3 * Let the user authorize a remote subscription request
9 * @author Evan Prodromou <evan@controlyourself.ca>
10 * @author Robin Millette <millette@controlyourself.ca>
11 * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
12 * @link http://laconi.ca/
14 * Laconica - a distributed open-source microblogging tool
15 * Copyright (C) 2008, 2009, Control Yourself, Inc.
17 * This program is free software: you can redistribute it and/or modify
18 * it under the terms of the GNU Affero General Public License as published by
19 * the Free Software Foundation, either version 3 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU Affero General Public License for more details.
27 * You should have received a copy of the GNU Affero General Public License
28 * along with this program. If not, see <http://www.gnu.org/licenses/>.
31 if (!defined('LACONICA')) {
35 require_once INSTALLDIR.'/lib/omb.php';
36 require_once INSTALLDIR.'/extlib/libomb/service_provider.php';
37 require_once INSTALLDIR.'/extlib/libomb/profile.php';
38 define('TIMESTAMP_THRESHOLD', 300);
40 class UserauthorizationAction extends Action
45 function handle($args)
47 parent::handle($args);
49 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
50 /* Use a session token for CSRF protection. */
51 $token = $this->trimmed('token');
52 if (!$token || $token != common_session_token()) {
53 $srv = $this->getStoredParams();
54 $this->showForm($srv->getRemoteUser(), _('There was a problem ' .
55 'with your session token. Try again, ' .
59 /* We've shown the form, now post user's choice. */
60 $this->sendAuthorization();
62 if (!common_logged_in()) {
63 /* Go log in, and then come back. */
64 common_set_returnto($_SERVER['REQUEST_URI']);
66 common_redirect(common_local_url('login'));
70 $user = common_current_user();
71 $profile = $user->getProfile();
73 common_log_db_error($user, 'SELECT', __FILE__);
74 $this->serverError(_('User without matching profile'));
78 /* TODO: If no token is passed the user should get a prompt to enter
79 it according to OAuth Core 1.0. */
82 $srv = new OMB_Service_Provider(
83 profile_to_omb_profile($user->uri, $profile),
84 omb_oauth_datastore());
86 $remote_user = $srv->handleUserAuth();
87 } catch (Exception $e) {
89 $this->clientError($e->getMessage());
93 $this->storeParams($srv);
94 $this->showForm($remote_user);
98 function showForm($params, $error=null)
100 $this->params = $params;
101 $this->error = $error;
107 return _('Authorize subscription');
110 function showPageNotice()
112 $this->element('p', null, _('Please check these details to make sure '.
113 'that you want to subscribe to this ' .
114 'user’s notices. If you didn’t just ask ' .
115 'to subscribe to someone’s notices, '.
119 function showContent()
121 $params = $this->params;
123 $nickname = $params->getNickname();
124 $profile = $params->getProfileURL();
125 $license = $params->getLicenseURL();
126 $fullname = $params->getFullname();
127 $homepage = $params->getHomepage();
128 $bio = $params->getBio();
129 $location = $params->getLocation();
130 $avatar = $params->getAvatarURL();
132 $this->elementStart('div', array('class' => 'profile'));
133 $this->elementStart('div', 'entity_profile vcard');
134 $this->elementStart('a', array('href' => $profile,
137 $this->element('img', array('src' => $avatar,
138 'class' => 'photo avatar',
139 'width' => AVATAR_PROFILE_SIZE,
140 'height' => AVATAR_PROFILE_SIZE,
141 'alt' => $nickname));
143 $hasFN = ($fullname !== '') ? 'nickname' : 'fn nickname';
144 $this->elementStart('span', $hasFN);
145 $this->raw($nickname);
146 $this->elementEnd('span');
147 $this->elementEnd('a');
149 if (!is_null($fullname)) {
150 $this->elementStart('dl', 'entity_fn');
151 $this->elementStart('dd');
152 $this->elementStart('span', 'fn');
153 $this->raw($fullname);
154 $this->elementEnd('span');
155 $this->elementEnd('dd');
156 $this->elementEnd('dl');
158 if (!is_null($location)) {
159 $this->elementStart('dl', 'entity_location');
160 $this->element('dt', null, _('Location'));
161 $this->elementStart('dd', 'label');
162 $this->raw($location);
163 $this->elementEnd('dd');
164 $this->elementEnd('dl');
167 if (!is_null($homepage)) {
168 $this->elementStart('dl', 'entity_url');
169 $this->element('dt', null, _('URL'));
170 $this->elementStart('dd');
171 $this->elementStart('a', array('href' => $homepage,
173 $this->raw($homepage);
174 $this->elementEnd('a');
175 $this->elementEnd('dd');
176 $this->elementEnd('dl');
179 if (!is_null($bio)) {
180 $this->elementStart('dl', 'entity_note');
181 $this->element('dt', null, _('Note'));
182 $this->elementStart('dd', 'note');
184 $this->elementEnd('dd');
185 $this->elementEnd('dl');
188 if (!is_null($license)) {
189 $this->elementStart('dl', 'entity_license');
190 $this->element('dt', null, _('License'));
191 $this->elementStart('dd', 'license');
192 $this->element('a', array('href' => $license,
193 'class' => 'license'),
195 $this->elementEnd('dd');
196 $this->elementEnd('dl');
198 $this->elementEnd('div');
200 $this->elementStart('div', 'entity_actions');
201 $this->elementStart('ul');
202 $this->elementStart('li', 'entity_subscribe');
203 $this->elementStart('form', array('method' => 'post',
204 'id' => 'userauthorization',
205 'class' => 'form_user_authorization',
206 'name' => 'userauthorization',
207 'action' => common_local_url(
208 'userauthorization')));
209 $this->hidden('token', common_session_token());
211 $this->submit('accept', _('Accept'), 'submit accept', null,
212 _('Subscribe to this user'));
213 $this->submit('reject', _('Reject'), 'submit reject', null,
214 _('Reject this subscription'));
215 $this->elementEnd('form');
216 $this->elementEnd('li');
217 $this->elementEnd('ul');
218 $this->elementEnd('div');
219 $this->elementEnd('div');
222 function sendAuthorization()
224 $srv = $this->getStoredParams();
227 $this->clientError(_('No authorization request!'));
231 $accepted = $this->arg('accept');
233 list($val, $token) = $srv->continueUserAuth($accepted);
234 } catch (Exception $e) {
235 $this->clientError($e->getMessage());
238 if ($val !== false) {
239 common_redirect($val, 303);
240 } elseif ($accepted) {
241 $this->showAcceptMessage($token);
243 $this->showRejectMessage();
247 function showAcceptMessage($tok)
249 common_show_header(_('Subscription authorized'));
250 $this->element('p', null,
251 _('The subscription has been authorized, but no '.
252 'callback URL was passed. Check with the site’s ' .
253 'instructions for details on how to authorize the ' .
254 'subscription. Your subscription token is:'));
255 $this->element('blockquote', 'token', $tok);
256 common_show_footer();
259 function showRejectMessage()
261 common_show_header(_('Subscription rejected'));
262 $this->element('p', null,
263 _('The subscription has been rejected, but no '.
264 'callback URL was passed. Check with the site’s ' .
265 'instructions for details on how to fully reject ' .
266 'the subscription.'));
267 common_show_footer();
270 function storeParams($params)
272 common_ensure_session();
273 $_SESSION['userauthorizationparams'] = serialize($params);
276 function clearParams()
278 common_ensure_session();
279 unset($_SESSION['userauthorizationparams']);
282 function getStoredParams()
284 common_ensure_session();
285 $params = unserialize($_SESSION['userauthorizationparams']);
289 function validateOmb()
291 $listener = $_GET['omb_listener'];
292 $listenee = $_GET['omb_listenee'];
293 $nickname = $_GET['omb_listenee_nickname'];
294 $profile = $_GET['omb_listenee_profile'];
296 $user = User::staticGet('uri', $listener);
298 throw new Exception(sprintf(_('Listener URI ‘%s’ not found here'),
302 if (strlen($listenee) > 255) {
303 throw new Exception(sprintf(_('Listenee URI ‘%s’ is too long.'),
307 $other = User::staticGet('uri', $listenee);
309 throw new Exception(sprintf(_('Listenee URI ‘%s’ is a local user.'),
313 $remote = Remote_profile::staticGet('uri', $listenee);
315 $sub = new Subscription();
316 $sub->subscriber = $user->id;
317 $sub->subscribed = $remote->id;
318 if ($sub->find(true)) {
319 throw new Exception('You are already subscribed to this user.');
323 if ($profile == common_profile_url($nickname)) {
324 throw new Exception(sprintf(_('Profile URL ‘%s’ is for a local user.'),
329 $license = $_GET['omb_listenee_license'];
330 $site_license = common_config('license', 'url');
331 if (!common_compatible_license($license, $site_license)) {
332 throw new Exception(sprintf(_('Listenee stream license ‘%s’ is not ' .
333 'compatible with site license ‘%s’.'),
334 $license, $site_license));
337 $avatar = $_GET['omb_listenee_avatar'];
339 if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
340 throw new Exception(sprintf(_('Avatar URL ‘%s’ is not valid.'),
343 $size = @getimagesize($avatar);
345 throw new Exception(sprintf(_('Can’t read avatar URL ‘%s’.'),
348 if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
350 throw new Exception(sprintf(_('Wrong image type for avatar URL '.