Nico Huber | ee52fbc | 2023-06-24 11:52:57 +0000 | [diff] [blame] | 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * |
| 5 | * This page lists out all the hooks which are available to SimpleID extensions. |
| 6 | * |
| 7 | * When implementing these hooks in your extensions, you should replace the word |
| 8 | * hook with the name of your extension. |
| 9 | * |
| 10 | * @package extensions |
| 11 | */ |
| 12 | |
| 13 | /** |
| 14 | * Returns an array of type URIs to be included in SimpleID's XRDS document. |
| 15 | * |
| 16 | * For example: |
| 17 | * |
| 18 | * <code> |
| 19 | * <?php |
| 20 | * return array('http://specs.openid.net/extensions/ui/1.0/lang-pref', 'http://specs.openid.net/extensions/ui/1.0/mode/popup'); |
| 21 | * ?> |
| 22 | * </code> |
| 23 | * |
| 24 | * @return array an array of URIs |
| 25 | * @since 0.7 |
| 26 | */ |
| 27 | function hook_xrds_types() { |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * Processes an authentication request that is <i>not</i> about an identifier. |
| 32 | * |
| 33 | * The OpenID specifications provides a mechanism for extensions to process |
| 34 | * authentication requests that are not about an identifier. Authentication requests |
| 35 | * about identifiers are automatically processed by the {@link simpleid_checkid_identity()} |
| 36 | * function and the {@link hook_checkid_identity()} hooks. |
| 37 | * |
| 38 | * Assertion results are coded within SimpleID as an integer between 127 ({@link CHECKID_OK}) |
| 39 | * and -127 ({@link CHECKID_PROTOCOL_ERROR}). Positive values indicate a potential |
| 40 | * positive assertion (subject to various types of user approval), while negative |
| 41 | * values indicate a irrecoverable negative assertion. |
| 42 | * |
| 43 | * This hook should return one of these values. If the extension is unable to |
| 44 | * handle this particular type of authentication request, it should return NULL. |
| 45 | * |
| 46 | * @param array $request the OpenID request |
| 47 | * @param bool $immediate true if openid.mode is checkid_immediate |
| 48 | * @return int a return value from the list of possible values returned by |
| 49 | * {@link simpleid_checkid_identity()} or NULL |
| 50 | * @see simpleid_checkid() |
| 51 | */ |
| 52 | function hook_checkid($request, $immediate) { |
| 53 | } |
| 54 | |
| 55 | |
| 56 | /** |
| 57 | * Processes an authentication request where the assertion is potentially |
| 58 | * positive. |
| 59 | * |
| 60 | * Assertion results are coded within SimpleID as an integer between 127 ({@link CHECKID_OK}) |
| 61 | * and -127 ({@link CHECKID_PROTOCOL_ERROR}). Positive values indicate a potential |
| 62 | * positive assertion (subject to various types of user approval), while negative |
| 63 | * values indicate a irrecoverable negative assertion. |
| 64 | * |
| 65 | * Extensions are able to examine the authentication request to modify change |
| 66 | * the assertion result from positive to negative. As SimpleID takes the |
| 67 | * minimum from the results returned by this hook, extensions are |
| 68 | * not able to change the assertion result from negative to positive. |
| 69 | * |
| 70 | * If the extension is indifferent to the result of the current authentication |
| 71 | * request (e.g. it cannot understand it), it should return NULL. |
| 72 | * |
| 73 | * This hook is not called at all if SimpleID determines that the assertion |
| 74 | * is negative. |
| 75 | * |
| 76 | * @param array $request the OpenID request |
| 77 | * @param string $identity the identity to be checked against |
| 78 | * @param bool $immediate true if openid.mode is checkid_immediate |
| 79 | * @return int a return value from the list of possible values returned by |
| 80 | * {@link simpleid_checkid_identity()} or NULL |
| 81 | * @see simpleid_checkid_identity() |
| 82 | */ |
| 83 | function hook_checkid_identity($request, $identity, $immediate) { |
| 84 | } |
| 85 | |
| 86 | /** |
| 87 | * Gets fields and values to be included in the OpenID response. |
| 88 | * |
| 89 | * For positive assertions, this hook should assume that all user approvals |
| 90 | * have been given and return a response array accordingly. The extension has |
| 91 | * the opportunity to modify the response what the user has actually approved |
| 92 | * in the {@link hook_send() send hook}. |
| 93 | * |
| 94 | * This hook will need to provide any aliases required. |
| 95 | * |
| 96 | * An example: |
| 97 | * |
| 98 | * <code> |
| 99 | * <?php |
| 100 | * $alias = openid_extension_alias($my_uri); |
| 101 | * return array( |
| 102 | * 'openid.ns.' . $alias => $my_uri, |
| 103 | * 'openid.' . $alias . '.field' => 'value' |
| 104 | * ); |
| 105 | * ?> |
| 106 | * </code> |
| 107 | * |
| 108 | * @param bool $assertion true if a positive assertion is made, false otherwise |
| 109 | * @param array $request the OpenID request |
| 110 | * @return array the fields and values to include |
| 111 | */ |
| 112 | function hook_response($assertion, $request) { |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Gets fields associated with this extension which needs to be signed |
| 117 | * |
| 118 | * SimpleID automatically handles signing fields required by the OpenID |
| 119 | * specification, so only the fields introduced by this extension |
| 120 | * needed to be returned by this function. |
| 121 | * |
| 122 | * The array of fields returned by this function must include any applicable |
| 123 | * aliases as required. For example |
| 124 | * |
| 125 | * <code> |
| 126 | * <?php |
| 127 | * $alias = openid_extension_alias($my_uri); |
| 128 | * return array($alias . '.field1', $alias . 'field2'); |
| 129 | * ?> |
| 130 | * </code> |
| 131 | * |
| 132 | * @param array $response the OpenID response to sign |
| 133 | * @return array an array of fields to sign |
| 134 | */ |
| 135 | function hook_signed_fields($response) { |
| 136 | } |
| 137 | |
| 138 | /** |
| 139 | * Determines the format in which assertions are sent, when they are sent via |
| 140 | * indirect communication. |
| 141 | * |
| 142 | * The OpenID specification version 2.0 provides for the sending of assertions |
| 143 | * via indirect communication. The original specifications provide that the |
| 144 | * response should be formatted within the query string. |
| 145 | * |
| 146 | * Some extensions to the OpenID specification allows the assertion to be |
| 147 | * formatted in some other way, e.g. via the fragment. This hook allows |
| 148 | * extensions to specify which format the assertion should be sent. |
| 149 | * |
| 150 | * If the extension is indifferent regarding the format, it should return |
| 151 | * null |
| 152 | * |
| 153 | * @param string $url the URL of the RP to which the response is to be sent |
| 154 | * @param array $response the assertion to be sent |
| 155 | * @return int one of OPENID_RESPONSE_QUERY or OPENID_RESPONSE_FRAGMENT or NULL |
| 156 | */ |
| 157 | function hook_indirect_response($url, $response) { |
| 158 | } |
| 159 | |
| 160 | /** |
| 161 | * Provides additional form items when displaying the relying party consent |
| 162 | * form |
| 163 | * |
| 164 | * |
| 165 | * @param array $request the OpenID request |
| 166 | * @param array $response the proposed OpenID response |
| 167 | * @param array $rp the user's preferences saved with this relying party |
| 168 | * @return string HTML code to be inserted into the verification form |
| 169 | * @see simpleid_consent_form() |
| 170 | * @deprecated Use {@link hook_consent_form()} |
| 171 | */ |
| 172 | function hook_rp_form($request, $response, $rp) { |
| 173 | } |
| 174 | |
| 175 | /** |
| 176 | * Provides additional form items when displaying the relying party consent |
| 177 | * form |
| 178 | * |
| 179 | * |
| 180 | * @param array $request the OpenID request |
| 181 | * @param array $response the proposed OpenID response |
| 182 | * @param array $rp the user's preferences saved with this relying party |
| 183 | * @return string HTML code to be inserted into the verification form |
| 184 | * @see simpleid_consent_form() |
| 185 | * @since 0.8 |
| 186 | */ |
| 187 | function hook_consent_form($request, $response, $rp) { |
| 188 | } |
| 189 | |
| 190 | /** |
| 191 | * Processes the relying party consent form. |
| 192 | * |
| 193 | * This provides the extension with the opportunity to: |
| 194 | * |
| 195 | * - modify the OpenID response based on the user's preferences by editing |
| 196 | * $response |
| 197 | * - save the user's preferences by editing $rp |
| 198 | * |
| 199 | * <strong>WARNING</strong> Because this function requires parameters to be |
| 200 | * passed by reference, this does not work with {@link extension_invoke_all()}. |
| 201 | * |
| 202 | * @param array $form_request the data submitted by the user in the relying |
| 203 | * party verification form |
| 204 | * @param array &$response pointer to the proposed OpenID response |
| 205 | * @param array &$rp pointer to the user's preferences saved with this relying party |
| 206 | * @deprecated Use {@link hook_consent()} |
| 207 | * |
| 208 | */ |
| 209 | function hook_send($form_request, &$response, &$rp) { |
| 210 | } |
| 211 | |
| 212 | /** |
| 213 | * Processes the relying party verification form. |
| 214 | * |
| 215 | * This provides the extension with the opportunity to: |
| 216 | * |
| 217 | * - modify the OpenID response based on the user's preferences by editing |
| 218 | * $response |
| 219 | * - save the user's preferences by editing $rp |
| 220 | * |
| 221 | * <strong>WARNING</strong> Because this function requires parameters to be |
| 222 | * passed by reference, this does not work with {@link extension_invoke_all()}. |
| 223 | * |
| 224 | * @param array $form_request the data submitted by the user in the relying |
| 225 | * party verification form |
| 226 | * @param array &$response pointer to the proposed OpenID response |
| 227 | * @param array &$rp pointer to the user's preferences saved with this relying party |
| 228 | * @since 0.8 |
| 229 | * |
| 230 | */ |
| 231 | function hook_consent($form_request, &$response, &$rp) { |
| 232 | } |
| 233 | |
| 234 | /** |
| 235 | * Return any additional items provided by the extension to be appended to the |
| 236 | * Simpleweb route array. |
| 237 | * |
| 238 | * @see simpleweb.inc.php |
| 239 | * @see simpleid_start() |
| 240 | * @return array the routes array |
| 241 | * @since 0.7 |
| 242 | */ |
| 243 | function hook_routes() { |
| 244 | } |
| 245 | |
| 246 | /** |
| 247 | * Provides additional form items when displaying the login form |
| 248 | * |
| 249 | * @param string $destination he SimpleID location to which the user is directed |
| 250 | * if login is successful |
| 251 | * @param string $state the current SimpleID state, if required by the location |
| 252 | * @see user_login_form() |
| 253 | */ |
| 254 | function hook_user_login_form($destination, $state) { |
| 255 | } |
| 256 | |
| 257 | /** |
| 258 | * Attempts to automatically login using credentials presented by the user agent. |
| 259 | * |
| 260 | * This hook is called by the {@link user_auto_login()} function. The hook |
| 261 | * should detect any credentials present in the request and return a $user array |
| 262 | * (loaded using the {@link user_load()} function) if credentials identifying |
| 263 | * the user is present. |
| 264 | * |
| 265 | * If no credentials are present, or the credentials are invalid, this hook |
| 266 | * should return NULL. |
| 267 | * |
| 268 | * @return array the user array, or NULL |
| 269 | */ |
| 270 | function hook_user_auto_login() { |
| 271 | } |
| 272 | |
| 273 | /** |
| 274 | * Verifies a set of credentials for a specified user. |
| 275 | * |
| 276 | * A set of credentials comprises: |
| 277 | * |
| 278 | * - A user name |
| 279 | * - Some kind of verifying information, such as a plaintext password, a hashed |
| 280 | * password (e.g. digest) or some other kind of identifying information. |
| 281 | * |
| 282 | * The user name is passed to this function using the $uid parameter. The user |
| 283 | * name may or may not exist. If the user name does not exist, this function |
| 284 | * <strong>must</strong> return false. |
| 285 | * |
| 286 | * The credentials are supplied as an array using the $credentials parameter. |
| 287 | * Typically this array will be a subset of the $_POST superglobal passed to the |
| 288 | * {@link user_login()} function. Thus it will generally contain the keys 'pass' and |
| 289 | * 'digest'. |
| 290 | * |
| 291 | * This hook must check whether the credentials supplied matches the credentials |
| 292 | * for the specified user in the store. If for any reason that credentials |
| 293 | * do not match, this function <strong>must</strong> return false. |
| 294 | * |
| 295 | * @param string $uid the name of the user to verify |
| 296 | * @param array $credentials the credentials supplied by the browser |
| 297 | * @return bool whether the credentials supplied matches those for the specified |
| 298 | * user |
| 299 | */ |
| 300 | function hook_user_verify_credentials($uid, $credentials) { |
| 301 | } |
| 302 | |
| 303 | |
| 304 | |
| 305 | /** |
| 306 | * Returns additional blocks to be displayed in the user's dashboard. |
| 307 | * |
| 308 | * A block is coded as an array in accordance with the specifications set |
| 309 | * out in {@link page.inc}. |
| 310 | * |
| 311 | * This hook should return an <i>array</i> of blocks, i.e. an array of |
| 312 | * arrays. |
| 313 | * |
| 314 | * @see page_dashboard() |
| 315 | * @return array an array of blocks to add to the user's dashboard |
| 316 | * @since 0.7 |
| 317 | */ |
| 318 | function hook_page_dashboard() { |
| 319 | } |
| 320 | |
| 321 | /** |
| 322 | * Returns additional blocks to be displayed in the user's profile page. |
| 323 | * |
| 324 | * A block is coded as an array in accordance with the specifications set |
| 325 | * out in {@link page.inc}. |
| 326 | * |
| 327 | * This hook should return an <i>array</i> of blocks, i.e. an array of |
| 328 | * arrays. |
| 329 | * |
| 330 | * @see page_profile() |
| 331 | * @return array an array of blocks to add to the user's profile page |
| 332 | * @since 0.7 |
| 333 | */ |
| 334 | function hook_page_profile() { |
| 335 | } |
| 336 | |
| 337 | ?> |