plugins/OpenID/finishopenidlogin.php

   1 <?php
   2 /*
   3  * StatusNet - the distributed open-source microblogging tool
   4  * Copyright (C) 2008, 2009, StatusNet, Inc.
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as published by
   8  * the Free Software Foundation, either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
  21
  22 require_once INSTALLDIR.'/plugins/OpenID/openid.php';
  23
  24 class FinishopenidloginAction extends Action
  25 {
  26     var $error = null;
  27     var $username = null;
  28     var $message = null;
  29
  30     function handle($args)
  31     {
  32         parent::handle($args);
  33         if (common_is_real_login()) {
  34             $this->clientError(_m('Already logged in.'));
  35         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  36             $token = $this->trimmed('token');
  37             if (!$token || $token != common_session_token()) {
  38                 $this->showForm(_m('There was a problem with your session token. Try again, please.'));
  39                 return;
  40             }
  41             if ($this->arg('create')) {
  42                 if (!$this->boolean('license')) {
  43                     $this->showForm(_m('You can\'t register if you don\'t agree to the license.'),
  44                                     $this->trimmed('newname'));
  45                     return;
  46                 }
  47                 $this->createNewUser();
  48             } else if ($this->arg('connect')) {
  49                 $this->connectUser();
  50             } else {
  51                 $this->showForm(_m('Something weird happened.'),
  52                                 $this->trimmed('newname'));
  53             }
  54         } else {
  55             $this->tryLogin();
  56         }
  57     }
  58
  59     function showPageNotice()
  60     {
  61         if ($this->error) {
  62             $this->element('div', array('class' => 'error'), $this->error);
  63         } else {
  64             $this->element('div', 'instructions',
  65                            sprintf(_m('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), common_config('site', 'name')));
  66         }
  67     }
  68
  69     function title()
  70     {
  71         return _m('OpenID Account Setup');
  72     }
  73
  74     function showForm($error=null, $username=null)
  75     {
  76         $this->error = $error;
  77         $this->username = $username;
  78
  79         $this->showPage();
  80     }
  81
  82     function showContent()
  83     {
  84         if (!empty($this->message_text)) {
  85             $this->element('div', array('class' => 'error'), $this->message_text);
  86             return;
  87         }
  88
  89         $this->elementStart('form', array('method' => 'post',
  90                                           'id' => 'account_connect',
  91                                           'class' => 'form_settings',
  92                                           'action' => common_local_url('finishopenidlogin')));
  93         $this->hidden('token', common_session_token());
  94         $this->elementStart('fieldset', array('id' => 'form_openid_createaccount'));
  95         $this->element('legend', null,
  96                        _m('Create new account'));
  97         $this->element('p', null,
  98                        _m('Create a new user with this nickname.'));
  99         $this->elementStart('ul', 'form_data');
 100         $this->elementStart('li');
 101         $this->input('newname', _m('New nickname'),
 102                      ($this->username) ? $this->username : '',
 103                      _m('1-64 lowercase letters or numbers, no punctuation or spaces'));
 104         $this->elementEnd('li');
 105         $this->elementStart('li');
 106         $this->element('input', array('type' => 'checkbox',
 107                                       'id' => 'license',
 108                                       'class' => 'checkbox',
 109                                       'name' => 'license',
 110                                       'value' => 'true'));
 111         $this->elementStart('label', array('for' => 'license',
 112                                           'class' => 'checkbox'));
 113         $this->text(_m('My text and files are available under '));
 114         $this->element('a', array('href' => common_config('license', 'url')),
 115                        common_config('license', 'title'));
 116         $this->text(_m(' except this private data: password, email address, IM address, phone number.'));
 117         $this->elementEnd('label');
 118         $this->elementEnd('li');
 119         $this->elementEnd('ul');
 120         $this->submit('create', _m('Create'));
 121         $this->elementEnd('fieldset');
 122
 123         $this->elementStart('fieldset', array('id' => 'form_openid_createaccount'));
 124         $this->element('legend', null,
 125                        _m('Connect existing account'));
 126         $this->element('p', null,
 127                        _m('If you already have an account, login with your username and password to connect it to your OpenID.'));
 128         $this->elementStart('ul', 'form_data');
 129         $this->elementStart('li');
 130         $this->input('nickname', _m('Existing nickname'));
 131         $this->elementEnd('li');
 132         $this->elementStart('li');
 133         $this->password('password', _m('Password'));
 134         $this->elementEnd('li');
 135         $this->elementEnd('ul');
 136         $this->submit('connect', _m('Connect'));
 137         $this->elementEnd('fieldset');
 138         $this->elementEnd('form');
 139     }
 140
 141     function tryLogin()
 142     {
 143         $consumer = oid_consumer();
 144
 145         $response = $consumer->complete(common_local_url('finishopenidlogin'));
 146
 147         if ($response->status == Auth_OpenID_CANCEL) {
 148             $this->message(_m('OpenID authentication cancelled.'));
 149             return;
 150         } else if ($response->status == Auth_OpenID_FAILURE) {
 151             // Authentication failed; display the error message.
 152             $this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message));
 153         } else if ($response->status == Auth_OpenID_SUCCESS) {
 154             // This means the authentication succeeded; extract the
 155             // identity URL and Simple Registration data (if it was
 156             // returned).
 157             $display = $response->getDisplayIdentifier();
 158             $canonical = ($response->endpoint->canonicalID) ?
 159               $response->endpoint->canonicalID : $response->getDisplayIdentifier();
 160
 161             oid_assert_allowed($display);
 162             oid_assert_allowed($canonical);
 163
 164             $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
 165
 166             if ($sreg_resp) {
 167                 $sreg = $sreg_resp->contents();
 168             }
 169
 170             $user = oid_get_user($canonical);
 171
 172             if ($user) {
 173                 oid_set_last($display);
 174                 # XXX: commented out at @edd's request until better
 175                 # control over how data flows from OpenID provider.
 176                 # oid_update_user($user, $sreg);
 177                 common_set_user($user);
 178                 common_real_login(true);
 179                 if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
 180                     common_rememberme($user);
 181                 }
 182                 unset($_SESSION['openid_rememberme']);
 183                 $this->goHome($user->nickname);
 184             } else {
 185                 $this->saveValues($display, $canonical, $sreg);
 186                 $this->showForm(null, $this->bestNewNickname($display, $sreg));
 187             }
 188         }
 189     }
 190
 191     function message($msg)
 192     {
 193         $this->message_text = $msg;
 194         $this->showPage();
 195     }
 196
 197     function saveValues($display, $canonical, $sreg)
 198     {
 199         common_ensure_session();
 200         $_SESSION['openid_display'] = $display;
 201         $_SESSION['openid_canonical'] = $canonical;
 202         $_SESSION['openid_sreg'] = $sreg;
 203     }
 204
 205     function getSavedValues()
 206     {
 207         return array($_SESSION['openid_display'],
 208                      $_SESSION['openid_canonical'],
 209                      $_SESSION['openid_sreg']);
 210     }
 211
 212     function createNewUser()
 213     {
 214         # FIXME: save invite code before redirect, and check here
 215
 216         if (common_config('site', 'closed')) {
 217             $this->clientError(_m('Registration not allowed.'));
 218             return;
 219         }
 220
 221         $invite = null;
 222
 223         if (common_config('site', 'inviteonly')) {
 224             $code = $_SESSION['invitecode'];
 225             if (empty($code)) {
 226                 $this->clientError(_m('Registration not allowed.'));
 227                 return;
 228             }
 229
 230             $invite = Invitation::staticGet($code);
 231
 232             if (empty($invite)) {
 233                 $this->clientError(_m('Not a valid invitation code.'));
 234                 return;
 235             }
 236         }
 237
 238         $nickname = $this->trimmed('newname');
 239
 240         if (!Validate::string($nickname, array('min_length' => 1,
 241                                                'max_length' => 64,
 242                                                'format' => NICKNAME_FMT))) {
 243             $this->showForm(_m('Nickname must have only lowercase letters and numbers and no spaces.'));
 244             return;
 245         }
 246
 247         if (!User::allowed_nickname($nickname)) {
 248             $this->showForm(_m('Nickname not allowed.'));
 249             return;
 250         }
 251
 252         if (User::staticGet('nickname', $nickname)) {
 253             $this->showForm(_m('Nickname already in use. Try another one.'));
 254             return;
 255         }
 256
 257         list($display, $canonical, $sreg) = $this->getSavedValues();
 258
 259         if (!$display || !$canonical) {
 260             $this->serverError(_m('Stored OpenID not found.'));
 261             return;
 262         }
 263
 264         # Possible race condition... let's be paranoid
 265
 266         $other = oid_get_user($canonical);
 267
 268         if ($other) {
 269             $this->serverError(_m('Creating new account for OpenID that already has a user.'));
 270             return;
 271         }
 272
 273         $location = '';
 274         if (!empty($sreg['country'])) {
 275             if ($sreg['postcode']) {
 276                 # XXX: use postcode to get city and region
 277                 # XXX: also, store postcode somewhere -- it's valuable!
 278                 $location = $sreg['postcode'] . ', ' . $sreg['country'];
 279             } else {
 280                 $location = $sreg['country'];
 281             }
 282         }
 283
 284         if (!empty($sreg['fullname']) && mb_strlen($sreg['fullname']) <= 255) {
 285             $fullname = $sreg['fullname'];
 286         } else {
 287             $fullname = '';
 288         }
 289
 290         if (!empty($sreg['email']) && Validate::email($sreg['email'], common_config('email', 'check_domain'))) {
 291             $email = $sreg['email'];
 292         } else {
 293             $email = '';
 294         }
 295
 296         # XXX: add language
 297         # XXX: add timezone
 298
 299         $args = array('nickname' => $nickname,
 300                       'email' => $email,
 301                       'fullname' => $fullname,
 302                       'location' => $location);
 303
 304         if (!empty($invite)) {
 305             $args['code'] = $invite->code;
 306         }
 307
 308         $user = User::register($args);
 309
 310         $result = oid_link_user($user->id, $canonical, $display);
 311
 312         oid_set_last($display);
 313         common_set_user($user);
 314         common_real_login(true);
 315         if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
 316             common_rememberme($user);
 317         }
 318         unset($_SESSION['openid_rememberme']);
 319         common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)),
 320                         303);
 321     }
 322
 323     function connectUser()
 324     {
 325         $nickname = $this->trimmed('nickname');
 326         $password = $this->trimmed('password');
 327
 328         if (!common_check_user($nickname, $password)) {
 329             $this->showForm(_m('Invalid username or password.'));
 330             return;
 331         }
 332
 333         # They're legit!
 334
 335         $user = User::staticGet('nickname', $nickname);
 336
 337         list($display, $canonical, $sreg) = $this->getSavedValues();
 338
 339         if (!$display || !$canonical) {
 340             $this->serverError(_m('Stored OpenID not found.'));
 341             return;
 342         }
 343
 344         $result = oid_link_user($user->id, $canonical, $display);
 345
 346         if (!$result) {
 347             $this->serverError(_m('Error connecting user to OpenID.'));
 348             return;
 349         }
 350
 351         oid_update_user($user, $sreg);
 352         oid_set_last($display);
 353         common_set_user($user);
 354         common_real_login(true);
 355         if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
 356             common_rememberme($user);
 357         }
 358         unset($_SESSION['openid_rememberme']);
 359         $this->goHome($user->nickname);
 360     }
 361
 362     function goHome($nickname)
 363     {
 364         $url = common_get_returnto();
 365         if ($url) {
 366             # We don't have to return to it again
 367             common_set_returnto(null);
 368             $url = common_inject_session($url);
 369         } else {
 370             $url = common_local_url('all',
 371                                     array('nickname' =>
 372                                           $nickname));
 373         }
 374         common_redirect($url, 303);
 375     }
 376
 377     function bestNewNickname($display, $sreg)
 378     {
 379
 380         # Try the passed-in nickname
 381
 382         if (!empty($sreg['nickname'])) {
 383             $nickname = $this->nicknamize($sreg['nickname']);
 384             if ($this->isNewNickname($nickname)) {
 385                 return $nickname;
 386             }
 387         }
 388
 389         # Try the full name
 390
 391         if (!empty($sreg['fullname'])) {
 392             $fullname = $this->nicknamize($sreg['fullname']);
 393             if ($this->isNewNickname($fullname)) {
 394                 return $fullname;
 395             }
 396         }
 397
 398         # Try the URL
 399
 400         $from_url = $this->openidToNickname($display);
 401
 402         if ($from_url && $this->isNewNickname($from_url)) {
 403             return $from_url;
 404         }
 405
 406         # XXX: others?
 407
 408         return null;
 409     }
 410
 411     function isNewNickname($str)
 412     {
 413         if (!Validate::string($str, array('min_length' => 1,
 414                                           'max_length' => 64,
 415                                           'format' => NICKNAME_FMT))) {
 416             return false;
 417         }
 418         if (!User::allowed_nickname($str)) {
 419             return false;
 420         }
 421         if (User::staticGet('nickname', $str)) {
 422             return false;
 423         }
 424         return true;
 425     }
 426
 427     function openidToNickname($openid)
 428     {
 429         if (Auth_Yadis_identifierScheme($openid) == 'XRI') {
 430             return $this->xriToNickname($openid);
 431         } else {
 432             return $this->urlToNickname($openid);
 433         }
 434     }
 435
 436     # We try to use an OpenID URL as a legal StatusNet user name in this order
 437     # 1. Plain hostname, like http://evanp.myopenid.com/
 438     # 2. One element in path, like http://profile.typekey.com/EvanProdromou/
 439     #    or http://getopenid.com/evanprodromou
 440
 441     function urlToNickname($openid)
 442     {
 443         return common_url_to_nickname($openid);
 444     }
 445
 446     function xriToNickname($xri)
 447     {
 448         $base = $this->xriBase($xri);
 449
 450         if (!$base) {
 451             return null;
 452         } else {
 453             # =evan.prodromou
 454             # or @gratis*evan.prodromou
 455             $parts = explode('*', substr($base, 1));
 456             return $this->nicknamize(array_pop($parts));
 457         }
 458     }
 459
 460     function xriBase($xri)
 461     {
 462         if (substr($xri, 0, 6) == 'xri://') {
 463             return substr($xri, 6);
 464         } else {
 465             return $xri;
 466         }
 467     }
 468
 469     # Given a string, try to make it work as a nickname
 470
 471     function nicknamize($str)
 472     {
 473         return common_nicknamize($str);
 474     }
 475 }