actions/openidlogin.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/openid.php');
  23
  24 class OpenidloginAction extends Action {
  25
  26         function handle($args) {
  27                 parent::handle($args);
  28                 if (common_logged_in()) {
  29                         common_user_error(_t('Already logged in.'));
  30                 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  31                         $this->start_openid_login();
  32                 } else {
  33                         $this->show_form();
  34                 }
  35         }
  36
  37         function show_form($error=NULL) {
  38                 common_show_header(_t('OpenID Login'));
  39                 if ($error) {
  40                         common_element('div', array('class' => 'error'), $error);
  41                 } else {
  42                         common_element('div', 'instructions',
  43                                                    _t('Login with an OpenID account.'));
  44                 }
  45                 common_element_start('form', array('method' => 'POST',
  46                                                                                    'id' => 'openidlogin',
  47                                                                                    'action' => common_local_url('openidlogin')));
  48                 common_input('openid_url', _t('OpenID URL'));
  49                 common_submit('submit', _t('Login'));
  50                 common_element_end('form');
  51                 common_show_footer();
  52         }
  53
  54         function start_openid_login() {
  55                 # XXX: form token in $_SESSION to prevent XSS
  56                 # XXX: login throttle
  57                 $openid_url = $this->trimmed('openid_url');
  58                 if (!common_valid_http_url($openid_url)) {
  59                         $this->show_form(_t('OpenID must be a valid URL.'));
  60                         return;
  61                 }
  62
  63                 $consumer = oid_consumer();
  64
  65                 if (!$consumer) {
  66                         common_server_error(_t('Cannot instantiate OpenID consumer object.'));
  67                         return;
  68                 }
  69
  70                 common_ensure_session();
  71
  72                 $auth_request = $consumer->begin($openid_url);
  73
  74                 // Handle failure status return values.
  75                 if (!$auth_request) {
  76                         $this->show_form(_t('Not a valid OpenID.'));
  77                         return;
  78                 } else if (Auth_OpenID::isFailure($auth_request)) {
  79                         $this->show_form(_t('OpenID failure: ') . $auth_request->message);
  80                         return;
  81                 }
  82
  83                 $sreg_request = Auth_OpenID_SRegRequest::build(// Required
  84                                                                                                            array(),
  85                                                                                                            // Optional
  86                                                                                                            array('nickname',
  87                                                                                                                          'email',
  88                                                                                                                          'fullname',
  89                                                                                                                          'language',
  90                                                                                                                          'timezone',
  91                                                                                                                          'postcode',
  92                                                                                                                          'country'));
  93
  94                 if ($sreg_request) {
  95                         $auth_request->addExtension($sreg_request);
  96                 }
  97
  98                 $trust_root = common_root_url();
  99                 $process_url = common_local_url('finishopenidlogin');
 100
 101                 if ($auth_request->shouldSendRedirect()) {
 102                         $redirect_url = $auth_request->redirectURL($trust_root,
 103                                                                                                            $process_url);
 104                         if (!$redirect_url) {
 105                         } else if (Auth_OpenID::isFailure($redirect_url)) {
 106                                 $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message);
 107                                 return;
 108                         } else {
 109                                 common_redirect($redirect_url);
 110                         }
 111                 } else {
 112                         // Generate form markup and render it.
 113                         $form_id = 'openid_message';
 114                         $form_html = $auth_request->formMarkup($trust_root, $process_url,
 115                                                                                                    false, array('id' => $form_id));
 116
 117                         # XXX: This is cheap, but things choke if we don't escape ampersands
 118                         # in the HTML attributes
 119
 120                         $form_html = preg_replace('/&/', '&amp;', $form_html);
 121
 122                         // Display an error if the form markup couldn't be generated;
 123                         // otherwise, render the HTML.
 124                         if (Auth_OpenID::isFailure($form_html)) {
 125                                 $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
 126                         } else {
 127                                 common_show_header(_t('OpenID Auto-Submit'));
 128                                 common_element('p', 'instructions',
 129                                                            _t('This form should automatically submit itself. '.
 130                                                                   'If not, click the submit button to go to your '.
 131                                                                   'OpenID provider.'));
 132                                 common_raw($form_html);
 133                                 common_element('script', NULL,
 134                                                            '$(document).ready(function() { ' .
 135                                                            '    $("#'. $form_id .'").submit(); '.
 136                                                            '}');
 137                                 common_show_footer();
 138                         }
 139                 }
 140         }
 141 }