src/Module/Security/OpenID.php

   1 <?php
   2
   3 namespace Friendica\Module\Security;
   4
   5 use Friendica\App\Authentication;
   6 use Friendica\App\BaseURL;
   7 use Friendica\BaseModule;
   8 use Friendica\Core\Config\Configuration;
   9 use Friendica\Core\L10n\L10n;
  10 use Friendica\Core\Session\ISession;
  11 use Friendica\Database\Database;
  12 use Friendica\Util\Strings;
  13 use LightOpenID;
  14 use Psr\Log\LoggerInterface;
  15
  16 /**
  17  * Performs an login with OpenID
  18  */
  19 class OpenID extends BaseModule
  20 {
  21         public static function init(array $parameters = [])
  22         {
  23                 /** @var Configuration $config */
  24                 $config = self::getClass(Configuration::class);
  25                 /** @var BaseURL $baseUrl */
  26                 $baseUrl = self::getClass(BaseURL::class);
  27
  28                 if ($config->get('system', 'no_openid')) {
  29                         $baseUrl->redirect();
  30                 }
  31         }
  32
  33         public static function content(array $parameters = [])
  34         {
  35                 /** @var LoggerInterface $logger */
  36                 $logger = self::getClass(LoggerInterface::class);
  37
  38                 $logger->debug('mod_openid.', ['request' => $_REQUEST]);
  39
  40                 /** @var ISession $session */
  41                 $session = self::getClass(ISession::class);
  42
  43                 if (!empty($_GET['openid_mode']) && !empty($session->get('openid'))) {
  44
  45                         /** @var BaseURL $baseUrl */
  46                         $baseUrl = self::getClass(BaseURL::class);
  47
  48                         $openid = new LightOpenID($baseUrl->getHostname());
  49
  50                         /** @var L10n $l10n */
  51                         $l10n = self::getClass(L10n::class);
  52
  53                         if ($openid->validate()) {
  54                                 $authId = $openid->data['openid_identity'];
  55
  56                                 if (empty($authId)) {
  57                                         $logger->info($l10n->t('OpenID protocol error. No ID returned'));
  58                                         $baseUrl->redirect();
  59                                 }
  60
  61                                 // NOTE: we search both for normalised and non-normalised form of $authid
  62                                 //       because the normalization step was removed from setting
  63                                 //       mod/settings.php in 8367cad so it might have left mixed
  64                                 //       records in the user table
  65                                 //
  66                                 $condition = ['blocked' => false, 'account_expired' => false, 'account_removed' => false, 'verified' => true,
  67                                               'openid' => [$authId, Strings::normaliseOpenID($authId)]];
  68
  69                                 $dba = self::getClass(Database::class);
  70
  71                                 $user  = $dba->selectFirst('user', [], $condition);
  72                                 if ($dba->isResult($user)) {
  73
  74                                         // successful OpenID login
  75                                         $session->remove('openid');
  76
  77                                         /** @var Authentication $auth */
  78                                         $auth = self::getClass(Authentication::class);
  79                                         $auth->setForUser(self::getApp(), $user, true, true);
  80
  81                                         // just in case there was no return url set
  82                                         // and we fell through
  83                                         $baseUrl->redirect();
  84                                 }
  85
  86                                 // Successful OpenID login - but we can't match it to an existing account.
  87                                 $session->remove('register');
  88                                 $session->set('openid_attributes', $openid->getAttributes());
  89                                 $session->set('openid_identity', $authId);
  90
  91                                 // Detect the server URL
  92                                 $open_id_obj = new LightOpenID($baseUrl->getHostName());
  93                                 $open_id_obj->identity = $authId;
  94                                 $session->set('openid_server', $open_id_obj->discover($open_id_obj->identity));
  95
  96                                 $config = self::getClass(Configuration::class);
  97
  98                                 if (intval($config->get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) {
  99                                         notice($l10n->t('Account not found. Please login to your existing account to add the OpenID to it.'));
 100                                 } else {
 101                                         notice($l10n->t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.'));
 102                                 }
 103
 104                                 $baseUrl->redirect('login');
 105                         }
 106                 }
 107         }
 108 }