openid: Use Openid Simple Registration or OpenID Attribute Exchange to get the user...
authorJoey Hess <joey@gnu.kitenet.net>
Sun, 14 Mar 2010 00:08:15 +0000 (19:08 -0500)
committerJoey Hess <joey@gnu.kitenet.net>
Sun, 14 Mar 2010 00:08:15 +0000 (19:08 -0500)
The info is stored in the session database, not the user database.
There should be no reason to need it when a user is not logged in.

Also, hide the email field in the preferences page for openid users.

Note that the email and username are not yet actually used for anything.
The email will be useful for gravatar, while the username might be used
for a more pretty display of the openid.

IkiWiki/Plugin/openid.pm
debian/changelog

index bb99446b4db2138f82dcce277caa097bff9e5ca1..9355cd85ad1cc27178b9c993d0f6d2a0245d36bf 100644 (file)
@@ -90,6 +90,7 @@ sub formbuilder_setup (@) {
                        value => $session->param("name"), 
                        size => 50, force => 1,
                        fieldset => "login");
+               $form->field(name => "email", type => "hidden");
        }
 }
 
@@ -113,6 +114,26 @@ sub validate ($$$;$) {
                }
        }
 
+       # Ask for client to provide a name and email, if possible.
+       # Try sreg and ax
+       $claimed_identity->set_extension_args(
+               'http://openid.net/extensions/sreg/1.1',
+               {
+                       optional => 'email,fullname,nickname',
+               },
+       );
+       $claimed_identity->set_extension_args(
+               'http://openid.net/srv/ax/1.0',
+               {
+                       mode => 'fetch_request',
+                       'required' => 'email,fullname,nickname,firstname',
+                       'type.email' => "http://schema.openid.net/contact/email",
+                       'type.fullname' => "http://axschema.org/namePerson",
+                       'type.nickname' => "http://axschema.org/namePerson/friendly",
+                       'type.firstname' => "http://axschema.org/namePerson/first",
+               },
+       );
+
        my $check_url = $claimed_identity->check_url(
                return_to => IkiWiki::cgiurl(do => "postsignin"),
                trust_root => $config{cgiurl},
@@ -139,6 +160,29 @@ sub auth ($$) {
                }
                elsif (my $vident = $csr->verified_identity) {
                        $session->param(name => $vident->url);
+
+                       my @extensions=grep { defined } (
+                               $vident->signed_extension_fields('http://openid.net/extensions/sreg/1.1'),
+                               $vident->signed_extension_fields('http://openid.net/srv/ax/1.0'),
+                       );
+                       foreach my $ext (@extensions) {
+                               foreach my $field (qw{value.email email}) {
+                                       if (exists $ext->{$field} &&
+                                           defined $ext->{$field} &&
+                                           length $ext->{$field}) {
+                                               $session->param(email => $ext->{$field});
+                                               last;
+                                       }
+                               }
+                               foreach my $field (qw{value.nickname nickname value.fullname fullname value.firstname}) {
+                                       if (exists $ext->{$field} &&
+                                           defined $ext->{$field} &&
+                                           length $ext->{$field}) {
+                                               $session->param(username => $ext->{$field});
+                                               last;
+                                       }
+                               }
+                       }
                }
                else {
                        error("OpenID failure: ".$csr->err);
index 9e779bb18efae066258821e280ca944ed7f3afba..854d83130b5d9d581ed97b1529126453efbcf3d6 100644 (file)
@@ -2,6 +2,8 @@ ikiwiki (3.20100313) UNRELEASED; urgency=low
 
   * websetup: Add websetup_unsafe to allow marking other settings
     as unsafe.
+  * openid: Use Openid Simple Registration or OpenID Attribute Exchange
+    to get the user's email address and username.
 
  -- Joey Hess <joeyh@debian.org>  Sat, 13 Mar 2010 14:48:10 -0500