[project @ Update example server to accept arbitrary logins (to make it easier to use and configure)]

9 files changed, 62 insertions, 118 deletions

diff --git a/examples/server/lib/actions.php b/examples/server/lib/actions.php
index 5e255e2..f38637f 100644
--- a/examples/server/lib/actions.php
+++ b/examples/server/lib/actions.php
@@ -6,6 +6,7 @@ require_once "lib/render.php";
 
 require_once "lib/render/login.php";
 require_once "lib/render/sites.php";
+require_once "lib/render/idpage.php";
 
 require_once "Auth/OpenID.php";
 
@@ -88,17 +89,8 @@ function login_checkInput($input)
     if (!isset($input['openid_url'])) {
         $errors[] = 'Enter an OpenID URL to continue';
     }
-    if (!isset($input['password'])) {
-        $errors[] = 'Enter a password to continue';
-    }
     if (count($errors) == 0) {
         $openid_url = $input['openid_url'];
-        $openid_url = Auth_OpenID::normalizeUrl($openid_url);
-        $password = $input['password'];
-        if (!checkLogin($openid_url, $password)) {
-            $errors[] = 'The entered password does not match the ' .
-                'entered identity URL.';
-        }
     }
     return array($errors, $openid_url);
 }
@@ -166,4 +158,9 @@ function action_sites()
     return sites_render($sites);
 }
 
+function action_idpage()
+{
+    return idpage_render(getLoggedInUser());
+}
+
 ?>
\ No newline at end of file
diff --git a/examples/server/lib/common.php b/examples/server/lib/common.php
index 4bc1dac..147d74a 100644
--- a/examples/server/lib/common.php
+++ b/examples/server/lib/common.php
@@ -32,7 +32,7 @@ function doAuth($info, $trusted=null, $fail_cancels=false)
     $user = getLoggedInUser();
     setRequestInfo($info);
 
-    if ($req_url != $user) {
+    if ($req_url != idURL($user)) {
         return login_render(array(), $req_url, $req_url);
     }
 
diff --git a/examples/server/lib/render.php b/examples/server/lib/render.php
index f607f90..502e08c 100644
--- a/examples/server/lib/render.php
+++ b/examples/server/lib/render.php
@@ -15,7 +15,7 @@ define('page_template',
   </body>
 </html>');
 
-define('logged_in_pat', 'You are logged in as %s.');
+define('logged_in_pat', 'You are logged in as %s (URL: %s)');
 
 /**
  * HTTP response line contstants
@@ -88,7 +88,8 @@ function page_render($body, $user, $title, $h1=null, $login=false)
     $h1 = $h1 ? $h1 : $title;
 
     if ($user) {
-        $msg = sprintf(logged_in_pat, link_render($user));
+        $msg = sprintf(logged_in_pat, link_render($user),
+                       link_render(idURL($user)));
         $nav = array('logout' => 'Log Out',
                      'sites' => 'Remembered Sites',
                      );
diff --git a/examples/server/lib/render/idpage.php b/examples/server/lib/render/idpage.php
new file mode 100644
index 0000000..103ec3c
--- /dev/null
+++ b/examples/server/lib/render/idpage.php
@@ -0,0 +1,26 @@
+<?php
+
+require_once "lib/session.php";
+require_once "lib/render.php";
+
+define('idpage_pat',
+       '<html>
+<head>
+  <link rel="openid2.provider openid.server" href="%s"/>
+</head>
+<body>
+  This is the identity page for %s.
+</body>
+</html>');
+
+define('login_needed_pat',
+       'You must be logged in as %s to approve this request.');
+
+function idpage_render($identity)
+{
+    $esc_identity = htmlspecialchars($identity, ENT_QUOTES);
+    $body = sprintf(idpage_pat, buildURL(), $esc_identity);
+    return array(array(), $body);
+}
+
+?>
\ No newline at end of file
diff --git a/examples/server/lib/render/login.php b/examples/server/lib/render/login.php
index 9e8f370..19a242a 100644
--- a/examples/server/lib/render/login.php
+++ b/examples/server/lib/render/login.php
@@ -18,10 +18,6 @@ define('login_form_pat',
                    value="%s" id="openid_url" /></td>
       </tr>
       <tr>
-        <th><label for="password">Password:</label></th>
-        <td><input type="password" name="password" id="password" /></td>
-      </tr>
-      <tr>
         <td colspan="2">
           <input type="submit" value="Log in" />
           <input type="submit" name="cancel" value="Cancel" />
diff --git a/examples/server/lib/render/trust.php b/examples/server/lib/render/trust.php
index 60d01d0..9acfae7 100644
--- a/examples/server/lib/render/trust.php
+++ b/examples/server/lib/render/trust.php
@@ -5,7 +5,7 @@ require_once "lib/render.php";
 
 define('trust_form_pat',
        '<div class="form">
-  <p>Do you wish to confirm your identity URL (<code>%s</code>) with <code>%s</code>?</p>
+  <p>Do you wish to confirm your identity (<code>%s</code>) with <code>%s</code>?</p>
   <form method="post" action="%s">
     <input type="checkbox" name="remember" value="on" id="remember"><label
         for="remember">Remember this decision</label>
@@ -19,7 +19,7 @@ define('trust_form_pat',
 function trust_render($info)
 {
     $current_user = getLoggedInUser();
-    $lnk = link_render($current_user);
+    $lnk = link_render(idURL($current_user));
     $trust_root = htmlspecialchars($info->trust_root);
     $trust_url = buildURL('trust', true);
     $form = sprintf(trust_form_pat, $lnk, $trust_root, $trust_url);
diff --git a/examples/server/lib/session.php b/examples/server/lib/session.php
index e11fd64..1a51d79 100644
--- a/examples/server/lib/session.php
+++ b/examples/server/lib/session.php
@@ -82,7 +82,8 @@ function getServer()
 {
     static $server = null;
     if (!isset($server)) {
-        $server =& new Auth_OpenID_Server(getOpenIDStore());
+        $server =& new Auth_OpenID_Server(getOpenIDStore(),
+                                          getServerURL());
     }
     return $server;
 }
@@ -116,19 +117,6 @@ function hashPassword($password)
 }
 
 /**
- * Check the user's login information
- */
-function checkLogin($openid_url, $password)
-{
-    // from config.php
-    global $openid_users;
-    $hash = hashPassword($password);
-
-    return isset($openid_users[$openid_url])
-        && $hash == $openid_users[$openid_url];
-}
-
-/**
  * Get the openid_url out of the cookie
  *
  * @return mixed $openid_url The URL that was stored in the cookie or
@@ -202,4 +190,25 @@ function getSreg($identity)
 
 }
 
+function idURL($identity)
+{
+    return buildURL('idpage') . "?user=" . $identity;
+}
+
+function idFromURL($url)
+{
+    if (strpos($url, 'idpage') === false) {
+        return null;
+    }
+
+    $parsed = parse_url($url);
+
+    $q = $parsed['query'];
+
+    $parts = array();
+    parse_str($q, $parts);
+
+    return @$parts['user'];
+}
+
 ?>
\ No newline at end of file
diff --git a/examples/server/server.php b/examples/server/server.php
index 727b8dd..d294938 100644
--- a/examples/server/server.php
+++ b/examples/server/server.php
@@ -11,7 +11,7 @@ if (!$try_include) {
     header("Location: setup.php");
 }
 
-if (function_exists('getOpenIDStore') && isset($openid_users)) {
+if (function_exists('getOpenIDStore')) {
     require_once 'lib/session.php';
     require_once 'lib/actions.php';
 
diff --git a/examples/server/setup.php b/examples/server/setup.php
index 92e631b..68be01b 100644
--- a/examples/server/setup.php
+++ b/examples/server/setup.php
@@ -368,41 +368,6 @@ configuration for use with the OpenID server example.
 <? } ?>
 </div>
 </div>
-<div>
-
-  <p>
-  Your OpenID server will need to know what URLs it can authenticate.  Supply URLs and passwords here.
-  </p>
-
-  <span class="label">OpenID URLs to serve:</span>
-
-  <div class="store_fields">
-<?
-if ($_SESSION['users']) {
-    print "<div><table><tr><th>OpenID URL</th><th>Password Hash</th></tr>";
-    foreach ($_SESSION['users'] as $url => $p) {
-        print "<tr><td>".$url."</td><td>".$p."</td></tr>";
-    }
-    print "</table></div>";
-}
-?>
-   <div>
-        <span>Add an OpenID:</span>
-    <div>
-      <label for="i_add_user" class="field">OpenID URL:</label><input type="text" name="openid_url" id="i_add_user">
-    </div>
-    <div>
-      <label for="i_p1" class="field">Password:</label><input type="password" name="p1" id="i_p1">
-    </div>
-    <div>
-      <label for="i_p2" class="field">Password (confirm):</label><input type="password" name="p2" id="i_p2">
-    </div>
-
-    <input type="submit" name="add_openid" value="Add OpenID">
-   </div>
-
-  </div>
-</div>
 
 <div>
 
@@ -458,10 +423,6 @@ function init_session() {
         $_SESSION['store_data'] = array();
     }
 
-    if (!isset($_SESSION['users'])) {
-        $_SESSION['users'] = array();
-    }
-
     if (!isset($_SESSION['trust_roots'])) {
         $_SESSION['trust_roots'] = array();
     }
@@ -479,29 +440,11 @@ function init_session() {
     }
 
     if ($_GET &&
-        isset($_GET['add_openid']) &&
-        isset($_GET['openid_url']) &&
-        isset($_GET['p1']) &&
-        isset($_GET['p2']) &&
-        $_GET['p1'] == $_GET['p2'] &&
-        $_GET['p1']) {
-
-        if (check_url($_GET['openid_url'])) {
-            $normalized = Auth_OpenID::normalizeUrl($_GET['openid_url']);
-            $_SESSION['users'][$normalized] = sha1($_GET['p1']);
-        } else {
-            $messages[] = "Cannot add OpenID URL; '".$_GET['openid_url']."' doesn't look like a URL.";
-        }
-
-    } else if ($_GET &&
                isset($_GET['trust_root']) &&
                $_GET['trust_root']) {
         if (!in_array($_GET['trust_root'], $_SESSION['trust_roots'])) {
             $_SESSION['trust_roots'][] = $_GET['trust_root'];
         }
-    } else if ($_GET &&
-               isset($_GET['del_user'])) {
-        unset($_SESSION['users'][$_GET['del_user']]);
     }
 }
 
@@ -639,34 +582,6 @@ function getOpenIDStore()
 }
 
 /**
- * Users who are allowed to log in to this OpenID server.
- *
- * This is an array from URL to password hash. The URL must include
- * the proper OpenID server information in order to work with this
- * server.
- *
- * This must be set for the server to be usable. If it is not set, no
- * users will be able to log in.
- *
- * Example:
- * $openid_users = array(
- *                    'http://joe.example.com/' => sha1('foo')
- *                      )
- */
-$openid_users = array(<?
-$i = 0;
-foreach ($_SESSION['users'] as $url => $hash) {
-    $i++;
-    print "\n    '$url' => '$hash'";
-    if ($i < count($_SESSION['users'])) {
-        print ",";
-    }
-}
-?>
-
-);
-
-/**
  * Trusted sites is an array of trust roots.
  *
  * Sites in this list will not have to be approved by the user in