123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342 |
- /*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- using System;
- using System.Collections.Generic;
- using System.Collections.Specialized;
- using System.IO;
- using System.Net;
- using System.Web;
- using DotNetOpenId;
- using DotNetOpenId.Provider;
- using OpenSim.Framework;
- using OpenSim.Framework.Servers;
- using OpenSim.Framework.Servers.HttpServer;
- using OpenSim.Server.Handlers.Base;
- using OpenSim.Services.Interfaces;
- using Nini.Config;
- using OpenMetaverse;
- namespace OpenSim.Server.Handlers.Authentication
- {
- /// <summary>
- /// Temporary, in-memory store for OpenID associations
- /// </summary>
- public class ProviderMemoryStore : IAssociationStore<AssociationRelyingPartyType>
- {
- private class AssociationItem
- {
- public AssociationRelyingPartyType DistinguishingFactor;
- public string Handle;
- public DateTime Expires;
- public byte[] PrivateData;
- }
- Dictionary<string, AssociationItem> m_store = new Dictionary<string, AssociationItem>();
- SortedList<DateTime, AssociationItem> m_sortedStore = new SortedList<DateTime, AssociationItem>();
- object m_syncRoot = new object();
- #region IAssociationStore<AssociationRelyingPartyType> Members
- public void StoreAssociation(AssociationRelyingPartyType distinguishingFactor, Association assoc)
- {
- AssociationItem item = new AssociationItem();
- item.DistinguishingFactor = distinguishingFactor;
- item.Handle = assoc.Handle;
- item.Expires = assoc.Expires.ToLocalTime();
- item.PrivateData = assoc.SerializePrivateData();
- lock (m_syncRoot)
- {
- m_store[item.Handle] = item;
- m_sortedStore[item.Expires] = item;
- }
- }
- public Association GetAssociation(AssociationRelyingPartyType distinguishingFactor)
- {
- lock (m_syncRoot)
- {
- if (m_sortedStore.Count > 0)
- {
- AssociationItem item = m_sortedStore.Values[m_sortedStore.Count - 1];
- return Association.Deserialize(item.Handle, item.Expires.ToUniversalTime(), item.PrivateData);
- }
- else
- {
- return null;
- }
- }
- }
- public Association GetAssociation(AssociationRelyingPartyType distinguishingFactor, string handle)
- {
- AssociationItem item;
- bool success = false;
- lock (m_syncRoot)
- success = m_store.TryGetValue(handle, out item);
- if (success)
- return Association.Deserialize(item.Handle, item.Expires.ToUniversalTime(), item.PrivateData);
- else
- return null;
- }
- public bool RemoveAssociation(AssociationRelyingPartyType distinguishingFactor, string handle)
- {
- lock (m_syncRoot)
- {
- for (int i = 0; i < m_sortedStore.Values.Count; i++)
- {
- AssociationItem item = m_sortedStore.Values[i];
- if (item.Handle == handle)
- {
- m_sortedStore.RemoveAt(i);
- break;
- }
- }
- return m_store.Remove(handle);
- }
- }
- public void ClearExpiredAssociations()
- {
- lock (m_syncRoot)
- {
- List<AssociationItem> itemsCopy = new List<AssociationItem>(m_sortedStore.Values);
- DateTime now = DateTime.Now;
- for (int i = 0; i < itemsCopy.Count; i++)
- {
- AssociationItem item = itemsCopy[i];
- if (item.Expires <= now)
- {
- m_sortedStore.RemoveAt(i);
- m_store.Remove(item.Handle);
- }
- }
- }
- }
- #endregion
- }
- public class OpenIdStreamHandler : BaseOutputStreamHandler, IStreamHandler
- {
- #region HTML
- /// <summary>Login form used to authenticate OpenID requests</summary>
- const string LOGIN_PAGE =
- @"<html>
- <head><title>OpenSim OpenID Login</title></head>
- <body>
- <h3>OpenSim Login</h3>
- <form method=""post"">
- <label for=""first"">First Name:</label> <input readonly type=""text"" name=""first"" id=""first"" value=""{0}""/>
- <label for=""last"">Last Name:</label> <input readonly type=""text"" name=""last"" id=""last"" value=""{1}""/>
- <label for=""pass"">Password:</label> <input type=""password"" name=""pass"" id=""pass""/>
- <input type=""submit"" value=""Login"">
- </form>
- </body>
- </html>";
- /// <summary>Page shown for a valid OpenID identity</summary>
- const string OPENID_PAGE =
- @"<html>
- <head>
- <title>{2} {3}</title>
- <link rel=""openid2.provider openid.server"" href=""{0}://{1}/openid/server/""/>
- </head>
- <body>OpenID identifier for {2} {3}</body>
- </html>
- ";
- /// <summary>Page shown for an invalid OpenID identity</summary>
- const string INVALID_OPENID_PAGE =
- @"<html><head><title>Identity not found</title></head>
- <body>Invalid OpenID identity</body></html>";
- /// <summary>Page shown if the OpenID endpoint is requested directly</summary>
- const string ENDPOINT_PAGE =
- @"<html><head><title>OpenID Endpoint</title></head><body>
- This is an OpenID server endpoint, not a human-readable resource.
- For more information, see <a href='http://openid.net/'>http://openid.net/</a>.
- </body></html>";
- #endregion HTML
- IAuthenticationService m_authenticationService;
- IUserAccountService m_userAccountService;
- ProviderMemoryStore m_openidStore = new ProviderMemoryStore();
- public override string ContentType { get { return "text/html"; } }
- /// <summary>
- /// Constructor
- /// </summary>
- public OpenIdStreamHandler(
- string httpMethod, string path, IUserAccountService userService, IAuthenticationService authService)
- : base(httpMethod, path, "OpenId", "OpenID stream handler")
- {
- m_authenticationService = authService;
- m_userAccountService = userService;
- }
- /// <summary>
- /// Handles all GET and POST requests for OpenID identifier pages and endpoint
- /// server communication
- /// </summary>
- protected override void ProcessRequest(
- string path, Stream request, Stream response, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
- {
- Uri providerEndpoint = new Uri(String.Format("{0}://{1}{2}", httpRequest.Url.Scheme, httpRequest.Url.Authority, httpRequest.Url.AbsolutePath));
- // Defult to returning HTML content
- httpResponse.ContentType = ContentType;
- try
- {
- string forPost;
- using(StreamReader sr = new StreamReader(httpRequest.InputStream))
- forPost = sr.ReadToEnd();
- NameValueCollection postQuery = HttpUtility.ParseQueryString(forPost);
- NameValueCollection getQuery = HttpUtility.ParseQueryString(httpRequest.Url.Query);
- NameValueCollection openIdQuery = (postQuery.GetValues("openid.mode") != null ? postQuery : getQuery);
- OpenIdProvider provider = new OpenIdProvider(m_openidStore, providerEndpoint, httpRequest.Url, openIdQuery);
- if (provider.Request != null)
- {
- if (!provider.Request.IsResponseReady && provider.Request is IAuthenticationRequest)
- {
- IAuthenticationRequest authRequest = (IAuthenticationRequest)provider.Request;
- string[] passwordValues = postQuery.GetValues("pass");
- UserAccount account;
- if (TryGetAccount(new Uri(authRequest.ClaimedIdentifier.ToString()), out account))
- {
- // Check for form POST data
- if (passwordValues != null && passwordValues.Length == 1)
- {
- if (account != null &&
- (m_authenticationService.Authenticate(account.PrincipalID,Util.Md5Hash(passwordValues[0]), 30) != string.Empty))
- authRequest.IsAuthenticated = true;
- else
- authRequest.IsAuthenticated = false;
- }
- else
- {
- // Authentication was requested, send the client a login form
- using (StreamWriter writer = new StreamWriter(response))
- writer.Write(String.Format(LOGIN_PAGE, account.FirstName, account.LastName));
- return;
- }
- }
- else
- {
- // Cannot find an avatar matching the claimed identifier
- authRequest.IsAuthenticated = false;
- }
- }
- // Add OpenID headers to the response
- foreach (string key in provider.Request.Response.Headers.Keys)
- httpResponse.AddHeader(key, provider.Request.Response.Headers[key]);
- string[] contentTypeValues = provider.Request.Response.Headers.GetValues("Content-Type");
- if (contentTypeValues != null && contentTypeValues.Length == 1)
- httpResponse.ContentType = contentTypeValues[0];
- // Set the response code and document body based on the OpenID result
- httpResponse.StatusCode = (int)provider.Request.Response.Code;
- response.Write(provider.Request.Response.Body, 0, provider.Request.Response.Body.Length);
- response.Close();
- }
- else if (httpRequest.Url.AbsolutePath.Contains("/openid/server"))
- {
- // Standard HTTP GET was made on the OpenID endpoint, send the client the default error page
- using (StreamWriter writer = new StreamWriter(response))
- writer.Write(ENDPOINT_PAGE);
- }
- else
- {
- // Try and lookup this avatar
- UserAccount account;
- if (TryGetAccount(httpRequest.Url, out account))
- {
- using (StreamWriter writer = new StreamWriter(response))
- {
- // TODO: Print out a full profile page for this avatar
- writer.Write(String.Format(OPENID_PAGE, httpRequest.Url.Scheme,
- httpRequest.Url.Authority, account.FirstName, account.LastName));
- }
- }
- else
- {
- // Couldn't parse an avatar name, or couldn't find the avatar in the user server
- using (StreamWriter writer = new StreamWriter(response))
- writer.Write(INVALID_OPENID_PAGE);
- }
- }
- }
- catch (Exception ex)
- {
- httpResponse.StatusCode = (int)HttpStatusCode.InternalServerError;
- using (StreamWriter writer = new StreamWriter(response))
- writer.Write(ex.Message);
- }
- }
- /// <summary>
- /// Parse a URL with a relative path of the form /users/First_Last and try to
- /// retrieve the profile matching that avatar name
- /// </summary>
- /// <param name="requestUrl">URL to parse for an avatar name</param>
- /// <param name="profile">Profile data for the avatar</param>
- /// <returns>True if the parse and lookup were successful, otherwise false</returns>
- bool TryGetAccount(Uri requestUrl, out UserAccount account)
- {
- if (requestUrl.Segments.Length == 3 && requestUrl.Segments[1] == "users/")
- {
- // Parse the avatar name from the path
- string username = requestUrl.Segments[requestUrl.Segments.Length - 1];
- string[] name = username.Split('_');
- if (name.Length == 2)
- {
- account = m_userAccountService.GetUserAccount(UUID.Zero, name[0], name[1]);
- return (account != null);
- }
- }
- account = null;
- return false;
- }
- }
- }
|