$sreg = $sreg_resp->contents();
}
+ // Launchpad teams extension
+ if (!oid_check_teams($response)) {
+ $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
+ return;
+ }
+
$cur = common_current_user();
$other = oid_get_user($canonical);
$this->message(_m('Error connecting user.'));
return;
}
- if ($sreg) {
- if (!oid_update_user($cur, $sreg)) {
- $this->message(_m('Error updating profile'));
- return;
+ if (Event::handle('StartOpenIDUpdateUser', array($cur, $canonical, &$sreg))) {
+ if ($sreg) {
+ if (!oid_update_user($cur, $sreg)) {
+ $this->message(_m('Error updating profile'));
+ return;
+ }
}
}
+ Event::handle('EndOpenIDUpdateUser', array($cur, $canonical, $sreg));
// success!
$sreg = $sreg_resp->contents();
}
+ // Launchpad teams extension
+ if (!oid_check_teams($response)) {
+ $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
+ return;
+ }
+
$user = oid_get_user($canonical);
if ($user) {
return;
}
+ Event::handle('StartOpenIDCreateNewUser', array($canonical, &$sreg));
+
$location = '';
if (!empty($sreg['country'])) {
if ($sreg['postcode']) {
$result = oid_link_user($user->id, $canonical, $display);
+ Event::handle('EndOpenIDCreateNewUser', array($user, $canonical, $sreg));
+
oid_set_last($display);
common_set_user($user);
common_real_login(true);
return;
}
- oid_update_user($user, $sreg);
+ if (Event::handle('StartOpenIDUpdateUser', array($user, $canonical, &$sreg))) {
+ oid_update_user($user, $sreg);
+ }
+ Event::handle('EndOpenIDUpdateUser', array($user, $canonical, $sreg));
+
oid_set_last($display);
common_set_user($user);
common_real_login(true);
$auth_request->addExtension($sreg_request);
}
+ $requiredTeam = common_config('openid', 'required_team');
+ if ($requiredTeam) {
+ // LaunchPad OpenID extension
+ $team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam));
+ if ($team_request) {
+ $auth_request->addExtension($team_request);
+ }
+ }
+
$trust_root = common_root_url(true);
$process_url = common_local_url($returnto);
'OpenID provider.'));
}
- # update a user from sreg parameters
-
- function oid_update_user(&$user, &$sreg)
+ /**
+ * Update a user from sreg parameters
+ * @param User $user
+ * @param array $sreg fields from OpenID sreg response
+ * @access private
+ */
+ function oid_update_user($user, $sreg)
{
-
$profile = $user->getProfile();
$orig_profile = clone($profile);
return;
}
+/**
+ * Check the teams available in the given OpenID response
+ * Using Launchpad's OpenID teams extension
+ *
+ * @return boolean whether this user is acceptable
+ */
+function oid_check_teams($response)
+{
+ $requiredTeam = common_config('openid', 'required_team');
+ if ($requiredTeam) {
+ $team_resp = new Auth_OpenID_TeamsResponse($response);
+ if ($team_resp) {
+ $teams = $team_resp->getTeams();
+ } else {
+ $teams = array();
+ }
+
+ $match = in_array($requiredTeam, $teams);
+ $is = $match ? 'is' : 'is not';
+ common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]");
+
+ return $match;
+ }
+
+ return true;
+}
+
class AutosubmitAction extends Action
{
var $form_html = null;