Merge in Phergie changes

[quix0rs-gnu-social.git] / plugins / OpenID / openid.php

diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php
index 68b5c29e2461386b42f14e4940f47ca714abfadb..4ce350f7737a56d0480e6440d4e1f9a6ef0a0148 100644 (file)
--- a/plugins/OpenID/openid.php
+++ b/plugins/OpenID/openid.php
@@ -145,9 +145,11 @@ function oid_authenticate($openid_url, $returnto, $immediate=false)
 
     // Handle failure status return values.
     if (!$auth_request) {
+        common_log(LOG_ERR, __METHOD__ . ": mystery fail contacting $openid_url");
         // TRANS: OpenID plugin message. Given when an OpenID is not valid.
         return _m('Not a valid OpenID.');
     } else if (Auth_OpenID::isFailure($auth_request)) {
+        common_log(LOG_ERR, __METHOD__ . ": OpenID fail to $openid_url: $auth_request->message");
         // TRANS: OpenID plugin server error. Given when the OpenID authentication request fails.
         // TRANS: %s is the failure message.
         return sprintf(_m('OpenID failure: %s'), $auth_request->message);
@@ -168,6 +170,15 @@ function oid_authenticate($openid_url, $returnto, $immediate=false)
         $auth_request->addExtension($sreg_request);
     }
 
+    $requiredTeam = common_config('openid', 'required_team');
+    if ($requiredTeam) {
+        // LaunchPad OpenID extension
+        $team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam));
+        if ($team_request) {
+            $auth_request->addExtension($team_request);
+        }
+    }
+
     $trust_root = common_root_url(true);
     $process_url = common_local_url($returnto);
 
@@ -221,11 +232,14 @@ function _oid_print_instructions()
                       'OpenID provider.'));
 }
 
-# update a user from sreg parameters
-
-function oid_update_user(&$user, &$sreg)
+/**
+ * Update a user from sreg parameters
+ * @param User $user
+ * @param array $sreg fields from OpenID sreg response
+ * @access private
+ */
+function oid_update_user($user, $sreg)
 {
-
     $profile = $user->getProfile();
 
     $orig_profile = clone($profile);
@@ -298,6 +312,33 @@ function oid_assert_allowed($url)
     return;
 }
 
+/**
+ * Check the teams available in the given OpenID response
+ * Using Launchpad's OpenID teams extension
+ *
+ * @return boolean whether this user is acceptable
+ */
+function oid_check_teams($response)
+{
+    $requiredTeam = common_config('openid', 'required_team');
+    if ($requiredTeam) {
+        $team_resp = new Auth_OpenID_TeamsResponse($response);
+        if ($team_resp) {
+            $teams = $team_resp->getTeams();
+        } else {
+            $teams = array();
+        }
+
+        $match = in_array($requiredTeam, $teams);
+        $is = $match ? 'is' : 'is not';
+        common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]");
+
+        return $match;
+    }
+
+    return true;
+}
+
 class AutosubmitAction extends Action
 {
     var $form_html = null;