plugins/OpenID/openidsettings.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Settings for OpenID
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Settings
  23  * @package   StatusNet
  24  * @author    Evan Prodromou <evan@status.net>
  25  * @copyright 2008-2009 StatusNet, Inc.
  26  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27  * @link      http://status.net/
  28  */
  29
  30 if (!defined('STATUSNET')) {
  31     exit(1);
  32 }
  33
  34 require_once INSTALLDIR.'/plugins/OpenID/openid.php';
  35
  36 /**
  37  * Settings for OpenID
  38  *
  39  * Lets users add, edit and delete OpenIDs from their account
  40  *
  41  * @category Settings
  42  * @package  StatusNet
  43  * @author   Evan Prodromou <evan@status.net>
  44  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  45  * @link     http://status.net/
  46  */
  47 class OpenidsettingsAction extends SettingsAction
  48 {
  49     /**
  50      * Title of the page
  51      *
  52      * @return string Page title
  53      */
  54     function title()
  55     {
  56         // TRANS: Title of OpenID settings page for a user.
  57         return _m('TITLE','OpenID settings');
  58     }
  59
  60     /**
  61      * Instructions for use
  62      *
  63      * @return string Instructions for use
  64      */
  65     function getInstructions()
  66     {
  67         // TRANS: Form instructions for OpenID settings.
  68         // TRANS: This message contains Markdown links in the form [description](link).
  69         return _m('[OpenID](%%doc.openid%%) lets you log into many sites ' .
  70                  'with the same user account. '.
  71                  'Manage your associated OpenIDs from here.');
  72     }
  73
  74     function showScripts()
  75     {
  76         parent::showScripts();
  77         $this->autofocus('openid_url');
  78     }
  79
  80     /**
  81      * Show the form for OpenID management
  82      *
  83      * We have one form with a few different submit buttons to do different things.
  84      *
  85      * @return void
  86      */
  87     function showContent()
  88     {
  89         $user = common_current_user();
  90
  91         if (!common_config('openid', 'trusted_provider')) {
  92             $this->elementStart('form', array('method' => 'post',
  93                                               'id' => 'form_settings_openid_add',
  94                                               'class' => 'form_settings',
  95                                               'action' =>
  96                                               common_local_url('openidsettings')));
  97             $this->elementStart('fieldset', array('id' => 'settings_openid_add'));
  98
  99             // TRANS: Fieldset legend.
 100             $this->element('legend', null, _m('LEGEND','Add OpenID'));
 101             $this->hidden('token', common_session_token());
 102             $this->element('p', 'form_guide',
 103                            // TRANS: Form guide.
 104                            _m('If you want to add an OpenID to your account, ' .
 105                              'enter it in the box below and click "Add".'));
 106             $this->elementStart('ul', 'form_data');
 107             $this->elementStart('li');
 108             $this->element('label', array('for' => 'openid_url'),
 109                            // TRANS: Field label.
 110                            _m('OpenID URL'));
 111             $this->element('input', array('name' => 'openid_url',
 112                                           'type' => 'text',
 113                                           'id' => 'openid_url'));
 114             $this->elementEnd('li');
 115             $this->elementEnd('ul');
 116             $this->element('input', array('type' => 'submit',
 117                                           'id' => 'settings_openid_add_action-submit',
 118                                           'name' => 'add',
 119                                           'class' => 'submit',
 120                                           // TRANS: Button text for adding an OpenID URL.
 121                                           'value' => _m('BUTTON','Add')));
 122             $this->elementEnd('fieldset');
 123             $this->elementEnd('form');
 124         }
 125         $oid = new User_openid();
 126
 127         $oid->user_id = $user->id;
 128
 129         $cnt = $oid->find();
 130
 131         if ($cnt > 0) {
 132             // TRANS: Header on OpenID settings page.
 133             $this->element('h2', null, _m('HEADER','Remove OpenID'));
 134
 135             if ($cnt == 1 && !$user->password) {
 136
 137                 $this->element('p', 'form_guide',
 138                                // TRANS: Form guide.
 139                                _m('Removing your only OpenID '.
 140                                  'would make it impossible to log in! ' .
 141                                  'If you need to remove it, '.
 142                                  'add another OpenID first.'));
 143
 144                 if ($oid->fetch()) {
 145                     $this->elementStart('p');
 146                     $this->element('a', array('href' => $oid->canonical),
 147                                    $oid->display);
 148                     $this->elementEnd('p');
 149                 }
 150
 151             } else {
 152
 153                 $this->element('p', 'form_guide',
 154                                // TRANS: Form guide.
 155                                _m('You can remove an OpenID from your account '.
 156                                  'by clicking the button marked "Remove".'));
 157                 $idx = 0;
 158
 159                 while ($oid->fetch()) {
 160                     $this->elementStart('form',
 161                                         array('method' => 'POST',
 162                                               'id' => 'form_settings_openid_delete' . $idx,
 163                                               'class' => 'form_settings',
 164                                               'action' =>
 165                                               common_local_url('openidsettings')));
 166                     $this->elementStart('fieldset');
 167                     $this->hidden('token', common_session_token());
 168                     $this->element('a', array('href' => $oid->canonical),
 169                                    $oid->display);
 170                     $this->element('input', array('type' => 'hidden',
 171                                                   'id' => 'openid_url'.$idx,
 172                                                   'name' => 'openid_url',
 173                                                   'value' => $oid->canonical));
 174                     $this->element('input', array('type' => 'submit',
 175                                                   'id' => 'remove'.$idx,
 176                                                   'name' => 'remove',
 177                                                   'class' => 'submit remove',
 178                                                   // TRANS: Button text to remove an OpenID.
 179                                                   'value' => _m('BUTTON','Remove')));
 180                     $this->elementEnd('fieldset');
 181                     $this->elementEnd('form');
 182                     $idx++;
 183                 }
 184             }
 185         }
 186
 187         $this->elementStart('form', array('method' => 'post',
 188                                           'id' => 'form_settings_openid_trustroots',
 189                                           'class' => 'form_settings',
 190                                           'action' =>
 191                                           common_local_url('openidsettings')));
 192         $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots'));
 193         // TRANS: Fieldset legend.
 194         $this->element('legend', null, _m('OpenID Trusted Sites'));
 195         $this->hidden('token', common_session_token());
 196         $this->element('p', 'form_guide',
 197                        // TRANS: Form guide.
 198                        _m('The following sites are allowed to access your ' .
 199                        'identity and log you in. You can remove a site from ' .
 200                        'this list to deny it access to your OpenID.'));
 201         $this->elementStart('ul', 'form_data');
 202         $user_openid_trustroot = new User_openid_trustroot();
 203         $user_openid_trustroot->user_id=$user->id;
 204         if($user_openid_trustroot->find()) {
 205             while($user_openid_trustroot->fetch()) {
 206                 $this->elementStart('li');
 207                 $this->element('input', array('name' => 'openid_trustroot[]',
 208                                               'type' => 'checkbox',
 209                                               'class' => 'checkbox',
 210                                               'value' => $user_openid_trustroot->trustroot,
 211                                               'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)));
 212                 $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)),
 213                                $user_openid_trustroot->trustroot);
 214                 $this->elementEnd('li');
 215             }
 216         }
 217         $this->elementEnd('ul');
 218         $this->element('input', array('type' => 'submit',
 219                                       'id' => 'settings_openid_trustroots_action-submit',
 220                                       'name' => 'remove_trustroots',
 221                                       'class' => 'submit',
 222                                       // TRANS: Button text to remove an OpenID trustroot.
 223                                       'value' => _m('BUTTON','Remove')));
 224         $this->elementEnd('fieldset');
 225         $this->elementEnd('form');
 226     }
 227
 228     /**
 229      * Handle a POST request
 230      *
 231      * Muxes to different sub-functions based on which button was pushed
 232      *
 233      * @return void
 234      */
 235     function handlePost()
 236     {
 237         // CSRF protection
 238         $token = $this->trimmed('token');
 239         if (!$token || $token != common_session_token()) {
 240             // TRANS: Client error displayed when the session token does not match or is not given.
 241             $this->showForm(_m('There was a problem with your session token. '.
 242                               'Try again, please.'));
 243             return;
 244         }
 245
 246         if ($this->arg('add')) {
 247             if (common_config('openid', 'trusted_provider')) {
 248                 // TRANS: Form validation error if no OpenID providers can be added.
 249                 $this->showForm(_m('Cannot add new providers.'));
 250             } else {
 251                 $result = oid_authenticate($this->trimmed('openid_url'),
 252                                            'finishaddopenid');
 253                 if (is_string($result)) { // error message
 254                     $this->showForm($result);
 255                 }
 256             }
 257         } else if ($this->arg('remove')) {
 258             $this->removeOpenid();
 259         } else if($this->arg('remove_trustroots')) {
 260             $this->removeTrustroots();
 261         } else {
 262             // TRANS: Unexpected form validation error.
 263             $this->showForm(_m('Something weird happened.'));
 264         }
 265     }
 266
 267     /**
 268      * Handles a request to remove OpenID trustroots from the user's account
 269      *
 270      * Validates input and, if everything is OK, deletes the trustroots.
 271      * Reloads the form with a success or error notification.
 272      *
 273      * @return void
 274      */
 275     function removeTrustroots()
 276     {
 277         $user = common_current_user();
 278         $trustroots = $this->arg('openid_trustroot');
 279         if($trustroots) {
 280             foreach($trustroots as $trustroot) {
 281                 $user_openid_trustroot = User_openid_trustroot::pkeyGet(
 282                                                 array('user_id'=>$user->id, 'trustroot'=>$trustroot));
 283                 if($user_openid_trustroot) {
 284                     $user_openid_trustroot->delete();
 285                 } else {
 286                     // TRANS: Form validation error when trying to remove a non-existing trustroot.
 287                     $this->showForm(_m('No such OpenID trustroot.'));
 288                     return;
 289                 }
 290             }
 291             // TRANS: Success message after removing trustroots.
 292             $this->showForm(_m('Trustroots removed.'), true);
 293         } else {
 294             $this->showForm();
 295         }
 296         return;
 297     }
 298
 299     /**
 300      * Handles a request to remove an OpenID from the user's account
 301      *
 302      * Validates input and, if everything is OK, deletes the OpenID.
 303      * Reloads the form with a success or error notification.
 304      *
 305      * @return void
 306      */
 307     function removeOpenid()
 308     {
 309         $openid_url = $this->trimmed('openid_url');
 310
 311         $oid = User_openid::staticGet('canonical', $openid_url);
 312
 313         if (!$oid) {
 314             // TRANS: Form validation error for a non-existing OpenID.
 315             $this->showForm(_m('No such OpenID.'));
 316             return;
 317         }
 318         $cur = common_current_user();
 319         if (!$cur || $oid->user_id != $cur->id) {
 320             // TRANS: Form validation error if OpenID is connected to another user.
 321             $this->showForm(_m('That OpenID does not belong to you.'));
 322             return;
 323         }
 324         $oid->delete();
 325         // TRANS: Success message after removing an OpenID.
 326         $this->showForm(_m('OpenID removed.'), true);
 327         return;
 328     }
 329 }