GitLab's annual major release is around the corner. Along with a lot of new and exciting features, there will be a few breaking changes. Learn more here.

identityPage.php 11.1 KB
Newer Older
Daniel Kraft's avatar
Daniel Kraft committed
1 2 3
<?php
/*
    NameID, a namecoin based OpenID identity provider.
4
    Copyright (C) 2013-2015 by Daniel Kraft <d@domob.eu>
Daniel Kraft's avatar
Daniel Kraft committed
5 6

    This program is free software: you can redistribute it and/or modify
Daniel Kraft's avatar
Daniel Kraft committed
7
    it under the terms of the GNU Affero General Public License as published by
Daniel Kraft's avatar
Daniel Kraft committed
8 9 10 11 12 13
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Daniel Kraft's avatar
Daniel Kraft committed
14
    GNU Affero General Public License for more details.
Daniel Kraft's avatar
Daniel Kraft committed
15

Daniel Kraft's avatar
Daniel Kraft committed
16
    You should have received a copy of the GNU Affero General Public License
Daniel Kraft's avatar
Daniel Kraft committed
17 18 19 20 21 22 23 24
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

/* Page layout to show the identity page.  */

if (!isset ($fromIndex) || $fromIndex !== "yes")
  die ("Invalid page load.\n");

Daniel Kraft's avatar
Daniel Kraft committed
25 26 27 28 29 30 31 32 33 34 35 36 37
/* Sanitise a link.  This makes sure that it starts with 'http://'
   or 'https://', in order to prevent in particular javascript: links
   to be inserted by an attacker.  */
function sanitiseLink ($href)
{
  $allowed = array ("http://", "https://");
  foreach ($allowed as $prefix)
    if (substr ($href, 0, strlen ($prefix)) === $prefix)
      return $href;

  return "http://$href";
}

38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
/**
 * Helper routine to check a key fingerprint and format it nicely.  This
 * makes all hex characters upper case, removes spaces and colons, and
 * puts back spaces to group the characters in a uniform way.  Finally,
 * it formats the final digits (as in the usual GPG fingerprint key ID)
 * in <strong> tags.
 * @param fpr The fingerprint to format.
 * @return The processed fingerprint.
 */
function formatKeyFingerprint ($fpr)
{
  $fpr = strtoupper ($fpr);
  $fpr = preg_replace ("/[ :]/", "", $fpr);

  if (!preg_match ("/^[0-9A-F]{40}$/", $fpr))
    return NULL;

  $fpr = preg_replace ("/(.{4})/", "$1 ", $fpr);
  $fpr = preg_replace ("/(.{4} .{4}) $/", "<strong>$1</strong>", $fpr);

  return $fpr;
}

61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
/* ************************************************************************** */
/* Field handlers.  */

/**
 * Basic class for a field handler.
 */
abstract class FieldHandler
{

  /** Label to display.  */
  private $label;

  /**
   * Construct it.  It only sets the label.  Information about the
   * actual data to display is handled by subclasses.
   * @param label The label to display.
   */
  public function __construct ($label)
  {
    $this->label = $label;
  }

  /**
   * Print out HTML for this field in the <dl>.
   * @param html HtmlOutput object.
   * @param data JSON data of the id value.
   */
  public function output (HtmlOutput $html, $data)
  {
    $content = $this->processContent ($html, $data);
91
    if (is_string ($content))
92
      {
93
        assert ($content !== NULL);
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
        echo "<dt>" . $html->escape ($this->label) . "</dt>\n";
        echo "<dd>$content</dd>\n";
      }
  }

  /**
   * Subclasses must implement extraction of the "content" (as HTML text)
   * to display.  NULL should be returned if this field is not served
   * by the given data.
   * @param html HtmlOutput object to use.
   * @param data JSON data of the id value.
   * @return Processed content.
   */
  abstract protected function processContent (HtmlOutput $html, $data);

}

/**
112 113
 * Basic field class that reads its value from a defined JSON field.
 * It is still abstract and doesn't fully implement the output.
114
 */
115
abstract class BasicField extends FieldHandler
116 117 118
{

  /** Key in the JSON data to extract.  */
119
  private $key;
120 121 122 123 124 125 126 127 128 129 130 131 132

  /**
   * Construct the field.
   * @param label The label to display.
   * @param key The key for data extraction.
   */
  public function __construct ($label, $key)
  {
    parent::__construct ($label);
    $this->key = $key;
  }

  /**
133 134
   * Get the content to show.  This extracts the field value (if present)
   * and calls another abstract method to interpret it.
135 136 137 138 139 140 141 142 143
   * @param html HtmlOutput object to use.
   * @param data JSON data of the id value.
   * @return Processed content.
   */
  protected function processContent (HtmlOutput $html, $data)
  {
    if (!isset ($data->{$this->key}))
      return NULL;

144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238
    return $this->processValue ($html, $data->{$this->key});
  }

  /**
   * Subclasses must implement interpretation of the value.
   * Returning NULL signals that the value can not be interpreted.
   * @param html HtmlOutput object to use.
   * @param val Value of the field's key in the JSON object.
   * @return Processed content.
   */
  abstract protected function processValue (HtmlOutput $html, $val);

}

/**
 * Simple field that prints its value literally.  It can be configured to
 * support arrays and object values, iterating over the fields.
 */
class SimpleField extends BasicField
{

  /** Allow array values?  */
  private $arrays;
  /** Allow object values?  */
  private $objects;

  /**
   * Construct it.
   * @param label The label to display.
   * @param key The key for data extraction.
   * @param withArrays Allow arrays?
   * @param withObjects Allow objects?
   */
  public function __construct ($label, $key, $withArrays = false,
                               $withObjects = false)
  {
    parent::__construct ($label, $key);
    $this->arrays = $withArrays;
    $this->objects = $withObjects;
  }

  /**
   * Implement the process value function.
   * @param html HtmlOutput object to use.
   * @param val Value of the field's key in the JSON object.
   * @return Processed content.
   */
  protected function processValue (HtmlOutput $html, $val)
  {
    if ($this->arrays && is_array ($val))
      {
        $entries = array ();
        foreach ($val as $v)
          {
            $cur = $this->processSimple ($html, $v);
            if (is_string ($cur))
              {
                assert ($cur !== NULL);
                array_push ($entries, $cur);
              }
          }
        return implode (", ", $entries);
      }

    if ($this->objects && is_object ($val))
      {
        $entries = array ();
        foreach ($val as $key => $v)
          {
            $cur = $this->processSimple ($html, $v);
            if (is_string ($key) && is_string ($cur))
              {
                assert ($cur !== NULL);
                $k = $html->escape ($key);
                array_push ($entries, "$cur ($k)");
              }
          }
        return implode (", ", $entries);
      }

    return $this->processSimple ($html, $val);
  }

  /**
   * Process a simple value (not array or object).
   * @param html HtmlOutput object to use.
   * @param val The value.
   * @return Processed content.
   */
  protected function processSimple (HtmlOutput $html, $val)
  {
    if (is_string ($val))
      return $html->escape ($val);

    return NULL;
239 240 241 242 243 244 245
  }

}

/**
 * Field for website.
 */
246
class WebsiteField extends SimpleField
247 248 249 250 251
{

  /**
   * Get the content to show.
   * @param html HtmlOutput object to use.
252
   * @param val The value.
253 254
   * @return Processed content.
   */
255
  protected function processSimple (HtmlOutput $html, $val)
256
  {
257
    if (!is_string ($val))
258 259 260 261 262 263 264 265 266 267 268 269 270 271
      return NULL;

    $text = $html->escape ($val);
    $link = $html->escape (sanitiseLink ($val));

    return "<a href='$link'>$text</a>";
  }

}

/**
 * Field for email or crypto-addresses.  We create a link and prepend
 * a given "protocol" to it.
 */
272
class ProtocolledField extends SimpleField
Daniel Kraft's avatar
Daniel Kraft committed
273 274
{

275 276
  /** The protocol to prepend.  */
  private $protocol;
Daniel Kraft's avatar
Daniel Kraft committed
277

278 279 280 281 282
  /**
   * Construct the field.
   * @param label The label to display.
   * @param key The key for data extraction.
   * @param protocol The protocol to prepent.
283 284
   * @param withArrays Allow arrays?
   * @param withObjects Allow objects?
285
   */
286 287
  public function __construct ($label, $key, $protocol,
                               $withArrays = false, $withObjects = false)
288
  {
289
    parent::__construct ($label, $key, $withArrays, $withObjects);
290 291 292 293 294 295
    $this->protocol = $protocol;
  }

  /**
   * Get the content to show.
   * @param html HtmlOutput object to use.
296
   * @param val The value.
297 298
   * @return Processed content.
   */
299
  protected function processSimple (HtmlOutput $html, $val)
300
  {
301
    if (!is_string ($val))
302 303 304
      return NULL;

    $proto = $html->escape ($this->protocol);
305
    $val = $html->escape ($val);
306 307
    return "<a href='$proto:$val'>$val</a>";
  }
Daniel Kraft's avatar
Daniel Kraft committed
308 309 310

}

311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332
/**
 * Field for OTR key fingerprint.
 */
class OTR_Field extends SimpleField
{

  /**
   * Get the content to show.
   * @param html HtmlOutput object to use.
   * @param val The value.
   * @return Processed content.
   */
  protected function processSimple (HtmlOutput $html, $val)
  {
    if (!is_string ($val))
      return NULL;

    return formatKeyFingerprint ($val);
  }

}

333 334 335 336 337 338 339 340 341
/**
 * Field for GPG fingerprint.
 */
class GPG_Field extends BasicField
{

  /**
   * Get the content to show.
   * @param html HtmlOutput object to use.
342
   * @param val The value.
343 344
   * @return Processed content.
   */
345
  protected function processValue (HtmlOutput $html, $val)
346 347 348 349 350 351 352 353
  {
    if (!is_object ($val))
      return NULL;
    if (!isset ($val->v) || $val->v !== "pka1")
      return NULL;
    if (!isset ($val->fpr))
      return NULL;

354
    $formatted = formatKeyFingerprint ($val->fpr);
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377
    if ($formatted === NULL)
      return NULL;

    $href = NULL;
    $content = "";
    if (isset ($val->uri))
      {
        $href = $val->uri;
        $href = $html->escape (sanitiseLink ($href));
        $content .= "<a href='$href'>";
      }
    $content .= $formatted;
    if ($href !== NULL)
      $content .= "</a>";

    return $content;
  }

}


/* ************************************************************************** */

Daniel Kraft's avatar
Daniel Kraft committed
378 379 380 381 382 383
?>

<h1><?php echo $html->escape ("$namePrefix/$identityName"); ?></h1>

<?php

384 385 386 387
$fields = array (new SimpleField ("Real Name", "name"),
                 new SimpleField ("Nickname", "nick", true, true),
                 new WebsiteField ("Website", "website", true, true),
                 new ProtocolledField ("Email", "email", "mailto", true, true),
388
                 new GPG_Field ("OpenPGP", "gpg"),
389
                 new OTR_Field ("OTR Key", "otr", true, true),
390 391
                 new SimpleField ("Bitmessage", "bitmessage", true, true),
                 new SimpleField ("XMPP", "xmpp", true, true),
392
                 new SimpleField ("Twister", "twister", true, true),
393 394 395 396
                 new ProtocolledField ("Bitcoin", "bitcoin", "bitcoin",
                                       true, true),
                 new ProtocolledField ("Namecoin", "namecoin", "namecoin",
                                       true, true),
397
                 new ProtocolledField ("Huntercoin", "huntercoin",
398 399 400 401
                                       "huntercoin", true, true),
                 new ProtocolledField ("Litecoin", "litecoin", "litecoin",
                                       true, true),
                 new SimpleField ("Peercoin", "ppcoin", true, true));
402

Daniel Kraft's avatar
Daniel Kraft committed
403 404
if ($identityPage)
  {
Daniel Kraft's avatar
Daniel Kraft committed
405 406 407 408 409 410 411 412
?>

<p>The Namecoin identity
<code><?php echo $html->escape ("$namePrefix/$identityName"); ?></code> has some
public profile information registered:</p>

<?php
    echo "<dl class='dl-horizontal'>\n";
413 414
    foreach ($fields as $f)
      $f->output ($html, $identityPage);
Daniel Kraft's avatar
Daniel Kraft committed
415 416 417
    echo "</dl>\n";
  }
else
Daniel Kraft's avatar
Daniel Kraft committed
418 419 420 421 422 423
  {
?>
<p>There's no public information for
<code><?php echo $html->escape ("$namePrefix/$identityName"); ?></code>.</p>
<?php
  }
Daniel Kraft's avatar
Daniel Kraft committed
424
?>