plugins/OpenID/openidsettings.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Settings for OpenID
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Settings
  23  * @package   StatusNet
  24  * @author    Evan Prodromou <evan@status.net>
  25  * @copyright 2008-2009 StatusNet, Inc.
  26  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27  * @link      http://status.net/
  28  */
  29
  30 if (!defined('STATUSNET') && !defined('LACONICA')) {
  31     exit(1);
  32 }
  33
  34 require_once INSTALLDIR.'/lib/accountsettingsaction.php';
  35 require_once INSTALLDIR.'/plugins/OpenID/openid.php';
  36
  37 /**
  38  * Settings for OpenID
  39  *
  40  * Lets users add, edit and delete OpenIDs from their account
  41  *
  42  * @category Settings
  43  * @package  StatusNet
  44  * @author   Evan Prodromou <evan@status.net>
  45  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  46  * @link     http://status.net/
  47  */
  48
  49 class OpenidsettingsAction extends AccountSettingsAction
  50 {
  51     /**
  52      * Title of the page
  53      *
  54      * @return string Page title
  55      */
  56
  57     function title()
  58     {
  59         return _m('OpenID settings');
  60     }
  61
  62     /**
  63      * Instructions for use
  64      *
  65      * @return string Instructions for use
  66      */
  67
  68     function getInstructions()
  69     {
  70         return _m('[OpenID](%%doc.openid%%) lets you log into many sites' .
  71                  ' with the same user account.'.
  72                  ' Manage your associated OpenIDs from here.');
  73     }
  74
  75     function showScripts()
  76     {
  77         parent::showScripts();
  78         $this->autofocus('openid_url');
  79     }
  80
  81     /**
  82      * Show the form for OpenID management
  83      *
  84      * We have one form with a few different submit buttons to do different things.
  85      *
  86      * @return void
  87      */
  88
  89     function showContent()
  90     {
  91         $user = common_current_user();
  92
  93         if (!common_config('openid', 'trusted_provider')) {
  94             $this->elementStart('form', array('method' => 'post',
  95                                               'id' => 'form_settings_openid_add',
  96                                               'class' => 'form_settings',
  97                                               'action' =>
  98                                               common_local_url('openidsettings')));
  99             $this->elementStart('fieldset', array('id' => 'settings_openid_add'));
 100
 101             $this->element('legend', null, _m('Add OpenID'));
 102             $this->hidden('token', common_session_token());
 103             $this->element('p', 'form_guide',
 104                            _m('If you want to add an OpenID to your account, ' .
 105                              'enter it in the box below and click "Add".'));
 106             $this->elementStart('ul', 'form_data');
 107             $this->elementStart('li');
 108             $this->element('label', array('for' => 'openid_url'),
 109                            _m('OpenID URL'));
 110             $this->element('input', array('name' => 'openid_url',
 111                                           'type' => 'text',
 112                                           'id' => 'openid_url'));
 113             $this->elementEnd('li');
 114             $this->elementEnd('ul');
 115             $this->element('input', array('type' => 'submit',
 116                                           'id' => 'settings_openid_add_action-submit',
 117                                           'name' => 'add',
 118                                           'class' => 'submit',
 119                                           'value' => _m('Add')));
 120             $this->elementEnd('fieldset');
 121             $this->elementEnd('form');
 122         }
 123         $oid = new User_openid();
 124
 125         $oid->user_id = $user->id;
 126
 127         $cnt = $oid->find();
 128
 129         if ($cnt > 0) {
 130
 131             $this->element('h2', null, _m('Remove OpenID'));
 132
 133             if ($cnt == 1 && !$user->password) {
 134
 135                 $this->element('p', 'form_guide',
 136                                _m('Removing your only OpenID '.
 137                                  'would make it impossible to log in! ' .
 138                                  'If you need to remove it, '.
 139                                  'add another OpenID first.'));
 140
 141                 if ($oid->fetch()) {
 142                     $this->elementStart('p');
 143                     $this->element('a', array('href' => $oid->canonical),
 144                                    $oid->display);
 145                     $this->elementEnd('p');
 146                 }
 147
 148             } else {
 149
 150                 $this->element('p', 'form_guide',
 151                                _m('You can remove an OpenID from your account '.
 152                                  'by clicking the button marked "Remove".'));
 153                 $idx = 0;
 154
 155                 while ($oid->fetch()) {
 156                     $this->elementStart('form',
 157                                         array('method' => 'POST',
 158                                               'id' => 'form_settings_openid_delete' . $idx,
 159                                               'class' => 'form_settings',
 160                                               'action' =>
 161                                               common_local_url('openidsettings')));
 162                     $this->elementStart('fieldset');
 163                     $this->hidden('token', common_session_token());
 164                     $this->element('a', array('href' => $oid->canonical),
 165                                    $oid->display);
 166                     $this->element('input', array('type' => 'hidden',
 167                                                   'id' => 'openid_url'.$idx,
 168                                                   'name' => 'openid_url',
 169                                                   'value' => $oid->canonical));
 170                     $this->element('input', array('type' => 'submit',
 171                                                   'id' => 'remove'.$idx,
 172                                                   'name' => 'remove',
 173                                                   'class' => 'submit remove',
 174                                                   'value' => _m('Remove')));
 175                     $this->elementEnd('fieldset');
 176                     $this->elementEnd('form');
 177                     $idx++;
 178                 }
 179             }
 180         }
 181
 182         $this->elementStart('form', array('method' => 'post',
 183                                           'id' => 'form_settings_openid_trustroots',
 184                                           'class' => 'form_settings',
 185                                           'action' =>
 186                                           common_local_url('openidsettings')));
 187         $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots'));
 188         $this->element('legend', null, _m('OpenID Trusted Sites'));
 189         $this->hidden('token', common_session_token());
 190         $this->element('p', 'form_guide',
 191                        _m('The following sites are allowed to access your ' .
 192                        'identity and log you in. You can remove a site from ' .
 193                        'this list to deny it access to your OpenID.'));
 194         $this->elementStart('ul', 'form_data');
 195         $user_openid_trustroot = new User_openid_trustroot();
 196         $user_openid_trustroot->user_id=$user->id;
 197         if($user_openid_trustroot->find()) {
 198             while($user_openid_trustroot->fetch()) {
 199                 $this->elementStart('li');
 200                 $this->element('input', array('name' => 'openid_trustroot[]',
 201                                               'type' => 'checkbox',
 202                                               'class' => 'checkbox',
 203                                               'value' => $user_openid_trustroot->trustroot,
 204                                               'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)));
 205                 $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)),
 206                                $user_openid_trustroot->trustroot);
 207                 $this->elementEnd('li');
 208             }
 209         }
 210         $this->elementEnd('ul');
 211         $this->element('input', array('type' => 'submit',
 212                                       'id' => 'settings_openid_trustroots_action-submit',
 213                                       'name' => 'remove_trustroots',
 214                                       'class' => 'submit',
 215                                       'value' => _m('Remove')));
 216         $this->elementEnd('fieldset');
 217         $this->elementEnd('form');
 218     }
 219
 220     /**
 221      * Handle a POST request
 222      *
 223      * Muxes to different sub-functions based on which button was pushed
 224      *
 225      * @return void
 226      */
 227
 228     function handlePost()
 229     {
 230         // CSRF protection
 231         $token = $this->trimmed('token');
 232         if (!$token || $token != common_session_token()) {
 233             $this->showForm(_m('There was a problem with your session token. '.
 234                               'Try again, please.'));
 235             return;
 236         }
 237
 238         if ($this->arg('add')) {
 239             if (common_config('openid', 'trusted_provider')) {
 240                 $this->showForm(_m("Can't add new providers."));
 241             } else {
 242                 $result = oid_authenticate($this->trimmed('openid_url'),
 243                                            'finishaddopenid');
 244                 if (is_string($result)) { // error message
 245                     $this->showForm($result);
 246                 }
 247             }
 248         } else if ($this->arg('remove')) {
 249             $this->removeOpenid();
 250         } else if($this->arg('remove_trustroots')) {
 251             $this->removeTrustroots();
 252         } else {
 253             $this->showForm(_m('Something weird happened.'));
 254         }
 255     }
 256
 257     /**
 258      * Handles a request to remove OpenID trustroots from the user's account
 259      *
 260      * Validates input and, if everything is OK, deletes the trustroots.
 261      * Reloads the form with a success or error notification.
 262      *
 263      * @return void
 264      */
 265
 266     function removeTrustroots()
 267     {
 268         $user = common_current_user();
 269         $trustroots = $this->arg('openid_trustroot');
 270         if($trustroots) {
 271             foreach($trustroots as $trustroot) {
 272                 $user_openid_trustroot = User_openid_trustroot::pkeyGet(
 273                                                 array('user_id'=>$user->id, 'trustroot'=>$trustroot));
 274                 if($user_openid_trustroot) {
 275                     $user_openid_trustroot->delete();
 276                 } else {
 277                     $this->showForm(_m('No such OpenID trustroot.'));
 278                     return;
 279                 }
 280             }
 281             $this->showForm(_m('Trustroots removed'), true);
 282         } else {
 283             $this->showForm();
 284         }
 285         return;
 286     }
 287
 288     /**
 289      * Handles a request to remove an OpenID from the user's account
 290      *
 291      * Validates input and, if everything is OK, deletes the OpenID.
 292      * Reloads the form with a success or error notification.
 293      *
 294      * @return void
 295      */
 296
 297     function removeOpenid()
 298     {
 299         $openid_url = $this->trimmed('openid_url');
 300
 301         $oid = User_openid::staticGet('canonical', $openid_url);
 302
 303         if (!$oid) {
 304             $this->showForm(_m('No such OpenID.'));
 305             return;
 306         }
 307         $cur = common_current_user();
 308         if (!$cur || $oid->user_id != $cur->id) {
 309             $this->showForm(_m('That OpenID does not belong to you.'));
 310             return;
 311         }
 312         $oid->delete();
 313         $this->showForm(_m('OpenID removed.'), true);
 314         return;
 315     }
 316 }