) {
// Initial request... check whether a valid cert is already given and show message if yes.
$info = Erfurt_Auth_Adapter_FoafSsl::getCertificateInfo();
// If $info is false, we have no cert, so we can create one.
if ($info !== false) {
if (isset($info['foafPublicKey'])) {
// We have a valid id here... we need no cert.
$this->view->errorFlag = true;
require_once 'OntoWiki/Message.php';
$this->_owApp->appendMessage(new OntoWiki_Message(sprintf($translate->_('You already have a valid identity that you can use to sign in. ' . 'Your WebID is: <b>%1$s</b>'), $info['webId']), OntoWiki_Message::INFO, array('escape' => false)));
return;
} else {
// We have a valid cert, but the foaf data does not contain the public key info... so show it.
$this->view->errorFlag = true;
$message = '<span>' . sprintf($translate->_('You already have a valid certificate, but the FOAF data behind your WebID ' . '<b>%1&s</b> does not contain the right public key infos.<br /> You should add the ' . 'following infos to your FOAF profile: <br /><br /> Modulus <pre>%2$s</pre><br /> ' . 'Exponent <pre>%3$s</pre>', $info['webId'], $info['certPublicKey']['modulus'], hexdec($info['certPublicKey']['exponent']))) . '</span>';
require_once 'OntoWiki/Message.php';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::INFO, array('escape' => false)));
return;
}
}
// If we reach this, we can show the initial step, where the user enters a webid or generates one.
$toolbar = $this->_owApp->toolbar;
$toolbar->appendButton(OntoWiki_Toolbar::SUBMIT, array('name' => $translate->_('Check WebID')));
$this->view->placeholder('main.window.toolbar')->set($toolbar);
return;
}
if (!empty($post)) {
if (isset($post['checkwebid'])) {
// Step 1: Check the WebID or create one...
$webId = $post['webid-input'];
if (trim($webId) === '') {
$this->view->name = '';
$this->view->email = '';
} else {
// Check for metadata
$foafData = Erfurt_Auth_Adapter_FoafSsl::getFoafData($webId);
if (isset($foafData[$webId]['http://xmlns.com/foaf/0.1/name'][0]['value'])) {
$this->view->name = $foafData[$webId]['http://xmlns.com/foaf/0.1/name'][0]['value'];
} else {
$this->view->name = '';
}
if (isset($foafData[$webId]['http://xmlns.com/foaf/0.1/mbox'][0]['value'])) {
$this->view->email = $foafData[$webId]['http://xmlns.com/foaf/0.1/mbox'][0]['value'];
} else {
$this->view->email = '';
}
if (isset($foafData[$webId]['http://xmlns.com/foaf/0.1/depiction'][0]['value'])) {
$this->view->depiction = $foafData[$webId]['http://xmlns.com/foaf/0.1/depiction'][0]['value'];
}
$this->view->webid = $webId;
}
// Show step 2
$this->_helper->viewRenderer->setScriptAction('cert2');
$this->view->placeholder('main.window.title')->set($translate->_('Create Certificate - Step 2'));
$toolbar = $this->_owApp->toolbar;
$toolbar->appendButton(OntoWiki_Toolbar::SUBMIT, array('name' => htmlspecialchars($translate->_('Create Certificate & Register'))));
$this->view->placeholder('main.window.toolbar')->set($toolbar);
// Message to inform the user that after cert creation he needs to reload
$message = $translate->_('Please note that you need to return to the start page after certificate creation.');
require_once 'OntoWiki/Message.php';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::INFO));
return;
}
if (isset($post['createcert'])) {
// Step2: Create the cert...
$name = $post['name-input'];
if (trim($name) === '') {
// We need a name!
$this->view->errorFlag = true;
require_once 'OntoWiki/Message.php';
$this->_owApp->appendMessage(new OntoWiki_Message($translate->_('The name field must not be empty.'), OntoWiki_Message::ERROR));
return;
}
if (isset($post['webid-input'])) {
// WebId given
$webId = $post['webid-input'];
} else {
// Autogenerate WebId
$webId = $this->_generateWebId(str_replace(' ', '', $name));
}
$email = trim($post['email-input']);
if ($email !== '' && substr($email, 0, 7) !== 'mailto:') {
$email = 'mailto:' . $email;
}
$cert = Erfurt_Auth_Adapter_FoafSsl::createCertificate($webId, $name, $email, $post['pubkey']);
// Add the user...
$auth = new Erfurt_Auth_Adapter_FoafSsl();
$success = $auth->addUser($webId);
if ($success !== false) {
$store = Erfurt_App::getInstance()->getStore();
$bnodePrefix = '_:' . md5($webId);
$nodeA = $bnodePrefix . '_1';
$nodeB = $bnodePrefix . '_2';
$nodeC = $bnodePrefix . '_3';
$stmtArray = array($nodeA => array(EF_RDF_TYPE => array(array('type' => 'uri', 'value' => 'http://www.w3.org/ns/auth/rsa#RSAPublicKey')), 'http://www.w3.org/ns/auth/cert#identity' => array(array('type' => 'uri', 'value' => $webId)), 'http://www.w3.org/ns/auth/rsa#public_exponent' => array(array('type' => 'bnode', 'value' => $nodeB)), 'http://www.w3.org/ns/auth/rsa#modulus' => array(array('type' => 'bnode', 'value' => $nodeC))), $nodeB => array('http://www.w3.org/ns/auth/cert#decimal' => array(array('type' => 'literal', 'value' => $cert['exponent']))), $nodeC => array('http://www.w3.org/ns/auth/cert#hex' => array(array('type' => 'literal', 'value' => $cert['modulus']))));
$store->addMultipleStatements('http://localhost/OntoWiki/Config/', $stmtArray, false);
}
header("Content-Type: application/x-x509-user-cert");
echo $cert['certData'];
return;
}
}
$config = $this->_config;
$this->view->formActionUrl = $this->_config->urlBase . 'auth/cert';
$this->view->formMethod = 'post';
$this->view->formClass = 'simple-input input-justify-left';
$this->view->formName = 'createcert';
$this->view->username = '';
$this->view->readonly = '';
$this->view->email = '';
$toolbar = $this->_owApp->toolbar;
$toolbar->appendButton(OntoWiki_Toolbar::SUBMIT, array('name' => $translate->_('Create Certificate')))->appendButton(OntoWiki_Toolbar::RESET, array('name' => $translate->_('Reset Form')));
$this->view->placeholder('main.window.toolbar')->set($toolbar);
}
public function webidregAction()
{
OntoWiki::getInstance()->getNavigation()->disableNavigation();
// We render a template, that is also used for preferences.
$this->_helper->viewRenderer->setScriptAction('webid');
$this->view->placeholder('main.window.title')->set('Register User with FOAF+SSL');
$this->view->formActionUrl = $this->_config->urlBase . 'application/webidreg';
$this->view->formMethod = 'post';
$this->view->formClass = 'simple-input input-justify-left';
$this->view->formName = 'registeruser';
// Fetch POST and GET of the request. One of them or both will be empty.
$post = $this->_request->getPost();
$get = $this->_request->getQuery();
// Step 1: Fetch the WebID...
if (empty($post) && empty($get)) {
$redirectUrl = $this->_config->urlBase . 'application/webidreg';
$adapter = new Erfurt_Auth_Adapter_FoafSsl(null, $redirectUrl);
$webId = $adapter->fetchWebId();
// We should not reach this point;
return;
} else {
if (!empty($get)) {
// Step 2: Check the web id and fetch foaf data
$get['url'] = $this->_request->getRequestUri();
$adapter = new Erfurt_Auth_Adapter_FoafSsl();
try {
$valid = $adapter->verifyIdpResult($get);
if ($valid) {
$webId = $get['webid'];
$foafData = Erfurt_Auth_Adapter_FoafSsl::getFoafData($webId);
if ($foafData !== false) {
// Try to get a mbox and label...
if (isset($foafData[$webId]['http://xmlns.com/foaf/0.1/mbox'])) {
$email = $foafData[$webId]['http://xmlns.com/foaf/0.1/mbox'][0]['value'];
} else {
$email = '';
}
if (isset($foafData[$webId][EF_RDFS_LABEL])) {
$label = $foafData[$webId][EF_RDFS_LABEL][0]['value'];
} else {
$label = '';
}
} else {
$email = '';
$label = '';
}
$this->view->webid = $webId;
if ($webId != '') {
$this->view->checked = true;
}
if (null !== $email) {
$this->view->email = $email;
} else {
$this->view->email = '';
}
if (null !== $label) {
$this->view->label = $label;
} else {
$this->view->label = '';
}
$toolbar = $this->_owApp->toolbar;
$toolbar->appendButton(OntoWiki_Toolbar::SUBMIT, array('name' => 'Register'));
$this->view->placeholder('main.window.toolbar')->set($toolbar);
return;
} else {
// TODO Error message
$this->view->webid = '';
$this->view->email = '';
$this->view->label = '';
$this->_owApp->appendMessage(new OntoWiki_Message('No valid certificate found.', OntoWiki_Message::ERROR));
return;
}
} catch (Exception $e) {
$this->view->webid = '';
$this->view->email = '';
$this->view->label = '';
$this->_owApp->appendMessage(new OntoWiki_Message('Something went wrong: ' . $e->getMessage(), OntoWiki_Message::ERROR));
return;
}
} else {
if (!empty($post)) {
$webId = $post['webid_url'];
$label = $post['label'];
$email = $post['email'];
$emailValidator = new Zend_Validate_EmailAddress();
// Is register action allowed for current user?
if (!$this->_erfurt->isActionAllowed('RegisterNewUser') || !($actionConfig = $this->_erfurt->getActionConfig('RegisterNewUser'))) {
$message = 'Action not permitted for the current user.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::ERROR));
} else {
if (empty($webId)) {
// openid_url field must not be empty
$message = 'No WebID was entered.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::ERROR));
} else {
if (array_key_exists($webId, $this->_erfurt->getUsers())) {
// Does user already exist?
$message = 'A user with the given WebID is already registered.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::ERROR));
} else {
if (!empty($email) && isset($actionConfig['mailvalidation']) && $actionConfig['mailvalidation'] === 'yes' && !$emailValidator->isValid($email)) {
// If an (optional) email address is given, check whether it is valid.
$message = 'Email address validation failed.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::ERROR));
} else {
// Everything seems to be OK...
$actionConfig = $this->_erfurt->getActionConfig('RegisterNewUser');
$group = null;
if (isset($actionConfig['defaultGroup'])) {
$group = $actionConfig['defaultGroup'];
}
// Add the new user.
if ($this->_erfurt->addOpenIdUser($webId, $email, $label, $group)) {
$message = 'The user with the WebID "' . $webId . '" has been successfully registered.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::SUCCESS));
} else {
$message = 'A registration error occured. Please refer to the log entries.';
$this->_owApp->appendMessage(new OntoWiki_Message($message, OntoWiki_Message::ERROR));
}
}
}
}
}
// If we reach this section, something went wrong, so we reset the form and show the message.
$this->view->webid = '';
$this->view->email = '';
$this->view->label = '';
}
}
}
}