actions/remotesubscribe.php

   1 <?php
   2 /**
   3  * Handler for remote subscription
   4  *
   5  * PHP version 5
   6  *
   7  * @category Action
   8  * @package  Laconica
   9  * @author   Evan Prodromou <evan@controlyourself.ca>
  10  * @author   Robin Millette <millette@controlyourself.ca>
  11  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  12  * @link     http://laconi.ca/
  13  *
  14  * Laconica - a distributed open-source microblogging tool
  15  * Copyright (C) 2008, 2009, Control Yourself, Inc.
  16  *
  17  * This program is free software: you can redistribute it and/or modify
  18  * it under the terms of the GNU Affero General Public License as published by
  19  * the Free Software Foundation, either version 3 of the License, or
  20  * (at your option) any later version.
  21  *
  22  * This program is distributed in the hope that it will be useful,
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  25  * GNU Affero General Public License for more details.
  26  *
  27  * You should have received a copy of the GNU Affero General Public License
  28  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  29  **/
  30
  31 if (!defined('LACONICA')) {
  32     exit(1);
  33 }
  34
  35 require_once INSTALLDIR.'/lib/omb.php';
  36 require_once INSTALLDIR.'/extlib/libomb/service_consumer.php';
  37 require_once INSTALLDIR.'/extlib/libomb/profile.php';
  38
  39 /**
  40  * Handler for remote subscription
  41  *
  42  * @category Action
  43  * @package  Laconica
  44  * @author   Evan Prodromou <evan@controlyourself.ca>
  45  * @author   Robin Millette <millette@controlyourself.ca>
  46  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  47  * @link     http://laconi.ca/
  48  */
  49
  50 class RemotesubscribeAction extends Action
  51 {
  52     var $nickname;
  53     var $profile_url;
  54     var $err;
  55
  56     function prepare($args)
  57     {
  58         parent::prepare($args);
  59
  60         if (common_logged_in()) {
  61             $this->clientError(_('You can use the local subscription!'));
  62             return false;
  63         }
  64
  65         $this->nickname    = $this->trimmed('nickname');
  66         $this->profile_url = $this->trimmed('profile_url');
  67
  68         return true;
  69     }
  70
  71     function handle($args)
  72     {
  73         parent::handle($args);
  74
  75         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  76             /* Use a session token for CSRF protection. */
  77             $token = $this->trimmed('token');
  78             if (!$token || $token != common_session_token()) {
  79                 $this->showForm(_('There was a problem with your session token. '.
  80                                   'Try again, please.'));
  81                 return;
  82             }
  83             $this->remoteSubscription();
  84         } else {
  85             $this->showForm();
  86         }
  87     }
  88
  89     function showForm($err=null)
  90     {
  91         $this->err = $err;
  92         $this->showPage();
  93     }
  94
  95     function showPageNotice()
  96     {
  97         if ($this->err) {
  98             $this->element('div', 'error', $this->err);
  99         } else {
 100             $inst = _('To subscribe, you can [login](%%action.login%%),' .
 101                       ' or [register](%%action.register%%) a new ' .
 102                       ' account. If you already have an account ' .
 103                       ' on a [compatible microblogging site](%%doc.openmublog%%), ' .
 104                       ' enter your profile URL below.');
 105             $output = common_markup_to_html($inst);
 106             $this->elementStart('div', 'instructions');
 107             $this->raw($output);
 108             $this->elementEnd('div');
 109         }
 110     }
 111
 112     function title()
 113     {
 114         return _('Remote subscribe');
 115     }
 116
 117     function showContent()
 118     {
 119         /* The id 'remotesubscribe' conflicts with the
 120            button on profile page. */
 121         $this->elementStart('form', array('id' => 'form_remote_subscribe',
 122                                           'method' => 'post',
 123                                           'class' => 'form_settings',
 124                                           'action' => common_local_url('remotesubscribe')));
 125         $this->elementStart('fieldset');
 126         $this->element('legend', _('Subscribe to a remote user'));
 127         $this->hidden('token', common_session_token());
 128
 129         $this->elementStart('ul', 'form_data');
 130         $this->elementStart('li');
 131         $this->input('nickname', _('User nickname'), $this->nickname,
 132                      _('Nickname of the user you want to follow'));
 133         $this->elementEnd('li');
 134         $this->elementStart('li');
 135         $this->input('profile_url', _('Profile URL'), $this->profile_url,
 136                      _('URL of your profile on another compatible microblogging service'));
 137         $this->elementEnd('li');
 138         $this->elementEnd('ul');
 139         $this->submit('submit', _('Subscribe'));
 140         $this->elementEnd('fieldset');
 141         $this->elementEnd('form');
 142     }
 143
 144     function remoteSubscription()
 145     {
 146         if (!$this->nickname) {
 147             $this->showForm(_('No such user.'));
 148             return;
 149         }
 150
 151         $user = User::staticGet('nickname', $this->nickname);
 152
 153         $this->profile_url = $this->trimmed('profile_url');
 154
 155         if (!$this->profile_url) {
 156             $this->showForm(_('No such user.'));
 157             return;
 158         }
 159
 160         if (!Validate::uri($this->profile_url,
 161                            array('allowed_schemes' => array('http', 'https')))) {
 162             $this->showForm(_('Invalid profile URL (bad format)'));
 163             return;
 164         }
 165
 166         try {
 167             $service = new OMB_Service_Consumer($this->profile_url,
 168                                                 common_root_url(),
 169                                                 omb_oauth_datastore());
 170         } catch (OMB_InvalidYadisException $e) {
 171             $this->showForm(_('Not a valid profile URL (no YADIS document or ' .
 172                               'no or invalid XRDS defined).'));
 173             return;
 174         }
 175
 176         if ($service->getServiceURI(OAUTH_ENDPOINT_REQUEST) ==
 177             common_local_url('requesttoken') ||
 178             User::staticGet('uri', $service->getRemoteUserURI())) {
 179             $this->showForm(_('That\'s a local profile! Login to subscribe.'));
 180             return;
 181         }
 182
 183         try {
 184             $service->requestToken();
 185         } catch (OMB_RemoteServiceException $e) {
 186             $this->showForm(_('Couldn\'t get a request token.'));
 187             return;
 188         }
 189
 190         /* Create an OMB_Profile from $user. */
 191         $profile = $user->getProfile();
 192         if (!$profile) {
 193             common_log_db_error($user, 'SELECT', __FILE__);
 194             $this->serverError(_('User without matching profile'));
 195             return;
 196         }
 197
 198         $target_url = $service->requestAuthorization(
 199                                    profile_to_omb_profile($user->uri, $profile),
 200                                    common_local_url('finishremotesubscribe'));
 201
 202         common_ensure_session();
 203
 204         $_SESSION['oauth_authorization_request'] = serialize($service);
 205
 206         /* Redirect to the remote service for authorization. */
 207         common_redirect($target_url, 303);
 208     }
 209 }
 210 ?>