3 * StatusNet, the distributed open-source microblogging tool
5 * Login or register a local user based on a Facebook user
9 * LICENCE: This program is free software: you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * @author Zach Copley <zach@status.net>
25 * @copyright 2010 StatusNet, Inc.
26 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
27 * @link http://status.net/
30 if (!defined('STATUSNET')) {
34 class FacebookfinishloginAction extends Action
36 private $facebook = null; // Facebook client
37 private $fbuid = null; // Facebook user ID
38 private $fbuser = null; // Facebook user object (JSON)
40 function prepare($args) {
42 parent::prepare($args);
44 $this->facebook = new Facebook(
46 'appId' => common_config('facebook', 'appid'),
47 'secret' => common_config('facebook', 'secret'),
52 // Check for a Facebook user session
54 $session = $this->facebook->getSession();
59 $this->fbuid = $this->facebook->getUser();
60 $this->fbuser = $this->facebook->api('/me');
61 } catch (FacebookApiException $e) {
62 common_log(LOG_ERROR, $e, __FILE__);
66 if (!empty($this->fbuser)) {
68 // OKAY, all is well... proceed to register
70 common_debug("Found a valid Facebook user.", __FILE__);
73 // This shouldn't happen in the regular course of things
75 list($proxy, $ip) = common_client_ip();
80 'Failed Facebook authentication attempt, proxy = %s, ip = %s.',
88 _m('You must be logged into Facebook to register a local account using Facebook.')
95 function handle($args)
97 parent::handle($args);
99 if (common_is_real_login()) {
101 // User is already logged in, are her accounts already linked?
103 $flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_SERVICE);
105 if (!empty($flink)) {
107 // User already has a linked Facebook account and shouldn't be here!
111 'There\'s already a local user %d linked with Facebook user %s.',
118 _m('There is already a local account linked with that Facebook account.')
123 // Possibly reconnect an existing account
125 $this->connectUser();
128 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
135 function handlePost()
137 $token = $this->trimmed('token');
139 if (!$token || $token != common_session_token()) {
141 _m('There was a problem with your session token. Try again, please.')
146 if ($this->arg('create')) {
148 if (!$this->boolean('license')) {
150 _m('You can\'t register if you don\'t agree to the license.'),
151 $this->trimmed('newname')
156 // We has a valid Facebook session and the Facebook user has
157 // agreed to the SN license, so create a new user
158 $this->createNewUser();
160 } else if ($this->arg('connect')) {
162 $this->connectNewUser();
167 _m('An unknown error has occured.'),
168 $this->trimmed('newname')
173 function showPageNotice()
177 $this->element('div', array('class' => 'error'), $this->error);
182 'div', 'instructions',
183 // TRANS: %s is the site name.
185 _m('This is the first time you\'ve logged into %s so we must connect your Facebook to a local account. You can either create a new local account, or connect with an existing local account.'),
186 common_config('site', 'name')
194 // TRANS: Page title.
195 return _m('Facebook Setup');
198 function showForm($error=null, $username=null)
200 $this->error = $error;
201 $this->username = $username;
212 * @fixme much of this duplicates core code, which is very fragile.
213 * Should probably be replaced with an extensible mini version of
214 * the core registration form.
216 function showContent()
218 if (!empty($this->message_text)) {
219 $this->element('p', null, $this->message);
223 $this->elementStart('form', array('method' => 'post',
224 'id' => 'form_settings_facebook_connect',
225 'class' => 'form_settings',
226 'action' => common_local_url('facebookfinishlogin')));
227 $this->elementStart('fieldset', array('id' => 'settings_facebook_connect_options'));
229 $this->element('legend', null, _m('Connection options'));
230 $this->elementStart('ul', 'form_data');
231 $this->elementStart('li');
232 $this->element('input', array('type' => 'checkbox',
234 'class' => 'checkbox',
237 $this->elementStart('label', array('class' => 'checkbox', 'for' => 'license'));
238 // TRANS: %s is the name of the license used by the user for their status updates.
239 $message = _m('My text and files are available under %s ' .
240 'except this private data: password, ' .
241 'email address, IM address, and phone number.');
242 $link = '<a href="' .
243 htmlspecialchars(common_config('license', 'url')) .
245 htmlspecialchars(common_config('license', 'title')) .
247 $this->raw(sprintf(htmlspecialchars($message), $link));
248 $this->elementEnd('label');
249 $this->elementEnd('li');
250 $this->elementEnd('ul');
252 $this->elementStart('fieldset');
253 $this->hidden('token', common_session_token());
254 $this->element('legend', null,
256 _m('Create new account'));
257 $this->element('p', null,
258 _m('Create a new user with this nickname.'));
259 $this->elementStart('ul', 'form_data');
261 // Hook point for captcha etc
262 Event::handle('StartRegistrationFormData', array($this));
264 $this->elementStart('li');
265 // TRANS: Field label.
266 $this->input('newname', _m('New nickname'),
267 ($this->username) ? $this->username : '',
268 _m('1-64 lowercase letters or numbers, no punctuation or spaces'));
269 $this->elementEnd('li');
271 // Hook point for captcha etc
272 Event::handle('EndRegistrationFormData', array($this));
274 $this->elementEnd('ul');
275 // TRANS: Submit button.
276 $this->submit('create', _m('BUTTON','Create'));
277 $this->elementEnd('fieldset');
279 $this->elementStart('fieldset');
281 $this->element('legend', null,
282 _m('Connect existing account'));
283 $this->element('p', null,
284 _m('If you already have an account, login with your username and password to connect it to your Facebook.'));
285 $this->elementStart('ul', 'form_data');
286 $this->elementStart('li');
287 // TRANS: Field label.
288 $this->input('nickname', _m('Existing nickname'));
289 $this->elementEnd('li');
290 $this->elementStart('li');
291 $this->password('password', _m('Password'));
292 $this->elementEnd('li');
293 $this->elementEnd('ul');
294 // TRANS: Submit button.
295 $this->submit('connect', _m('BUTTON','Connect'));
296 $this->elementEnd('fieldset');
298 $this->elementEnd('fieldset');
299 $this->elementEnd('form');
302 function message($msg)
304 $this->message_text = $msg;
308 function createNewUser()
310 if (!Event::handle('StartRegistrationTry', array($this))) {
314 if (common_config('site', 'closed')) {
315 // TRANS: Client error trying to register with registrations not allowed.
316 $this->clientError(_m('Registration not allowed.'));
322 if (common_config('site', 'inviteonly')) {
323 $code = $_SESSION['invitecode'];
325 // TRANS: Client error trying to register with registrations 'invite only'.
326 $this->clientError(_m('Registration not allowed.'));
330 $invite = Invitation::staticGet($code);
332 if (empty($invite)) {
333 // TRANS: Client error trying to register with an invalid invitation code.
334 $this->clientError(_m('Not a valid invitation code.'));
340 $nickname = Nickname::normalize($this->trimmed('newname'));
341 } catch (NicknameException $e) {
342 $this->showForm($e->getMessage());
346 if (!User::allowed_nickname($nickname)) {
347 $this->showForm(_m('Nickname not allowed.'));
351 if (User::staticGet('nickname', $nickname)) {
352 $this->showForm(_m('Nickname already in use. Try another one.'));
357 'nickname' => $nickname,
358 'fullname' => $this->fbuser['first_name']
359 . ' ' . $this->fbuser['last_name'],
360 'homepage' => $this->fbuser['website'],
361 'bio' => $this->fbuser['about'],
362 'location' => $this->fbuser['location']['name']
365 // It's possible that the email address is already in our
366 // DB. It's a unique key, so we need to check
367 if ($this->isNewEmail($this->fbuser['email'])) {
368 $args['email'] = $this->fbuser['email'];
369 $args['email_confirmed'] = true;
372 if (!empty($invite)) {
373 $args['code'] = $invite->code;
376 $user = User::register($args);
377 $result = $this->flinkUser($user->id, $this->fbuid);
380 $this->serverError(_m('Error connecting user to Facebook.'));
384 // Add a Foreign_user record
385 Facebookclient::addFacebookUser($this->fbuser);
387 $this->setAvatar($user);
389 common_set_user($user);
390 common_real_login(true);
395 'Registered new user %s (%d) from Facebook user %s, (fbuid %d)',
398 $this->fbuser['name'],
404 Event::handle('EndRegistrationTry', array($this));
406 $this->goHome($user->nickname);
410 * Attempt to download the user's Facebook picture and create a
411 * StatusNet avatar for the new user.
413 function setAvatar($user)
416 'http://graph.facebook.com/%s/picture?type=large',
420 // fetch the picture from Facebook
421 $client = new HTTPClient();
423 // fetch the actual picture
424 $response = $client->get($picUrl);
426 if ($response->isOk()) {
428 $finalUrl = $client->getUrl();
430 // Make sure the filename is unique becuase it's possible for a user
431 // to deauthorize our app, and then come back in as a new user but
432 // have the same Facebook picture (avatar URLs have a unique index
433 // and their URLs are based on the filenames).
434 $filename = 'facebook-' . common_good_rand(4) . '-'
435 . substr(strrchr($finalUrl, '/'), 1);
437 $ok = file_put_contents(
438 Avatar::path($filename),
446 'Couldn\'t save Facebook avatar %s',
454 // save it as an avatar
455 $profile = $user->getProfile();
457 if ($profile->setOriginal($filename)) {
461 'Saved avatar for %s (%d) from Facebook picture for '
462 . '%s (fbuid %d), filename = %s',
465 $this->fbuser['name'],
476 function connectNewUser()
478 $nickname = $this->trimmed('nickname');
479 $password = $this->trimmed('password');
481 if (!common_check_user($nickname, $password)) {
482 $this->showForm(_m('Invalid username or password.'));
486 $user = User::staticGet('nickname', $nickname);
491 'Found a legit user to connect to Facebook: %s (%d)',
499 $this->tryLinkUser($user);
501 common_set_user($user);
502 common_real_login(true);
504 $this->goHome($user->nickname);
507 function connectUser()
509 $user = common_current_user();
510 $this->tryLinkUser($user);
511 common_redirect(common_local_url('facebookfinishlogin'), 303);
514 function tryLinkUser($user)
516 $result = $this->flinkUser($user->id, $this->fbuid);
518 if (empty($result)) {
519 $this->serverError(_m('Error connecting user to Facebook.'));
525 'Connected Facebook user %s (fbuid %d) to local user %s (%d)',
526 $this->fbuser['name'],
539 'Trying login for Facebook user %s',
545 $flink = Foreign_link::getByForeignID($this->fbuid, FACEBOOK_SERVICE);
547 if (!empty($flink)) {
548 $user = $flink->getUser();
555 'Logged in Facebook user %s as user %d (%s)',
563 common_set_user($user);
564 common_real_login(true);
565 $this->goHome($user->nickname);
572 'No flink found for fbuid: %s - new user',
578 $this->showForm(null, $this->bestNewNickname());
582 function goHome($nickname)
584 $url = common_get_returnto();
586 // We don't have to return to it again
587 common_set_returnto(null);
589 $url = common_local_url('all',
594 common_redirect($url, 303);
597 function flinkUser($user_id, $fbuid)
599 $flink = new Foreign_link();
600 $flink->user_id = $user_id;
601 $flink->foreign_id = $fbuid;
602 $flink->service = FACEBOOK_SERVICE;
604 // Pull the access token from the Facebook cookies
605 $flink->credentials = $this->facebook->getAccessToken();
607 $flink->created = common_sql_now();
609 $flink_id = $flink->insert();
614 function bestNewNickname()
616 if (!empty($this->fbuser['name'])) {
617 $nickname = $this->nicknamize($this->fbuser['name']);
618 if ($this->isNewNickname($nickname)) {
625 $fullname = trim($this->fbuser['first_name'] .
626 ' ' . $this->fbuser['last_name']);
628 if (!empty($fullname)) {
629 $fullname = $this->nicknamize($fullname);
630 if ($this->isNewNickname($fullname)) {
639 * Given a string, try to make it work as a nickname
641 function nicknamize($str)
643 $str = preg_replace('/\W/', '', $str);
644 return strtolower($str);
648 * Is the desired nickname already taken?
650 * @return boolean result
652 function isNewNickname($str)
654 if (!Nickname::isValid($str)) {
658 if (!User::allowed_nickname($str)) {
662 if (User::staticGet('nickname', $str)) {
670 * Do we already have a user record with this email?
671 * (emails have to be unique but they can change)
673 * @param string $email the email address to check
675 * @return boolean result
677 function isNewEmail($email)
679 // we shouldn't have to validate the format
680 $result = User::staticGet('email', $email);
682 if (empty($result)) {
683 common_debug("XXXXXXXXXXXXXXXXXX We've never seen this email before!!!");
686 common_debug("XXXXXXXXXXXXXXXXXX dupe email address!!!!");