actions/openidlogin.php

   1 <?php
   2 /*
   3  * Laconica - a distributed open-source microblogging tool
   4  * Copyright (C) 2008, Controlez-Vous, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('LACONICA')) { exit(1); }
  21
  22 require_once(INSTALLDIR.'/lib/openid.php');
  23
  24 class OpenidloginAction extends Action {
  25
  26         function handle($args) {
  27                 parent::handle($args);
  28                 if (common_logged_in()) {
  29                         common_user_error(_t('Already logged in.'));
  30                 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  31                         $this->start_openid_login();
  32                 } else {
  33                         $this->show_form();
  34                 }
  35         }
  36
  37         function show_form($error=NULL) {
  38                 common_show_header(_t('OpenID Login'));
  39                 if ($error) {
  40                         common_element('div', array('class' => 'error'), $error);
  41                 } else {
  42                         common_element('div', 'instructions',
  43                                                    _t('Login with an OpenID account.'));
  44                 }
  45                 common_element_start('form', array('method' => 'POST',
  46                                                                                    'id' => 'openidlogin',
  47                                                                                    'action' => common_local_url('openidlogin')));
  48                 common_input('openid_url', _t('OpenID URL'));
  49                 common_submit('submit', _t('Login'));
  50                 common_element_end('form');
  51                 common_show_footer();
  52         }
  53
  54         function start_openid_login() {
  55                 # XXX: form token in $_SESSION to prevent XSS
  56                 # XXX: login throttle
  57                 $openid_url = $this->trimmed('openid_url');
  58
  59                 $consumer = oid_consumer();
  60
  61                 if (!$consumer) {
  62                         common_server_error(_t('Cannot instantiate OpenID consumer object.'));
  63                         return;
  64                 }
  65
  66                 common_ensure_session();
  67
  68                 $auth_request = $consumer->begin($openid_url);
  69
  70                 // Handle failure status return values.
  71                 if (!$auth_request) {
  72                         $this->show_form(_t('Not a valid OpenID.'));
  73                         return;
  74                 } else if (Auth_OpenID::isFailure($auth_request)) {
  75                         $this->show_form(_t('OpenID failure: ') . $auth_request->message);
  76                         return;
  77                 }
  78
  79                 $sreg_request = Auth_OpenID_SRegRequest::build(// Required
  80                                                                                                            array(),
  81                                                                                                            // Optional
  82                                                                                                            array('nickname',
  83                                                                                                                          'email',
  84                                                                                                                          'fullname',
  85                                                                                                                          'language',
  86                                                                                                                          'timezone',
  87                                                                                                                          'postcode',
  88                                                                                                                          'country'));
  89
  90                 if ($sreg_request) {
  91                         $auth_request->addExtension($sreg_request);
  92                 }
  93
  94                 $trust_root = common_root_url();
  95                 $process_url = common_local_url('finishopenidlogin');
  96
  97                 if ($auth_request->shouldSendRedirect()) {
  98                         $redirect_url = $auth_request->redirectURL($trust_root,
  99                                                                                                            $process_url);
 100                         if (!$redirect_url) {
 101                         } else if (Auth_OpenID::isFailure($redirect_url)) {
 102                                 $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message);
 103                                 return;
 104                         } else {
 105                                 common_redirect($redirect_url);
 106                         }
 107                 } else {
 108                         // Generate form markup and render it.
 109                         $form_id = 'openid_message';
 110                         $form_html = $auth_request->formMarkup($trust_root, $process_url,
 111                                                                                                    false, array('id' => $form_id));
 112
 113                         # XXX: This is cheap, but things choke if we don't escape ampersands
 114                         # in the HTML attributes
 115
 116                         $form_html = preg_replace('/&/', '&amp;', $form_html);
 117
 118                         // Display an error if the form markup couldn't be generated;
 119                         // otherwise, render the HTML.
 120                         if (Auth_OpenID::isFailure($form_html)) {
 121                                 $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
 122                         } else {
 123                                 common_show_header(_t('OpenID Auto-Submit'));
 124                                 common_element('p', 'instructions',
 125                                                            _t('This form should automatically submit itself. '.
 126                                                                   'If not, click the submit button to go to your '.
 127                                                                   'OpenID provider.'));
 128                                 common_raw($form_html);
 129                                 common_element('script', NULL,
 130                                                            '$(document).ready(function() { ' .
 131                                                            '    $("#'. $form_id .'").submit(); '.
 132                                                            '});');
 133                                 common_show_footer();
 134                         }
 135                 }
 136         }
 137 }