Item14248: Simplified openid templates. Also corrected a protocol err…

…or (requesting scopes that aren't supported)
foswiki · Dec 9, 2016 · fa59d14 · fa59d14
1 parent fae3d52
commit fa59d14
Show file tree

Hide file tree

Showing 7 changed files with 117 additions and 38 deletions.
diff --git a/lib/Foswiki/Contrib/OpenIDLoginContrib/MANIFEST b/lib/Foswiki/Contrib/OpenIDLoginContrib/MANIFEST
@@ -6,6 +6,9 @@ pub/System/OpenIDLoginContrib/google_g_logo.png 0644
 pub/System/OpenIDLoginContrib/windows_logo.png 0644
 pub/System/OpenIDLoginContrib/patternskin_openid_login_screenshot.png 0644
 templates/openidlogin.pattern.tmpl 0644
+templates/openidlogin.nat.tmpl 0644
+templates/openidlogin.tmpl 0644
+templates/openidloginbase.tmpl 0644
 data/System/OpenIDLoginContrib.txt 0644 Documentation page
 lib/Foswiki/Contrib/OpenIDLoginContrib.pm  Perl module 
 lib/Foswiki/Contrib/OpenIDLoginContrib/Config.spec 0444 Configuration

diff --git a/lib/Foswiki/Contrib/OpenIDLoginContrib/OpenIDConnect.pm b/lib/Foswiki/Contrib/OpenIDLoginContrib/OpenIDConnect.pm
@@ -6,7 +6,7 @@ use JSON;
 
 package Foswiki::Contrib::OpenIDLoginContrib::OpenIDConnect;
 use Exporter 'import';
-@EXPORT_OK = qw(endpoint_discovery get_auth_endpoint get_token_endpoint exchange_code_for_id_token random_bytes);
+@EXPORT_OK = qw(endpoint_discovery get_auth_endpoint get_token_endpoint get_supported_scopes exchange_code_for_id_token random_bytes);
 
 sub endpoint_discovery {
     my $discovery_uri = shift;
@@ -26,6 +26,11 @@ sub get_token_endpoint {
     return $endpoints->{'token_endpoint'};
 }
 
+sub get_supported_scopes {
+    my $endpoints = shift;
+    return $endpoints->{'scopes_supported'};
+}   
+
 sub retrieve_public_keys {
     my $discovery = shift;
     my $keydiscovery = $discovery->{'jwks_uri'};

diff --git a/lib/Foswiki/LoginManager/OpenIDConnectLogin.pm b/lib/Foswiki/LoginManager/OpenIDConnectLogin.pm
@@ -32,7 +32,7 @@ use Foswiki::Sandbox ();
 use LWP::UserAgent;
 use JSON;
 
-use Foswiki::Contrib::OpenIDLoginContrib::OpenIDConnect qw(endpoint_discovery get_auth_endpoint exchange_code_for_id_token random_bytes);
+use Foswiki::Contrib::OpenIDLoginContrib::OpenIDConnect qw(endpoint_discovery get_auth_endpoint get_supported_scopes exchange_code_for_id_token random_bytes);
 
 @Foswiki::LoginManager::OpenIDConnectLogin::ISA = qw( Foswiki::LoginManager::TemplateLogin );
 
@@ -67,7 +67,7 @@ sub loadProviderData {
     $this->{endpoints} = endpoint_discovery($discovery_uri);
     $this->{client_id} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'ClientID'};
     $this->{client_secret} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'ClientSecret'};
-    $this->{issuer} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'IssuerRegex'} || $this->{endpoints}->{'issuer'};
+    $this->{issuer} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'IssuerRegex'};
     $this->{redirect_uri} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'RedirectURL'};
     $this->{loginname_attr} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'LoginnameAttribute'};
     $this->{wikiname_attrs} = $Foswiki::cfg{'Extensions'}{'OpenID'}{$provider}{'WikiNameAttributes'};   
@@ -120,10 +120,15 @@ sub build_auth_request {
     my $origin = shift;
 
     my $endpoint = get_auth_endpoint($this->{endpoints});
+    my %supported_scopes = map { $_ => 1 } @{get_supported_scopes($this->{endpoints}) };
+    my $scopes = "openid";
+    $scopes .= " email" if exists($supported_scopes{"email"});
+    $scopes .= " profile" if exists($supported_scopes{"profile"});
+
     my $params = {
 	client_id => $this->{client_id},
 	response_type => "code",
-	scope => "openid email profile",
+	scope => $scopes,
 	redirect_uri => $this->{redirect_uri},
 	state => $this->serializedState($origin)
     };
@@ -149,10 +154,17 @@ sub registerUser {
     my $session = shift;
     my $id_token = shift;
 
-    my $loginname = $this->extractLoginname($id_token);
+    my $loginname = undef;
     # TODO : This is way too simple. Fix it (duplicates, special characters etc)
     my $wikiname = $this->buildWikiName($id_token);
 
+    if ($Foswiki::cfg{Register}{AllowLoginName}) {
+	$loginname = $this->extractLoginname($id_token);
+    }
+    else {
+	$loginname = $wikiname;
+    }
+
     # Now we try to find/create a permanent mapping between loginname and username
     my $cuid = $session->{users}->getCanonicalUserID($loginname);
     if (!defined($cuid)) {

diff --git a/templates/openidlogin.nat.tmpl b/templates/openidlogin.nat.tmpl
@@ -0,0 +1,16 @@
+%TMPL:INCLUDE{"page"}%<!-- template: openidlogin.nat.tmpl -->
+%TMPL:INCLUDE{"openidloginbase.tmpl"}%
+%TMPL:INCLUDE{"login"}%
+
+%TMPL:DEF{"LOG_IN_BANNER"}%%MAKETEXT{"Welcome, please login"}%.%TMPL:END%
+
+%TMPL:DEF{"message"}%<!-- -->
+<div class="foswikiFormSteps">
+%NOTE%<!-- -->
+%TMPL:P{"openidstep"}%<div class="native_credentials">
+%TMPL:P{"login"}%<!-- -->
+%TMPL:P{"seealso"}%<!-- -->
+</div></div>
+%TMPL:P{"poweredby"}%<!-- -->
+%TMPL:P{"openid_javascript"}%
+<!-- -->%TMPL:END%
diff --git a/templates/openidlogin.pattern.tmpl b/templates/openidlogin.pattern.tmpl
@@ -1,42 +1,11 @@
 %TMPL:INCLUDE{"login"}%
-%TMPL:DEF{"bodyclassname"}%patternNoViewPage patternLoginPage%TMPL:END%
+%TMPL:INCLUDE{"openidloginbase.tmpl"}%
 
 %TMPL:DEF{"title"}%<h2 class="openid_accounts">%MAKETEXT{"Log on to [_1] with these accounts" args="%WIKITOOLNAME%"}%</h2><h2 class="native_credentials">%MAKETEXT{"Log on to [_1]" args="%WIKITOOLNAME%"}%</h2>%TMPL:END%
 
-%TMPL:DEF{"bottombarcontents"}%%TMPL:END%
-%TMPL:DEF{"webaction"}%%TMPL:END%
-
-%TMPL:DEF{"usernamefieldhelplink"}%%TMPL:END%
-%TMPL:DEF{"usernamefieldhelpcontents"}%%TMPL:END%
-%TMPL:DEF{"passwordnote"}%%TMPL:END%
-
-%TMPL:DEF{"rememberbox"}%<p><label class='foswikiLabel'>
-<input tabindex='3' id='remember' name='remember' type='checkbox' value='1' />
-<span>%MAKETEXT{"Remember me"}%</span>
-</label></p>%TMPL:END%
-
-%TMPL:DEF{"passwordstep"}%<div class="foswikiFormStep">
-<h3>%MAKETEXT{"Password"}%</h3>
-<p>%TMPL:P{"passwordfield"}% %TMPL:P{"passwordnote"}%</p>
-%TMPL:P{context="can_remember_login" then="rememberbox"}%</div>%TMPL:END%
-
-%TMPL:DEF{"seealsostep"}%<span class='foswikiUnvisited'>[[%SCRIPTURLPATH{view}%/%SYSTEMWEB%/ResetPassword?username=%URLPARAM{username}%][%MAKETEXT{"Having problems logging in?"}%]]</span><br /><span class='foswikiUnvisited'>[[%SYSTEMWEB%.UserRegistration][%MAKETEXT{"Create account"}%]]</span>%TMPL:END%
-
-%TMPL:DEF{"openidbutton"}%
-<a class="openidbutton provider_%PROVIDERNAME%" href="%SCRIPTURLPATH{"login"}%?provider=%PROVIDER%">
-   <img src="%PUBURLPATH%/%SYSTEMWEB%/OpenIDLoginContrib/%LOGOIMAGE%">
-   <span>%PROVIDERNAME%</span>
-</a>
-%TMPL:END%
-
-%TMPL:DEF{"openidstep"}%
-%TMPL:P{"openidbutton" PROVIDER="Default" PROVIDERNAME="Microsoft" LOGOIMAGE="windows_logo.png"}%
-%TMPL:P{"openidbutton" PROVIDER="Google" PROVIDERNAME="Google" LOGOIMAGE="google_g_logo.png"}%
-%TMPL:END%
-
 %TMPL:DEF{"form"}%<div id="foswikiLogin">
 %TMPL:P{"formstart"}%<div class="foswikiFormSteps">%TMPL:P{"titlestep"}%
-<div class="openid_accounts"><hr/>%TMPL:P{"openidstep"}%</div><p class="clear"><a class='foswikiUnvisited native_toggle' href="#?provider=native">%MAKETEXT{"I don't use any of those."}%</a></p>
+<div class="openid_accounts"><hr/>%TMPL:P{"openidstep"}%</div>
 <div class="native_credentials">
 <hr />
 %TMPL:P{"usernamestep"}%%TMPL:P{"passwordstep"}%%TMPL:P{"submitstep"}%

diff --git a/templates/openidlogin.tmpl b/templates/openidlogin.tmpl
@@ -0,0 +1,49 @@
+%TMPL:INCLUDE{"login"}%
+%TMPL:DEF{"bodyclassname"}%patternNoViewPage patternLoginPage%TMPL:END%
+
+%TMPL:DEF{"title"}%<h2 class="openid_accounts">%MAKETEXT{"Log on to [_1] with these accounts" args="%WIKITOOLNAME%"}%</h2><h2 class="native_credentials">%MAKETEXT{"Log on to [_1]" args="%WIKITOOLNAME%"}%</h2>%TMPL:END%
+
+%TMPL:DEF{"bottombarcontents"}%%TMPL:END%
+%TMPL:DEF{"webaction"}%%TMPL:END%
+
+%TMPL:DEF{"usernamefieldhelplink"}%%TMPL:END%
+%TMPL:DEF{"usernamefieldhelpcontents"}%%TMPL:END%
+%TMPL:DEF{"passwordnote"}%%TMPL:END%
+
+%TMPL:DEF{"rememberbox"}%<p><label class='foswikiLabel'>
+<input tabindex='3' id='remember' name='remember' type='checkbox' value='1' />
+<span>%MAKETEXT{"Remember me"}%</span>
+</label></p>%TMPL:END%
+
+%TMPL:DEF{"passwordstep"}%<div class="foswikiFormStep">
+<h3>%MAKETEXT{"Password"}%</h3>
+<p>%TMPL:P{"passwordfield"}% %TMPL:P{"passwordnote"}%</p>
+%TMPL:P{context="can_remember_login" then="rememberbox"}%</div>%TMPL:END%
+
+%TMPL:DEF{"seealsostep"}%<span class='foswikiUnvisited'>[[%SCRIPTURLPATH{view}%/%SYSTEMWEB%/ResetPassword?username=%URLPARAM{username}%][%MAKETEXT{"Having problems logging in?"}%]]</span><br /><span class='foswikiUnvisited'>[[%SYSTEMWEB%.UserRegistration][%MAKETEXT{"Create account"}%]]</span>%TMPL:END%
+
+%TMPL:DEF{"openidbutton"}%
+<a class="openidbutton provider_%PROVIDERNAME%" href="%SCRIPTURLPATH{"login"}%?provider=%PROVIDER%">
+   <img src="%PUBURLPATH%/%SYSTEMWEB%/OpenIDLoginContrib/%LOGOIMAGE%">
+   <span>%PROVIDERNAME%</span>
+</a>
+%TMPL:END%
+
+%TMPL:DEF{"openidstep"}%
+<div class="openid_accounts"><hr/>
+%TMPL:P{"openidbutton" PROVIDER="MSAzure" PROVIDERNAME="Microsoft" LOGOIMAGE="windows_logo.png"}%
+%TMPL:P{"openidbutton" PROVIDER="Google" PROVIDERNAME="Google" LOGOIMAGE="google_g_logo.png"}%
+</div>
+%TMPL:END%
+
+%TMPL:DEF{"form"}%<div id="foswikiLogin">
+%TMPL:P{"formstart"}%<div class="foswikiFormSteps">%TMPL:P{"titlestep"}%
+%TMPL:P{"openidstep"}%<p class="clear"><a class='foswikiUnvisited native_toggle' href="#?provider=native">%MAKETEXT{"I don't use any of those."}%</a></p>
+<div class="native_credentials">
+<hr />
+%TMPL:P{"usernamestep"}%%TMPL:P{"passwordstep"}%%TMPL:P{"submitstep"}%
+<hr />%TMPL:P{"seealsostep"}%
+</div>
+</div>%TMPL:P{"loginasadministratorstep"}%%TMPL:P{"formend"}%
+</div><script src="%PUBURLPATH%/%SYSTEMWEB%/OpenIDLoginContrib/openidlogin.js"></script>
+%TMPL:END%
diff --git a/templates/openidloginbase.tmpl b/templates/openidloginbase.tmpl
@@ -0,0 +1,25 @@
+%TMPL:DEF{"openidbutton"}%
+<a class="openidbutton provider_%PROVIDERNAME%" href="%SCRIPTURLPATH{"login"}%?provider=%PROVIDER%">
+   <img src="%PUBURLPATH%/%SYSTEMWEB%/OpenIDLoginContrib/%LOGOIMAGE%">
+   <span>%PROVIDERNAME%</span>
+</a>
+%TMPL:END%
+
+%TMPL:DEF{"openidstep"}%
+<div class="openid_accounts foswikiFormStep">%TMPL:P{"openid_providers"}%</div>
+%TMPL:P{"openid_toggle"}%
+%TMPL:END%
+
+%TMPL:DEF{"openid_toggle"}%
+<p class="foswikiFormStep clear openid_accounts"><a class='foswikiUnvisited native_toggle' href="?provider=native">%MAKETEXT{"I don't use any of those."}%</a></p>
+%TMPL:END%
+
+%TMPL:DEF{"openid_javascript"}%
+<script src="%PUBURLPATH%/%SYSTEMWEB%/OpenIDLoginContrib/openidlogin.js"></script>
+%TMPL:END%
+
+%{################################################################################# }%
+%TMPL:DEF{"openid_providers"}%
+%TMPL:P{"openidbutton" PROVIDER="Default" PROVIDERNAME="Microsoft" LOGOIMAGE="windows_logo.png"}%
+%TMPL:P{"openidbutton" PROVIDER="Google" PROVIDERNAME="Google" LOGOIMAGE="google_g_logo.png"}%
+%TMPL:END%