src/Module/Security/OpenID.php

   1 <?php
   2
   3 namespace Friendica\Module\Security;
   4
   5 use Friendica\App\Authentication;
   6 use Friendica\App\BaseURL;
   7 use Friendica\BaseModule;
   8 use Friendica\Core\Config\Configuration;
   9 use Friendica\Core\L10n\L10n;
  10 use Friendica\Core\Session\ISession;
  11 use Friendica\Database\Database;
  12 use Friendica\Util\Strings;
  13 use LightOpenID;
  14 use Psr\Log\LoggerInterface;
  15
  16 /**
  17  * Performs an login with OpenID
  18  */
  19 class OpenID extends BaseModule
  20 {
  21         public static function content(array $parameters = [])
  22         {
  23                 /** @var Configuration $config */
  24                 $config = self::getClass(Configuration::class);
  25
  26                 /** @var BaseURL $baseUrl */
  27                 $baseUrl = self::getClass(BaseURL::class);
  28
  29                 if ($config->get('system', 'no_openid')) {
  30                         $baseUrl->redirect();
  31                 }
  32
  33                 /** @var LoggerInterface $logger */
  34                 $logger = self::getClass(LoggerInterface::class);
  35
  36                 $logger->debug('mod_openid.', ['request' => $_REQUEST]);
  37
  38                 /** @var ISession $session */
  39                 $session = self::getClass(ISession::class);
  40
  41                 if (!empty($_GET['openid_mode']) && !empty($session->get('openid'))) {
  42
  43                         $openid = new LightOpenID($baseUrl->getHostname());
  44
  45                         /** @var L10n $l10n */
  46                         $l10n = self::getClass(L10n::class);
  47
  48                         if ($openid->validate()) {
  49                                 $authId = $openid->data['openid_identity'];
  50
  51                                 if (empty($authId)) {
  52                                         $logger->info($l10n->t('OpenID protocol error. No ID returned'));
  53                                         $baseUrl->redirect();
  54                                 }
  55
  56                                 // NOTE: we search both for normalised and non-normalised form of $authid
  57                                 //       because the normalization step was removed from setting
  58                                 //       mod/settings.php in 8367cad so it might have left mixed
  59                                 //       records in the user table
  60                                 //
  61                                 $condition = ['blocked' => false, 'account_expired' => false, 'account_removed' => false, 'verified' => true,
  62                                               'openid' => [$authId, Strings::normaliseOpenID($authId)]];
  63
  64                                 $dba = self::getClass(Database::class);
  65
  66                                 $user  = $dba->selectFirst('user', [], $condition);
  67                                 if ($dba->isResult($user)) {
  68
  69                                         // successful OpenID login
  70                                         $session->remove('openid');
  71
  72                                         /** @var Authentication $auth */
  73                                         $auth = self::getClass(Authentication::class);
  74                                         $auth->setForUser(self::getApp(), $user, true, true);
  75
  76                                         // just in case there was no return url set
  77                                         // and we fell through
  78                                         $baseUrl->redirect();
  79                                 }
  80
  81                                 // Successful OpenID login - but we can't match it to an existing account.
  82                                 $session->remove('register');
  83                                 $session->set('openid_attributes', $openid->getAttributes());
  84                                 $session->set('openid_identity', $authId);
  85
  86                                 // Detect the server URL
  87                                 $open_id_obj = new LightOpenID($baseUrl->getHostName());
  88                                 $open_id_obj->identity = $authId;
  89                                 $session->set('openid_server', $open_id_obj->discover($open_id_obj->identity));
  90
  91                                 if (intval($config->get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) {
  92                                         notice($l10n->t('Account not found. Please login to your existing account to add the OpenID to it.'));
  93                                 } else {
  94                                         notice($l10n->t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.'));
  95                                 }
  96
  97                                 $baseUrl->redirect('login');
  98                         }
  99                 }
 100         }
 101 }