plugins/OpenID/actions/openidsettings.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Settings for OpenID
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Settings
  23  * @package   StatusNet
  24  * @author    Evan Prodromou <evan@status.net>
  25  * @copyright 2008-2009 StatusNet, Inc.
  26  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27  * @link      http://status.net/
  28  */
  29
  30 if (!defined('STATUSNET')) {
  31     exit(1);
  32 }
  33
  34 require_once INSTALLDIR.'/plugins/OpenID/openid.php';
  35
  36 /**
  37  * Settings for OpenID
  38  *
  39  * Lets users add, edit and delete OpenIDs from their account
  40  *
  41  * @category Settings
  42  * @package  StatusNet
  43  * @author   Evan Prodromou <evan@status.net>
  44  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  45  * @link     http://status.net/
  46  */
  47 class OpenidsettingsAction extends SettingsAction
  48 {
  49     /**
  50      * Title of the page
  51      *
  52      * @return string Page title
  53      */
  54     function title()
  55     {
  56         // TRANS: Title of OpenID settings page for a user.
  57         return _m('TITLE','OpenID settings');
  58     }
  59
  60     /**
  61      * Instructions for use
  62      *
  63      * @return string Instructions for use
  64      */
  65     function getInstructions()
  66     {
  67         // TRANS: Form instructions for OpenID settings.
  68         // TRANS: This message contains Markdown links in the form [description](link).
  69         return _m('[OpenID](%%doc.openid%%) lets you log into many sites ' .
  70                  'with the same user account. '.
  71                  'Manage your associated OpenIDs from here.');
  72     }
  73
  74     function showScripts()
  75     {
  76         parent::showScripts();
  77         $this->autofocus('openid_url');
  78     }
  79
  80     /**
  81      * Show the form for OpenID management
  82      *
  83      * We have one form with a few different submit buttons to do different things.
  84      *
  85      * @return void
  86      */
  87     function showContent()
  88     {
  89         $user = common_current_user();
  90
  91         if (!common_config('openid', 'trusted_provider')) {
  92             $this->elementStart('form', array('method' => 'post',
  93                                               'id' => 'form_settings_openid_add',
  94                                               'class' => 'form_settings',
  95                                               'action' =>
  96                                               common_local_url('openidsettings')));
  97             $this->elementStart('fieldset', array('id' => 'settings_openid_add'));
  98
  99             // TRANS: Fieldset legend.
 100             $this->element('legend', null, _m('LEGEND','Add OpenID'));
 101             $this->hidden('token', common_session_token());
 102             $this->elementStart('ul', 'form_data');
 103             $this->elementStart('li');
 104             // TRANS: Field label.
 105             $this->input('openid_url', _m('OpenID URL'), null,
 106                         // TRANS: Form guide.
 107                         _m('An OpenID URL which identifies you.'), null, true,
 108                         array('placeholder'=>'https://example.com/you'));
 109             $this->elementEnd('li');
 110             $this->elementEnd('ul');
 111             // TRANS: Button text for adding an OpenID URL.
 112             $this->submit('settings_openid_add_action-submit', _m('BUTTON','Add'), 'submit', 'add');
 113             $this->elementEnd('fieldset');
 114             $this->elementEnd('form');
 115         }
 116         $oid = new User_openid();
 117
 118         $oid->user_id = $user->id;
 119
 120         $cnt = $oid->find();
 121
 122         if ($cnt > 0) {
 123             // TRANS: Header on OpenID settings page.
 124             $this->element('h2', null, _m('HEADER','Remove OpenID'));
 125
 126             if ($cnt == 1 && !$user->password) {
 127
 128                 $this->element('p', 'form_guide',
 129                                // TRANS: Form guide.
 130                                _m('Removing your only OpenID '.
 131                                  'would make it impossible to log in! ' .
 132                                  'If you need to remove it, '.
 133                                  'add another OpenID first.'));
 134
 135                 if ($oid->fetch()) {
 136                     $this->elementStart('p');
 137                     $this->element('a', array('href' => $oid->canonical),
 138                                    $oid->display);
 139                     $this->elementEnd('p');
 140                 }
 141
 142             } else {
 143
 144                 $this->element('p', 'form_guide',
 145                                // TRANS: Form guide.
 146                                _m('You can remove an OpenID from your account '.
 147                                  'by clicking the button marked "Remove".'));
 148                 $idx = 0;
 149
 150                 while ($oid->fetch()) {
 151                     $this->elementStart('form',
 152                                         array('method' => 'POST',
 153                                               'id' => 'form_settings_openid_delete' . $idx,
 154                                               'class' => 'form_settings',
 155                                               'action' =>
 156                                               common_local_url('openidsettings')));
 157                     $this->elementStart('fieldset');
 158                     $this->hidden('token', common_session_token());
 159                     $this->element('a', array('href' => $oid->canonical),
 160                                    $oid->display);
 161                     $this->hidden("openid_url{$idx}", $oid->canonical, 'openid_url');
 162                     // TRANS: Button text to remove an OpenID.
 163                     $this->submit("remove{$idx}", _m('BUTTON','Remove'), 'submit remove', 'remove');
 164                     $this->elementEnd('fieldset');
 165                     $this->elementEnd('form');
 166                     $idx++;
 167                 }
 168             }
 169         }
 170
 171         $this->elementStart('form', array('method' => 'post',
 172                                           'id' => 'form_settings_openid_trustroots',
 173                                           'class' => 'form_settings',
 174                                           'action' =>
 175                                           common_local_url('openidsettings')));
 176         $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots'));
 177         // TRANS: Fieldset legend.
 178         $this->element('legend', null, _m('OpenID Trusted Sites'));
 179         $this->hidden('token', common_session_token());
 180         $this->element('p', 'form_guide',
 181                        // TRANS: Form guide.
 182                        _m('The following sites are allowed to access your ' .
 183                        'identity and log you in. You can remove a site from ' .
 184                        'this list to deny it access to your OpenID.'));
 185         $this->elementStart('ul', 'form_data');
 186         $user_openid_trustroot = new User_openid_trustroot();
 187         $user_openid_trustroot->user_id=$user->id;
 188         if($user_openid_trustroot->find()) {
 189             while($user_openid_trustroot->fetch()) {
 190                 $this->elementStart('li');
 191                 $this->element('input', array('name' => 'openid_trustroot[]',
 192                                               'type' => 'checkbox',
 193                                               'class' => 'checkbox',
 194                                               'value' => $user_openid_trustroot->trustroot,
 195                                               'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)));
 196                 $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)),
 197                                $user_openid_trustroot->trustroot);
 198                 $this->elementEnd('li');
 199             }
 200         }
 201         $this->elementEnd('ul');
 202         // TRANS: Button text to remove an OpenID trustroot.
 203         $this->submit('settings_openid_trustroots_action-submit', _m('BUTTON','Remove'), 'submit', 'remove_trustroots');
 204         $this->elementEnd('fieldset');
 205
 206         $prefs = User_openid_prefs::getKV('user_id', $user->id);
 207
 208         $this->elementStart('fieldset');
 209         $this->element('legend', null, _m('LEGEND','Preferences'));
 210         $this->elementStart('ul', 'form_data');
 211         $this->checkbox('hide_profile_link', "Hide OpenID links from my profile", !empty($prefs) && $prefs->hide_profile_link);
 212         // TRANS: Button text to save OpenID prefs
 213         $this->submit('settings_openid_prefs_save', _m('BUTTON','Save'), 'submit', 'save_prefs');
 214         $this->elementEnd('ul');
 215         $this->elementEnd('fieldset');
 216
 217         $this->elementEnd('form');
 218     }
 219
 220     /**
 221      * Handle a POST request
 222      *
 223      * Muxes to different sub-functions based on which button was pushed
 224      *
 225      * @return void
 226      */
 227     function handlePost()
 228     {
 229         // CSRF protection
 230         $token = $this->trimmed('token');
 231         if (!$token || $token != common_session_token()) {
 232             // TRANS: Client error displayed when the session token does not match or is not given.
 233             $this->showForm(_m('There was a problem with your session token. '.
 234                               'Try again, please.'));
 235             return;
 236         }
 237
 238         if ($this->arg('add')) {
 239             if (common_config('openid', 'trusted_provider')) {
 240                 // TRANS: Form validation error if no OpenID providers can be added.
 241                 $this->showForm(_m('Cannot add new providers.'));
 242             } else {
 243                 $result = oid_authenticate($this->trimmed('openid_url'),
 244                                            'finishaddopenid');
 245                 if (is_string($result)) { // error message
 246                     $this->showForm($result);
 247                 }
 248             }
 249         } else if ($this->arg('remove')) {
 250             $this->removeOpenid();
 251         } else if($this->arg('remove_trustroots')) {
 252             $this->removeTrustroots();
 253         } else if($this->arg('save_prefs')) {
 254             $this->savePrefs();
 255         } else {
 256             // TRANS: Unexpected form validation error.
 257             $this->showForm(_m('Something weird happened.'));
 258         }
 259     }
 260
 261     /**
 262      * Handles a request to remove OpenID trustroots from the user's account
 263      *
 264      * Validates input and, if everything is OK, deletes the trustroots.
 265      * Reloads the form with a success or error notification.
 266      *
 267      * @return void
 268      */
 269     function removeTrustroots()
 270     {
 271         $user = common_current_user();
 272         $trustroots = $this->arg('openid_trustroot');
 273         if($trustroots) {
 274             foreach($trustroots as $trustroot) {
 275                 $user_openid_trustroot = User_openid_trustroot::pkeyGet(
 276                                                 array('user_id'=>$user->id, 'trustroot'=>$trustroot));
 277                 if($user_openid_trustroot) {
 278                     $user_openid_trustroot->delete();
 279                 } else {
 280                     // TRANS: Form validation error when trying to remove a non-existing trustroot.
 281                     $this->showForm(_m('No such OpenID trustroot.'));
 282                     return;
 283                 }
 284             }
 285             // TRANS: Success message after removing trustroots.
 286             $this->showForm(_m('Trustroots removed.'), true);
 287         } else {
 288             $this->showForm();
 289         }
 290         return;
 291     }
 292
 293     /**
 294      * Handles a request to remove an OpenID from the user's account
 295      *
 296      * Validates input and, if everything is OK, deletes the OpenID.
 297      * Reloads the form with a success or error notification.
 298      *
 299      * @return void
 300      */
 301     function removeOpenid()
 302     {
 303         $openid_url = $this->trimmed('openid_url');
 304
 305         $oid = User_openid::getKV('canonical', $openid_url);
 306
 307         if (!$oid) {
 308             // TRANS: Form validation error for a non-existing OpenID.
 309             $this->showForm(_m('No such OpenID.'));
 310             return;
 311         }
 312         $cur = common_current_user();
 313         if (!$cur || $oid->user_id != $cur->id) {
 314             // TRANS: Form validation error if OpenID is connected to another user.
 315             $this->showForm(_m('That OpenID does not belong to you.'));
 316             return;
 317         }
 318         $oid->delete();
 319         // TRANS: Success message after removing an OpenID.
 320         $this->showForm(_m('OpenID removed.'), true);
 321         return;
 322     }
 323
 324     /**
 325      * Handles a request to save preferences
 326      *
 327      * Validates input and, if everything is OK, deletes the OpenID.
 328      * Reloads the form with a success or error notification.
 329      *
 330      * @return void
 331      */
 332     function savePrefs()
 333     {
 334         $cur = common_current_user();
 335
 336         if (empty($cur)) {
 337             throw new ClientException(_("Not logged in."));
 338         }
 339
 340         $orig  = null;
 341         $prefs = User_openid_prefs::getKV('user_id', $cur->id);
 342
 343         if (empty($prefs)) {
 344             $prefs          = new User_openid_prefs();
 345             $prefs->user_id = $cur->id;
 346             $prefs->created = common_sql_now();
 347         } else {
 348             $orig = clone($prefs);
 349         }
 350
 351         $prefs->hide_profile_link = $this->booleanintstring('hide_profile_link');
 352
 353         if (empty($orig)) {
 354             $prefs->insert();
 355         } else {
 356             $prefs->update($orig);
 357         }
 358
 359         $this->showForm(_m('OpenID preferences saved.'), true);
 360         return;
 361     }
 362 }