3 * StatusNet, the distributed open-source microblogging tool
9 * LICENCE: This program is free software: you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * @author Evan Prodromou <evan@status.net>
25 * @copyright 2008-2009 StatusNet, Inc.
26 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
27 * @link http://status.net/
30 if (!defined('STATUSNET')) {
34 require_once INSTALLDIR.'/plugins/OpenID/openid.php';
39 * Lets users add, edit and delete OpenIDs from their account
43 * @author Evan Prodromou <evan@status.net>
44 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
45 * @link http://status.net/
47 class OpenidsettingsAction extends SettingsAction
52 * @return string Page title
56 // TRANS: Title of OpenID settings page for a user.
57 return _m('TITLE','OpenID settings');
61 * Instructions for use
63 * @return string Instructions for use
65 function getInstructions()
67 // TRANS: Form instructions for OpenID settings.
68 // TRANS: This message contains Markdown links in the form [description](link).
69 return _m('[OpenID](%%doc.openid%%) lets you log into many sites ' .
70 'with the same user account. '.
71 'Manage your associated OpenIDs from here.');
74 function showScripts()
76 parent::showScripts();
77 $this->autofocus('openid_url');
81 * Show the form for OpenID management
83 * We have one form with a few different submit buttons to do different things.
87 function showContent()
89 $user = common_current_user();
91 if (!common_config('openid', 'trusted_provider')) {
92 $this->elementStart('form', array('method' => 'post',
93 'id' => 'form_settings_openid_add',
94 'class' => 'form_settings',
96 common_local_url('openidsettings')));
97 $this->elementStart('fieldset', array('id' => 'settings_openid_add'));
99 // TRANS: Fieldset legend.
100 $this->element('legend', null, _m('LEGEND','Add OpenID'));
101 $this->hidden('token', common_session_token());
102 $this->element('p', 'form_guide',
103 // TRANS: Form guide.
104 _m('If you want to add an OpenID to your account, ' .
105 'enter it in the box below and click "Add".'));
106 $this->elementStart('ul', 'form_data');
107 $this->elementStart('li');
108 $this->element('label', array('for' => 'openid_url'),
109 // TRANS: Field label.
111 $this->element('input', array('name' => 'openid_url',
113 'id' => 'openid_url'));
114 $this->elementEnd('li');
115 $this->elementEnd('ul');
116 $this->element('input', array('type' => 'submit',
117 'id' => 'settings_openid_add_action-submit',
120 // TRANS: Button text for adding an OpenID URL.
121 'value' => _m('BUTTON','Add')));
122 $this->elementEnd('fieldset');
123 $this->elementEnd('form');
125 $oid = new User_openid();
127 $oid->user_id = $user->id;
132 // TRANS: Header on OpenID settings page.
133 $this->element('h2', null, _m('HEADER','Remove OpenID'));
135 if ($cnt == 1 && !$user->password) {
137 $this->element('p', 'form_guide',
138 // TRANS: Form guide.
139 _m('Removing your only OpenID '.
140 'would make it impossible to log in! ' .
141 'If you need to remove it, '.
142 'add another OpenID first.'));
145 $this->elementStart('p');
146 $this->element('a', array('href' => $oid->canonical),
148 $this->elementEnd('p');
153 $this->element('p', 'form_guide',
154 // TRANS: Form guide.
155 _m('You can remove an OpenID from your account '.
156 'by clicking the button marked "Remove".'));
159 while ($oid->fetch()) {
160 $this->elementStart('form',
161 array('method' => 'POST',
162 'id' => 'form_settings_openid_delete' . $idx,
163 'class' => 'form_settings',
165 common_local_url('openidsettings')));
166 $this->elementStart('fieldset');
167 $this->hidden('token', common_session_token());
168 $this->element('a', array('href' => $oid->canonical),
170 $this->element('input', array('type' => 'hidden',
171 'id' => 'openid_url'.$idx,
172 'name' => 'openid_url',
173 'value' => $oid->canonical));
174 $this->element('input', array('type' => 'submit',
175 'id' => 'remove'.$idx,
177 'class' => 'submit remove',
178 // TRANS: Button text to remove an OpenID.
179 'value' => _m('BUTTON','Remove')));
180 $this->elementEnd('fieldset');
181 $this->elementEnd('form');
187 $this->elementStart('form', array('method' => 'post',
188 'id' => 'form_settings_openid_trustroots',
189 'class' => 'form_settings',
191 common_local_url('openidsettings')));
192 $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots'));
193 // TRANS: Fieldset legend.
194 $this->element('legend', null, _m('OpenID Trusted Sites'));
195 $this->hidden('token', common_session_token());
196 $this->element('p', 'form_guide',
197 // TRANS: Form guide.
198 _m('The following sites are allowed to access your ' .
199 'identity and log you in. You can remove a site from ' .
200 'this list to deny it access to your OpenID.'));
201 $this->elementStart('ul', 'form_data');
202 $user_openid_trustroot = new User_openid_trustroot();
203 $user_openid_trustroot->user_id=$user->id;
204 if($user_openid_trustroot->find()) {
205 while($user_openid_trustroot->fetch()) {
206 $this->elementStart('li');
207 $this->element('input', array('name' => 'openid_trustroot[]',
208 'type' => 'checkbox',
209 'class' => 'checkbox',
210 'value' => $user_openid_trustroot->trustroot,
211 'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)));
212 $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)),
213 $user_openid_trustroot->trustroot);
214 $this->elementEnd('li');
217 $this->elementEnd('ul');
218 $this->element('input', array('type' => 'submit',
219 'id' => 'settings_openid_trustroots_action-submit',
220 'name' => 'remove_trustroots',
222 // TRANS: Button text to remove an OpenID trustroot.
223 'value' => _m('BUTTON','Remove')));
224 $this->elementEnd('fieldset');
225 $this->elementEnd('form');
229 * Handle a POST request
231 * Muxes to different sub-functions based on which button was pushed
235 function handlePost()
238 $token = $this->trimmed('token');
239 if (!$token || $token != common_session_token()) {
240 // TRANS: Client error displayed when the session token does not match or is not given.
241 $this->showForm(_m('There was a problem with your session token. '.
242 'Try again, please.'));
246 if ($this->arg('add')) {
247 if (common_config('openid', 'trusted_provider')) {
248 // TRANS: Form validation error if no OpenID providers can be added.
249 $this->showForm(_m('Cannot add new providers.'));
251 $result = oid_authenticate($this->trimmed('openid_url'),
253 if (is_string($result)) { // error message
254 $this->showForm($result);
257 } else if ($this->arg('remove')) {
258 $this->removeOpenid();
259 } else if($this->arg('remove_trustroots')) {
260 $this->removeTrustroots();
262 // TRANS: Unexpected form validation error.
263 $this->showForm(_m('Something weird happened.'));
268 * Handles a request to remove OpenID trustroots from the user's account
270 * Validates input and, if everything is OK, deletes the trustroots.
271 * Reloads the form with a success or error notification.
275 function removeTrustroots()
277 $user = common_current_user();
278 $trustroots = $this->arg('openid_trustroot');
280 foreach($trustroots as $trustroot) {
281 $user_openid_trustroot = User_openid_trustroot::pkeyGet(
282 array('user_id'=>$user->id, 'trustroot'=>$trustroot));
283 if($user_openid_trustroot) {
284 $user_openid_trustroot->delete();
286 // TRANS: Form validation error when trying to remove a non-existing trustroot.
287 $this->showForm(_m('No such OpenID trustroot.'));
291 // TRANS: Success message after removing trustroots.
292 $this->showForm(_m('Trustroots removed.'), true);
300 * Handles a request to remove an OpenID from the user's account
302 * Validates input and, if everything is OK, deletes the OpenID.
303 * Reloads the form with a success or error notification.
307 function removeOpenid()
309 $openid_url = $this->trimmed('openid_url');
311 $oid = User_openid::staticGet('canonical', $openid_url);
314 // TRANS: Form validation error for a non-existing OpenID.
315 $this->showForm(_m('No such OpenID.'));
318 $cur = common_current_user();
319 if (!$cur || $oid->user_id != $cur->id) {
320 // TRANS: Form validation error if OpenID is connected to another user.
321 $this->showForm(_m('That OpenID does not belong to you.'));
325 // TRANS: Success message after removing an OpenID.
326 $this->showForm(_m('OpenID removed.'), true);