From: Evan Prodromou Date: Fri, 21 Aug 2009 20:27:43 +0000 (-0400) Subject: Merge branch '0.9.x' into openidplugin X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=9f356b55c6f419468771c0f3c2450010c0242abe;hp=a645d0468b368c7c659b440f72ec80498055ac3e;p=quix0rs-gnu-social.git Merge branch '0.9.x' into openidplugin Conflicts: actions/login.php actions/register.php --- diff --git a/actions/finishaddopenid.php b/actions/finishaddopenid.php deleted file mode 100644 index 32bceecfd5..0000000000 --- a/actions/finishaddopenid.php +++ /dev/null @@ -1,185 +0,0 @@ -. - * - * @category Settings - * @package Laconica - * @author Evan Prodromou - * @copyright 2008-2009 Control Yourself, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ - */ - -if (!defined('LACONICA')) { - exit(1); -} - -require_once INSTALLDIR.'/lib/openid.php'; - -/** - * Complete adding an OpenID - * - * Handle the return from an OpenID verification - * - * @category Settings - * @package Laconica - * @author Evan Prodromou - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ - */ - -class FinishaddopenidAction extends Action -{ - var $msg = null; - - /** - * Handle the redirect back from OpenID confirmation - * - * Check to see if the user's logged in, and then try - * to use the OpenID login system. - * - * @param array $args $_REQUEST arguments - * - * @return void - */ - - function handle($args) - { - parent::handle($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - } else { - $this->tryLogin(); - } - } - - /** - * Try to log in using OpenID - * - * Check the OpenID for validity; potentially store it. - * - * @return void - */ - - function tryLogin() - { - $consumer =& oid_consumer(); - - $response = $consumer->complete(common_local_url('finishaddopenid')); - - if ($response->status == Auth_OpenID_CANCEL) { - $this->message(_('OpenID authentication cancelled.')); - return; - } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. - $this->message(sprintf(_('OpenID authentication failed: %s'), - $response->message)); - } else if ($response->status == Auth_OpenID_SUCCESS) { - - $display = $response->getDisplayIdentifier(); - $canonical = ($response->endpoint && $response->endpoint->canonicalID) ? - $response->endpoint->canonicalID : $display; - - $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); - - if ($sreg_resp) { - $sreg = $sreg_resp->contents(); - } - - $cur =& common_current_user(); - - $other = oid_get_user($canonical); - - if ($other) { - if ($other->id == $cur->id) { - $this->message(_('You already have this OpenID!')); - } else { - $this->message(_('Someone else already has this OpenID.')); - } - return; - } - - // start a transaction - - $cur->query('BEGIN'); - - $result = oid_link_user($cur->id, $canonical, $display); - - if (!$result) { - $this->message(_('Error connecting user.')); - return; - } - if ($sreg) { - if (!oid_update_user($cur, $sreg)) { - $this->message(_('Error updating profile')); - return; - } - } - - // success! - - $cur->query('COMMIT'); - - oid_set_last($display); - - common_redirect(common_local_url('openidsettings'), 303); - } - } - - /** - * Show a failure message - * - * Something went wrong. Save the message, and show the page. - * - * @param string $msg Error message to show - * - * @return void - */ - - function message($msg) - { - $this->message = $msg; - $this->showPage(); - } - - /** - * Title of the page - * - * @return string title - */ - - function title() - { - return _('OpenID Login'); - } - - /** - * Show error message - * - * @return void - */ - - function showPageNotice() - { - if ($this->message) { - $this->element('p', 'error', $this->message); - } - } -} diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php deleted file mode 100644 index a291958261..0000000000 --- a/actions/finishopenidlogin.php +++ /dev/null @@ -1,497 +0,0 @@ -. - */ - -if (!defined('LACONICA')) { exit(1); } - -require_once(INSTALLDIR.'/lib/openid.php'); - -class FinishopenidloginAction extends Action -{ - var $error = null; - var $username = null; - var $message = null; - - function handle($args) - { - parent::handle($args); - if (!common_config('openid', 'enabled')) { - common_redirect(common_local_url('login')); - } else if (common_is_real_login()) { - $this->clientError(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->showForm(_('There was a problem with your session token. Try again, please.')); - return; - } - if ($this->arg('create')) { - if (!$this->boolean('license')) { - $this->showForm(_('You can\'t register if you don\'t agree to the license.'), - $this->trimmed('newname')); - return; - } - $this->createNewUser(); - } else if ($this->arg('connect')) { - $this->connectUser(); - } else { - common_debug(print_r($this->args, true), __FILE__); - $this->showForm(_('Something weird happened.'), - $this->trimmed('newname')); - } - } else { - $this->tryLogin(); - } - } - - function showPageNotice() - { - if ($this->error) { - $this->element('div', array('class' => 'error'), $this->error); - } else { - $this->element('div', 'instructions', - sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), common_config('site', 'name'))); - } - } - - function title() - { - return _('OpenID Account Setup'); - } - - function showForm($error=null, $username=null) - { - $this->error = $error; - $this->username = $username; - - $this->showPage(); - } - - function showContent() - { - if (!empty($this->message_text)) { - $this->element('div', array('class' => 'error'), $this->message_text); - return; - } - - $this->elementStart('form', array('method' => 'post', - 'id' => 'account_connect', - 'action' => common_local_url('finishopenidlogin'))); - $this->hidden('token', common_session_token()); - $this->element('h2', null, - _('Create new account')); - $this->element('p', null, - _('Create a new user with this nickname.')); - $this->input('newname', _('New nickname'), - ($this->username) ? $this->username : '', - _('1-64 lowercase letters or numbers, no punctuation or spaces')); - $this->elementStart('p'); - $this->element('input', array('type' => 'checkbox', - 'id' => 'license', - 'name' => 'license', - 'value' => 'true')); - $this->text(_('My text and files are available under ')); - $this->element('a', array('href' => common_config('license', 'url')), - common_config('license', 'title')); - $this->text(_(' except this private data: password, email address, IM address, phone number.')); - $this->elementEnd('p'); - $this->submit('create', _('Create')); - $this->element('h2', null, - _('Connect existing account')); - $this->element('p', null, - _('If you already have an account, login with your username and password to connect it to your OpenID.')); - $this->input('nickname', _('Existing nickname')); - $this->password('password', _('Password')); - $this->submit('connect', _('Connect')); - $this->elementEnd('form'); - } - - function tryLogin() - { - $consumer = oid_consumer(); - - $response = $consumer->complete(common_local_url('finishopenidlogin')); - - if ($response->status == Auth_OpenID_CANCEL) { - $this->message(_('OpenID authentication cancelled.')); - return; - } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. - $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); - } else if ($response->status == Auth_OpenID_SUCCESS) { - // This means the authentication succeeded; extract the - // identity URL and Simple Registration data (if it was - // returned). - $display = $response->getDisplayIdentifier(); - $canonical = ($response->endpoint->canonicalID) ? - $response->endpoint->canonicalID : $response->getDisplayIdentifier(); - - $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); - - if ($sreg_resp) { - $sreg = $sreg_resp->contents(); - } - - $user = oid_get_user($canonical); - - if ($user) { - oid_set_last($display); - # XXX: commented out at @edd's request until better - # control over how data flows from OpenID provider. - # oid_update_user($user, $sreg); - common_set_user($user); - common_real_login(true); - if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } - unset($_SESSION['openid_rememberme']); - $this->goHome($user->nickname); - } else { - $this->saveValues($display, $canonical, $sreg); - $this->showForm(null, $this->bestNewNickname($display, $sreg)); - } - } - } - - function message($msg) - { - $this->message_text = $msg; - $this->showPage(); - } - - function saveValues($display, $canonical, $sreg) - { - common_ensure_session(); - $_SESSION['openid_display'] = $display; - $_SESSION['openid_canonical'] = $canonical; - $_SESSION['openid_sreg'] = $sreg; - } - - function getSavedValues() - { - return array($_SESSION['openid_display'], - $_SESSION['openid_canonical'], - $_SESSION['openid_sreg']); - } - - function createNewUser() - { - # FIXME: save invite code before redirect, and check here - - if (common_config('site', 'closed')) { - $this->clientError(_('Registration not allowed.')); - return; - } - - $invite = null; - - if (common_config('site', 'inviteonly')) { - $code = $_SESSION['invitecode']; - if (empty($code)) { - $this->clientError(_('Registration not allowed.')); - return; - } - - $invite = Invitation::staticGet($code); - - if (empty($invite)) { - $this->clientError(_('Not a valid invitation code.')); - return; - } - } - - $nickname = $this->trimmed('newname'); - - if (!Validate::string($nickname, array('min_length' => 1, - 'max_length' => 64, - 'format' => NICKNAME_FMT))) { - $this->showForm(_('Nickname must have only lowercase letters and numbers and no spaces.')); - return; - } - - if (!User::allowed_nickname($nickname)) { - $this->showForm(_('Nickname not allowed.')); - return; - } - - if (User::staticGet('nickname', $nickname)) { - $this->showForm(_('Nickname already in use. Try another one.')); - return; - } - - list($display, $canonical, $sreg) = $this->getSavedValues(); - - if (!$display || !$canonical) { - $this->serverError(_('Stored OpenID not found.')); - return; - } - - # Possible race condition... let's be paranoid - - $other = oid_get_user($canonical); - - if ($other) { - $this->serverError(_('Creating new account for OpenID that already has a user.')); - return; - } - - $location = ''; - if (!empty($sreg['country'])) { - if ($sreg['postcode']) { - # XXX: use postcode to get city and region - # XXX: also, store postcode somewhere -- it's valuable! - $location = $sreg['postcode'] . ', ' . $sreg['country']; - } else { - $location = $sreg['country']; - } - } - - if (!empty($sreg['fullname']) && mb_strlen($sreg['fullname']) <= 255) { - $fullname = $sreg['fullname']; - } else { - $fullname = ''; - } - - if (!empty($sreg['email']) && Validate::email($sreg['email'], true)) { - $email = $sreg['email']; - } else { - $email = ''; - } - - # XXX: add language - # XXX: add timezone - - $args = array('nickname' => $nickname, - 'email' => $email, - 'fullname' => $fullname, - 'location' => $location); - - if (!empty($invite)) { - $args['code'] = $invite->code; - } - - $user = User::register($args); - - $result = oid_link_user($user->id, $canonical, $display); - - oid_set_last($display); - common_set_user($user); - common_real_login(true); - if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } - unset($_SESSION['openid_rememberme']); - common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)), - 303); - } - - function connectUser() - { - $nickname = $this->trimmed('nickname'); - $password = $this->trimmed('password'); - - if (!common_check_user($nickname, $password)) { - $this->showForm(_('Invalid username or password.')); - return; - } - - # They're legit! - - $user = User::staticGet('nickname', $nickname); - - list($display, $canonical, $sreg) = $this->getSavedValues(); - - if (!$display || !$canonical) { - $this->serverError(_('Stored OpenID not found.')); - return; - } - - $result = oid_link_user($user->id, $canonical, $display); - - if (!$result) { - $this->serverError(_('Error connecting user to OpenID.')); - return; - } - - oid_update_user($user, $sreg); - oid_set_last($display); - common_set_user($user); - common_real_login(true); - if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { - common_rememberme($user); - } - unset($_SESSION['openid_rememberme']); - $this->goHome($user->nickname); - } - - function goHome($nickname) - { - $url = common_get_returnto(); - if ($url) { - # We don't have to return to it again - common_set_returnto(null); - } else { - $url = common_local_url('all', - array('nickname' => - $nickname)); - } - common_redirect($url, 303); - } - - function bestNewNickname($display, $sreg) - { - - # Try the passed-in nickname - - if (!empty($sreg['nickname'])) { - $nickname = $this->nicknamize($sreg['nickname']); - if ($this->isNewNickname($nickname)) { - return $nickname; - } - } - - # Try the full name - - if (!empty($sreg['fullname'])) { - $fullname = $this->nicknamize($sreg['fullname']); - if ($this->isNewNickname($fullname)) { - return $fullname; - } - } - - # Try the URL - - $from_url = $this->openidToNickname($display); - - if ($from_url && $this->isNewNickname($from_url)) { - return $from_url; - } - - # XXX: others? - - return null; - } - - function isNewNickname($str) - { - if (!Validate::string($str, array('min_length' => 1, - 'max_length' => 64, - 'format' => NICKNAME_FMT))) { - return false; - } - if (!User::allowed_nickname($str)) { - return false; - } - if (User::staticGet('nickname', $str)) { - return false; - } - return true; - } - - function openidToNickname($openid) - { - if (Auth_Yadis_identifierScheme($openid) == 'XRI') { - return $this->xriToNickname($openid); - } else { - return $this->urlToNickname($openid); - } - } - - # We try to use an OpenID URL as a legal Laconica user name in this order - # 1. Plain hostname, like http://evanp.myopenid.com/ - # 2. One element in path, like http://profile.typekey.com/EvanProdromou/ - # or http://getopenid.com/evanprodromou - - function urlToNickname($openid) - { - static $bad = array('query', 'user', 'password', 'port', 'fragment'); - - $parts = parse_url($openid); - - # If any of these parts exist, this won't work - - foreach ($bad as $badpart) { - if (array_key_exists($badpart, $parts)) { - return null; - } - } - - # We just have host and/or path - - # If it's just a host... - if (array_key_exists('host', $parts) && - (!array_key_exists('path', $parts) || strcmp($parts['path'], '/') == 0)) - { - $hostparts = explode('.', $parts['host']); - - # Try to catch common idiom of nickname.service.tld - - if ((count($hostparts) > 2) && - (strlen($hostparts[count($hostparts) - 2]) > 3) && # try to skip .co.uk, .com.au - (strcmp($hostparts[0], 'www') != 0)) - { - return $this->nicknamize($hostparts[0]); - } else { - # Do the whole hostname - return $this->nicknamize($parts['host']); - } - } else { - if (array_key_exists('path', $parts)) { - # Strip starting, ending slashes - $path = preg_replace('@/$@', '', $parts['path']); - $path = preg_replace('@^/@', '', $path); - if (strpos($path, '/') === false) { - return $this->nicknamize($path); - } - } - } - - return null; - } - - function xriToNickname($xri) - { - $base = $this->xriBase($xri); - - if (!$base) { - return null; - } else { - # =evan.prodromou - # or @gratis*evan.prodromou - $parts = explode('*', substr($base, 1)); - return $this->nicknamize(array_pop($parts)); - } - } - - function xriBase($xri) - { - if (substr($xri, 0, 6) == 'xri://') { - return substr($xri, 6); - } else { - return $xri; - } - } - - # Given a string, try to make it work as a nickname - - function nicknamize($str) - { - $str = preg_replace('/\W/', '', $str); - return strtolower($str); - } -} diff --git a/actions/login.php b/actions/login.php index 6f1b4777e5..e09fdc76b4 100644 --- a/actions/login.php +++ b/actions/login.php @@ -65,8 +65,6 @@ class LoginAction extends Action * * Switches on request method; either shows the form or handles its input. * - * Checks if only OpenID is allowed and redirects to openidlogin if so. - * * @param array $args $_REQUEST data * * @return void @@ -75,9 +73,7 @@ class LoginAction extends Action function handle($args) { parent::handle($args); - if (common_config('site', 'openidonly')) { - common_redirect(common_local_url('openidlogin')); - } else if (common_is_real_login()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); @@ -252,11 +248,6 @@ class LoginAction extends Action 'user name and password ' . 'before changing your settings.'); } else if (common_config('openid', 'enabled')) { - return _('Login with your username and password. ' . - 'Don\'t have a username yet? ' . - '[Register](%%action.register%%) a new account, or ' . - 'try [OpenID](%%action.openidlogin%%). '); - } else { return _('Login with your username and password. ' . 'Don\'t have a username yet? ' . '[Register](%%action.register%%) a new account.'); diff --git a/actions/logout.php b/actions/logout.php index 3fcfb4f4ef..cb20a26b54 100644 --- a/actions/logout.php +++ b/actions/logout.php @@ -32,8 +32,6 @@ if (!defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/lib/openid.php'; - /** * Logout action class. * diff --git a/actions/openidlogin.php b/actions/openidlogin.php deleted file mode 100644 index 744aae7136..0000000000 --- a/actions/openidlogin.php +++ /dev/null @@ -1,133 +0,0 @@ -. - */ - -if (!defined('LACONICA')) { exit(1); } - -require_once(INSTALLDIR.'/lib/openid.php'); - -class OpenidloginAction extends Action -{ - function handle($args) - { - parent::handle($args); - if (!common_config('openid', 'enabled')) { - common_redirect(common_local_url('login')); - } else if (common_is_real_login()) { - $this->clientError(_('Already logged in.')); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $openid_url = $this->trimmed('openid_url'); - - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->showForm(_('There was a problem with your session token. Try again, please.'), $openid_url); - return; - } - - $rememberme = $this->boolean('rememberme'); - - common_ensure_session(); - - $_SESSION['openid_rememberme'] = $rememberme; - - $result = oid_authenticate($openid_url, - 'finishopenidlogin'); - - if (is_string($result)) { # error message - unset($_SESSION['openid_rememberme']); - $this->showForm($result, $openid_url); - } - } else { - $openid_url = oid_get_last(); - $this->showForm(null, $openid_url); - } - } - - function getInstructions() - { - if (common_logged_in() && !common_is_real_login() && - common_get_returnto()) { - // rememberme logins have to reauthenticate before - // changing any profile settings (cookie-stealing protection) - return _('For security reasons, please re-login with your ' . - '[OpenID](%%doc.openid%%) ' . - 'before changing your settings.'); - } else { - return _('Login with an [OpenID](%%doc.openid%%) account.'); - } - } - - function showPageNotice() - { - if ($this->error) { - $this->element('div', array('class' => 'error'), $this->error); - } else { - $instr = $this->getInstructions(); - $output = common_markup_to_html($instr); - $this->elementStart('div', 'instructions'); - $this->raw($output); - $this->elementEnd('div'); - } - } - - function title() - { - return _('OpenID Login'); - } - - function showForm($error=null, $openid_url) - { - $this->error = $error; - $this->openid_url = $openid_url; - $this->showPage(); - } - - function showContent() { - $formaction = common_local_url('openidlogin'); - $this->elementStart('form', array('method' => 'post', - 'id' => 'form_openid_login', - 'class' => 'form_settings', - 'action' => $formaction)); - $this->elementStart('fieldset'); - $this->element('legend', null, _('OpenID login')); - $this->hidden('token', common_session_token()); - - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->input('openid_url', _('OpenID URL'), - $this->openid_url, - _('Your OpenID URL')); - $this->elementEnd('li'); - $this->elementStart('li', array('id' => 'settings_rememberme')); - $this->checkbox('rememberme', _('Remember me'), false, - _('Automatically login in the future; ' . - 'not for shared computers!')); - $this->elementEnd('li'); - $this->elementEnd('ul'); - $this->submit('submit', _('Login')); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - } - - function showLocalNav() - { - $nav = new LoginGroupNav($this); - $nav->show(); - } -} diff --git a/actions/openidsettings.php b/actions/openidsettings.php deleted file mode 100644 index 40a480dc43..0000000000 --- a/actions/openidsettings.php +++ /dev/null @@ -1,240 +0,0 @@ -. - * - * @category Settings - * @package Laconica - * @author Evan Prodromou - * @copyright 2008-2009 Control Yourself, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ - */ - -if (!defined('LACONICA')) { - exit(1); -} - -require_once INSTALLDIR.'/lib/accountsettingsaction.php'; -require_once INSTALLDIR.'/lib/openid.php'; - -/** - * Settings for OpenID - * - * Lets users add, edit and delete OpenIDs from their account - * - * @category Settings - * @package Laconica - * @author Evan Prodromou - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://laconi.ca/ - */ - -class OpenidsettingsAction extends AccountSettingsAction -{ - /** - * Title of the page - * - * @return string Page title - */ - - function title() - { - return _('OpenID settings'); - } - - /** - * Instructions for use - * - * @return string Instructions for use - */ - - function getInstructions() - { - return _('[OpenID](%%doc.openid%%) lets you log into many sites' . - ' with the same user account.'. - ' Manage your associated OpenIDs from here.'); - } - - /** - * Show the form for OpenID management - * - * We have one form with a few different submit buttons to do different things. - * - * @return void - */ - - function showContent() - { - if (!common_config('openid', 'enabled')) { - $this->element('div', array('class' => 'error'), - _('OpenID is not available.')); - return; - } - - $user = common_current_user(); - - $this->elementStart('form', array('method' => 'post', - 'id' => 'form_settings_openid_add', - 'class' => 'form_settings', - 'action' => - common_local_url('openidsettings'))); - $this->elementStart('fieldset', array('id' => 'settings_openid_add')); - $this->element('legend', null, _('Add OpenID')); - $this->hidden('token', common_session_token()); - $this->element('p', 'form_guide', - _('If you want to add an OpenID to your account, ' . - 'enter it in the box below and click "Add".')); - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->element('label', array('for' => 'openid_url'), - _('OpenID URL')); - $this->element('input', array('name' => 'openid_url', - 'type' => 'text', - 'id' => 'openid_url')); - $this->elementEnd('li'); - $this->elementEnd('ul'); - $this->element('input', array('type' => 'submit', - 'id' => 'settings_openid_add_action-submit', - 'name' => 'add', - 'class' => 'submit', - 'value' => _('Add'))); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - - $oid = new User_openid(); - - $oid->user_id = $user->id; - - $cnt = $oid->find(); - - if ($cnt > 0) { - - $this->element('h2', null, _('Remove OpenID')); - - if ($cnt == 1 && !$user->password) { - - $this->element('p', 'form_guide', - _('Removing your only OpenID '. - 'would make it impossible to log in! ' . - 'If you need to remove it, '. - 'add another OpenID first.')); - - if ($oid->fetch()) { - $this->elementStart('p'); - $this->element('a', array('href' => $oid->canonical), - $oid->display); - $this->elementEnd('p'); - } - - } else { - - $this->element('p', 'form_guide', - _('You can remove an OpenID from your account '. - 'by clicking the button marked "Remove".')); - $idx = 0; - - while ($oid->fetch()) { - $this->elementStart('form', - array('method' => 'POST', - 'id' => 'form_settings_openid_delete' . $idx, - 'class' => 'form_settings', - 'action' => - common_local_url('openidsettings'))); - $this->elementStart('fieldset'); - $this->hidden('token', common_session_token()); - $this->element('a', array('href' => $oid->canonical), - $oid->display); - $this->element('input', array('type' => 'hidden', - 'id' => 'openid_url'.$idx, - 'name' => 'openid_url', - 'value' => $oid->canonical)); - $this->element('input', array('type' => 'submit', - 'id' => 'remove'.$idx, - 'name' => 'remove', - 'class' => 'submit remove', - 'value' => _('Remove'))); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - $idx++; - } - } - } - } - - /** - * Handle a POST request - * - * Muxes to different sub-functions based on which button was pushed - * - * @return void - */ - - function handlePost() - { - // CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->showForm(_('There was a problem with your session token. '. - 'Try again, please.')); - return; - } - - if ($this->arg('add')) { - $result = oid_authenticate($this->trimmed('openid_url'), - 'finishaddopenid'); - if (is_string($result)) { // error message - $this->showForm($result); - } - } else if ($this->arg('remove')) { - $this->removeOpenid(); - } else { - $this->showForm(_('Something weird happened.')); - } - } - - /** - * Handles a request to remove an OpenID from the user's account - * - * Validates input and, if everything is OK, deletes the OpenID. - * Reloads the form with a success or error notification. - * - * @return void - */ - - function removeOpenid() - { - $openid_url = $this->trimmed('openid_url'); - - $oid = User_openid::staticGet('canonical', $openid_url); - - if (!$oid) { - $this->showForm(_('No such OpenID.')); - return; - } - $cur = common_current_user(); - if (!$cur || $oid->user_id != $cur->id) { - $this->showForm(_('That OpenID does not belong to you.')); - return; - } - $oid->delete(); - $this->showForm(_('OpenID removed.'), true); - return; - } -} diff --git a/actions/public.php b/actions/public.php index 2cf2e96e68..b68b2ff793 100644 --- a/actions/public.php +++ b/actions/public.php @@ -114,8 +114,6 @@ class PublicAction extends Action { parent::handle($args); - header('X-XRDS-Location: '. common_local_url('publicxrds')); - $this->showPage(); } @@ -156,22 +154,6 @@ class PublicAction extends Action _('Public Stream Feed (Atom)'))); } - /** - * Extra head elements - * - * We include a element linking to the publicxrds page, for OpenID - * client-side authentication. - * - * @return void - */ - - function extraHead() - { - // for client side of OpenID authentication - $this->element('meta', array('http-equiv' => 'X-XRDS-Location', - 'content' => common_local_url('publicxrds'))); - } - /** * Show tabset for this page * diff --git a/actions/publicxrds.php b/actions/publicxrds.php deleted file mode 100644 index 0a14215502..0000000000 --- a/actions/publicxrds.php +++ /dev/null @@ -1,122 +0,0 @@ - - * @author Robin Millette - * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 - * @link http://laconi.ca/ - * - * Laconica - a distributed open-source microblogging tool - * Copyright (C) 2008, 2009, Control Yourself, Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -if (!defined('LACONICA')) { - exit(1); -} - -require_once INSTALLDIR.'/lib/openid.php'; - -/** - * Public XRDS for OpenID - * - * @category Action - * @package Laconica - * @author Evan Prodromou - * @author Robin Millette - * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 - * @link http://laconi.ca/ - * - * @todo factor out similarities with XrdsAction - */ -class PublicxrdsAction extends Action -{ - /** - * Is read only? - * - * @return boolean true - */ - function isReadOnly($args) - { - return true; - } - - /** - * Class handler. - * - * @param array $args array of arguments - * - * @return nothing - */ - function handle($args) - { - parent::handle($args); - header('Content-Type: application/xrds+xml'); - $this->startXML(); - $this->elementStart('XRDS', array('xmlns' => 'xri://$xrds')); - $this->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); - $this->element('Type', null, 'xri://$xrds*simple'); - foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { - $this->showService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); - } - $this->elementEnd('XRD'); - $this->elementEnd('XRDS'); - $this->endXML(); - } - - /** - * Show service. - * - * @param string $type XRDS type - * @param string $uri URI - * @param array $params type parameters, null by default - * @param array $sigs type signatures, null by default - * @param string $localId local ID, null by default - * - * @return void - */ - function showService($type, $uri, $params=null, $sigs=null, $localId=null) - { - $this->elementStart('Service'); - if ($uri) { - $this->element('URI', null, $uri); - } - $this->element('Type', null, $type); - if ($params) { - foreach ($params as $param) { - $this->element('Type', null, $param); - } - } - if ($sigs) { - foreach ($sigs as $sig) { - $this->element('Type', null, $sig); - } - } - if ($localId) { - $this->element('LocalID', null, $localId); - } - $this->elementEnd('Service'); - } -} - diff --git a/actions/register.php b/actions/register.php index 4654fad14d..aa295c0978 100644 --- a/actions/register.php +++ b/actions/register.php @@ -116,8 +116,6 @@ class RegisterAction extends Action * * Checks if registration is closed and shows an error if so. * - * Checks if only OpenID is allowed and redirects to openidlogin if so. - * * @param array $args $_REQUEST data * * @return void @@ -129,8 +127,6 @@ class RegisterAction extends Action if (common_config('site', 'closed')) { $this->clientError(_('Registration not allowed.')); - } else if (common_config('site', 'openidonly')) { - common_redirect(common_local_url('openidlogin')); } else if (common_logged_in()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { @@ -330,22 +326,11 @@ class RegisterAction extends Action } else if ($this->error) { $this->element('p', 'error', $this->error); } else { - if (common_config('openid', 'enabled')) { - $instr = - common_markup_to_html(_('With this form you can create '. - ' a new account. ' . - 'You can then post notices and '. - 'link up to friends and colleagues. '. - '(Have an [OpenID](http://openid.net/)? ' . - 'Try our [OpenID registration]'. - '(%%action.openidlogin%%)!)')); - } else { - $instr = - common_markup_to_html(_('With this form you can create '. - ' a new account. ' . - 'You can then post notices and '. - 'link up to friends and colleagues.')); - } + $instr = + common_markup_to_html(_('With this form you can create '. + ' a new account. ' . + 'You can then post notices and '. + 'link up to friends and colleagues. ')); $this->elementStart('div', 'instructions'); $this->raw($instr); diff --git a/actions/xrds.php b/actions/xrds.php index 7518a5f709..b3aa8df8e5 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -1,7 +1,7 @@ user_id = $this->id; - - $cnt = $oid->find(); - - return ($cnt > 0); - } - function getDesign() { return Design::staticGet('id', $this->design_id); diff --git a/classes/User_openid.php b/classes/User_openid.php deleted file mode 100644 index f4fda1c72e..0000000000 --- a/classes/User_openid.php +++ /dev/null @@ -1,25 +0,0 @@ - array(_('Email'), _('Change email handling')), - 'openidsettings' => - array(_('OpenID'), - _('Add or remove OpenIDs')), 'userdesignsettings' => array(_('Design'), _('Design your profile')), diff --git a/lib/logingroupnav.php b/lib/logingroupnav.php index bae45b0770..59f3133025 100644 --- a/lib/logingroupnav.php +++ b/lib/logingroupnav.php @@ -87,11 +87,6 @@ class LoginGroupNav extends Widget $action_name === 'register'); } - $this->action->menuItem(common_local_url('openidlogin'), - _('OpenID'), - _('Login or register with OpenID'), - $action_name === 'openidlogin'); - Event::handle('EndLoginGroupNav', array(&$this->action)); } diff --git a/lib/openid.php b/lib/openid.php deleted file mode 100644 index 0b7633284e..0000000000 --- a/lib/openid.php +++ /dev/null @@ -1,280 +0,0 @@ -. - */ - -if (!defined('LACONICA')) { exit(1); } - -require_once(INSTALLDIR.'/classes/User_openid.php'); - -require_once('Auth/OpenID.php'); -require_once('Auth/OpenID/Consumer.php'); -require_once('Auth/OpenID/SReg.php'); -require_once('Auth/OpenID/MySQLStore.php'); - -# About one year cookie expiry - -define('OPENID_COOKIE_EXPIRY', round(365.25 * 24 * 60 * 60)); -define('OPENID_COOKIE_KEY', 'lastusedopenid'); - -function oid_store() -{ - static $store = null; - if (!$store) { - # Can't be called statically - $user = new User(); - $conn = $user->getDatabaseConnection(); - $store = new Auth_OpenID_MySQLStore($conn); - } - return $store; -} - -function oid_consumer() -{ - $store = oid_store(); - $consumer = new Auth_OpenID_Consumer($store); - return $consumer; -} - -function oid_clear_last() -{ - oid_set_last(''); -} - -function oid_set_last($openid_url) -{ - common_set_cookie(OPENID_COOKIE_KEY, - $openid_url, - time() + OPENID_COOKIE_EXPIRY); -} - -function oid_get_last() -{ - if (empty($_COOKIE[OPENID_COOKIE_KEY])) { - return null; - } - $openid_url = $_COOKIE[OPENID_COOKIE_KEY]; - if ($openid_url && strlen($openid_url) > 0) { - return $openid_url; - } else { - return null; - } -} - -function oid_link_user($id, $canonical, $display) -{ - - $oid = new User_openid(); - $oid->user_id = $id; - $oid->canonical = $canonical; - $oid->display = $display; - $oid->created = DB_DataObject_Cast::dateTime(); - - if (!$oid->insert()) { - $err = PEAR::getStaticProperty('DB_DataObject','lastError'); - common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); - return false; - } - - return true; -} - -function oid_get_user($openid_url) -{ - $user = null; - $oid = User_openid::staticGet('canonical', $openid_url); - if ($oid) { - $user = User::staticGet('id', $oid->user_id); - } - return $user; -} - -function oid_check_immediate($openid_url, $backto=null) -{ - if (!$backto) { - $action = $_REQUEST['action']; - $args = common_copy_args($_GET); - unset($args['action']); - $backto = common_local_url($action, $args); - } - common_debug('going back to "' . $backto . '"', __FILE__); - - common_ensure_session(); - - $_SESSION['openid_immediate_backto'] = $backto; - common_debug('passed-in variable is "' . $backto . '"', __FILE__); - common_debug('session variable is "' . $_SESSION['openid_immediate_backto'] . '"', __FILE__); - - oid_authenticate($openid_url, - 'finishimmediate', - true); -} - -function oid_authenticate($openid_url, $returnto, $immediate=false) -{ - - $consumer = oid_consumer(); - - if (!$consumer) { - common_server_error(_('Cannot instantiate OpenID consumer object.')); - return false; - } - - common_ensure_session(); - - $auth_request = $consumer->begin($openid_url); - - // Handle failure status return values. - if (!$auth_request) { - return _('Not a valid OpenID.'); - } else if (Auth_OpenID::isFailure($auth_request)) { - return sprintf(_('OpenID failure: %s'), $auth_request->message); - } - - $sreg_request = Auth_OpenID_SRegRequest::build(// Required - array(), - // Optional - array('nickname', - 'email', - 'fullname', - 'language', - 'timezone', - 'postcode', - 'country')); - - if ($sreg_request) { - $auth_request->addExtension($sreg_request); - } - - $trust_root = common_root_url(true); - $process_url = common_local_url($returnto); - - if ($auth_request->shouldSendRedirect()) { - $redirect_url = $auth_request->redirectURL($trust_root, - $process_url, - $immediate); - if (!$redirect_url) { - } else if (Auth_OpenID::isFailure($redirect_url)) { - return sprintf(_('Could not redirect to server: %s'), $redirect_url->message); - } else { - common_redirect($redirect_url, 303); - } - } else { - // Generate form markup and render it. - $form_id = 'openid_message'; - $form_html = $auth_request->formMarkup($trust_root, $process_url, - $immediate, array('id' => $form_id)); - - # XXX: This is cheap, but things choke if we don't escape ampersands - # in the HTML attributes - - $form_html = preg_replace('/&/', '&', $form_html); - - // Display an error if the form markup couldn't be generated; - // otherwise, render the HTML. - if (Auth_OpenID::isFailure($form_html)) { - common_server_error(sprintf(_('Could not create OpenID form: %s'), $form_html->message)); - } else { - $action = new AutosubmitAction(); // see below - $action->form_html = $form_html; - $action->form_id = $form_id; - $action->prepare(array('action' => 'autosubmit')); - $action->handle(array('action' => 'autosubmit')); - } - } -} - -# Half-assed attempt at a module-private function - -function _oid_print_instructions() -{ - common_element('div', 'instructions', - _('This form should automatically submit itself. '. - 'If not, click the submit button to go to your '. - 'OpenID provider.')); -} - -# update a user from sreg parameters - -function oid_update_user(&$user, &$sreg) -{ - - $profile = $user->getProfile(); - - $orig_profile = clone($profile); - - if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { - $profile->fullname = $sreg['fullname']; - } - - if ($sreg['country']) { - if ($sreg['postcode']) { - # XXX: use postcode to get city and region - # XXX: also, store postcode somewhere -- it's valuable! - $profile->location = $sreg['postcode'] . ', ' . $sreg['country']; - } else { - $profile->location = $sreg['country']; - } - } - - # XXX save language if it's passed - # XXX save timezone if it's passed - - if (!$profile->update($orig_profile)) { - common_server_error(_('Error saving the profile.')); - return false; - } - - $orig_user = clone($user); - - if ($sreg['email'] && Validate::email($sreg['email'], true)) { - $user->email = $sreg['email']; - } - - if (!$user->update($orig_user)) { - common_server_error(_('Error saving the user.')); - return false; - } - - return true; -} - -class AutosubmitAction extends Action -{ - var $form_html = null; - var $form_id = null; - - function handle($args) - { - parent::handle($args); - $this->showPage(); - } - - function title() - { - return _('OpenID Auto-Submit'); - } - - function showContent() - { - $this->raw($this->form_html); - $this->element('script', null, - '$(document).ready(function() { ' . - ' $(\'#'. $this->form_id .'\').submit(); '. - '});'); - } -} diff --git a/lib/router.php b/lib/router.php index 04c6dd4140..08bc0566dd 100644 --- a/lib/router.php +++ b/lib/router.php @@ -50,8 +50,7 @@ class Router var $m = null; static $inst = null; static $bare = array('requesttoken', 'accesstoken', 'userauthorization', - 'postnotice', 'updateprofile', 'finishremotesubscribe', - 'finishopenidlogin', 'finishaddopenid'); + 'postnotice', 'updateprofile', 'finishremotesubscribe'); static function get() { @@ -76,7 +75,6 @@ class Router $m->connect('', array('action' => 'public')); $m->connect('rss', array('action' => 'publicrss')); - $m->connect('xrds', array('action' => 'publicxrds')); $m->connect('featuredrss', array('action' => 'featuredrss')); $m->connect('favoritedrss', array('action' => 'favoritedrss')); $m->connect('opensearch/people', array('action' => 'opensearch', @@ -128,7 +126,6 @@ class Router // exceptional - $m->connect('main/openid', array('action' => 'openidlogin')); $m->connect('main/remote', array('action' => 'remotesubscribe')); $m->connect('main/remote?nickname=:nickname', array('action' => 'remotesubscribe'), array('nickname' => '[A-Za-z0-9_-]+')); @@ -138,7 +135,7 @@ class Router // settings - foreach (array('profile', 'avatar', 'password', 'openid', 'im', + foreach (array('profile', 'avatar', 'password', 'im', 'email', 'sms', 'twitter', 'userdesign', 'other') as $s) { $m->connect('settings/'.$s, array('action' => $s.'settings')); } @@ -453,7 +450,7 @@ class Router // user stuff foreach (array('subscriptions', 'subscribers', - 'nudge', 'xrds', 'all', 'foaf', + 'nudge', 'all', 'foaf', 'xrds', 'replies', 'inbox', 'outbox', 'microsummary') as $a) { $m->connect(':nickname/'.$a, array('action' => $a), diff --git a/lib/settingsaction.php b/lib/settingsaction.php index 4cf9b80c4a..a923a98b2d 100644 --- a/lib/settingsaction.php +++ b/lib/settingsaction.php @@ -78,11 +78,7 @@ class SettingsAction extends CurrentUserDesignAction common_set_returnto($this->selfUrl()); $user = common_current_user(); if (Event::handle('RedirectToLogin', array($this, $user))) { - if ($user->hasOpenID()) { - common_redirect(common_local_url('openidlogin'), 303); - } else { - common_redirect(common_local_url('login'), 303); - } + common_redirect(common_local_url('login'), 303); } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); diff --git a/lib/util.php b/lib/util.php index 3fa90d31a8..b798cfe157 100644 --- a/lib/util.php +++ b/lib/util.php @@ -706,8 +706,7 @@ function common_local_url($action, $args=null, $params=null, $fragment=null) function common_is_sensitive($action) { static $sensitive = array('login', 'register', 'passwordsettings', - 'twittersettings', 'finishopenidlogin', - 'finishaddopenid', 'api'); + 'twittersettings', 'api'); $ssl = null; if (Event::handle('SensitiveAction', array($action, &$ssl))) { diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php new file mode 100644 index 0000000000..87b25d42a5 --- /dev/null +++ b/plugins/OpenID/OpenIDPlugin.php @@ -0,0 +1,199 @@ +. + * + * @category Plugin + * @package Laconica + * @author Evan Prodromou + * @copyright 2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +/** + * Plugin for OpenID authentication and identity + * + * This class enables consumer support for OpenID, the distributed authentication + * and identity system. + * + * @category Plugin + * @package Laconica + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + * @link http://openid.net/ + */ + +class OpenIDPlugin extends Plugin +{ + /** + * Initializer for the plugin. + */ + + function __construct() + { + parent::__construct(); + } + + /** + * Add OpenID-related paths to the router table + * + * Hook for RouterInitialized event. + * + * @return boolean hook return + */ + + function onRouterInitialized(&$m) + { + $m->connect('main/openid', array('action' => 'openidlogin')); + $m->connect('settings/openid', array('action' => 'openidsettings')); + $m->connect('xrds', array('action' => 'publicxrds')); + $m->connect('index.php?action=finishopenidlogin', array('action' => 'finishopenidlogin')); + $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); + + return true; + } + + function onEndLoginGroupNav(&$action) + { + $action_name = $action->trimmed('action'); + + $action->menuItem(common_local_url('openidlogin'), + _('OpenID'), + _('Login or register with OpenID'), + $action_name === 'openidlogin'); + + return true; + } + + function onEndAccountSettingsNav(&$action) + { + $action_name = $action->trimmed('action'); + + $action->menuItem(common_local_url('openidsettings'), + _('OpenID'), + _('Add or remove OpenIDs'), + $action_name === 'openidsettings'); + + return true; + } + + function onAutoload($cls) + { + switch ($cls) + { + case 'OpenidloginAction': + case 'FinishopenidloginAction': + case 'FinishaddopenidAction': + case 'XrdsAction': + case 'PublicxrdsAction': + case 'OpenidsettingsAction': + require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'); + return false; + case 'User_openid': + require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); + return false; + default: + return true; + } + } + + function onSensitiveAction($action, &$ssl) + { + switch ($action) + { + case 'finishopenidlogin': + case 'finishaddopenid': + $ssl = true; + return false; + default: + return true; + } + } + + function onLoginAction($action, &$login) + { + switch ($action) + { + case 'openidlogin': + case 'finishopenidlogin': + $login = true; + return false; + default: + return true; + } + } + + /** + * We include a element linking to the publicxrds page, for OpenID + * client-side authentication. + * + * @return void + */ + + function onEndHeadChildren($action) + { + // for client side of OpenID authentication + $action->element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('publicxrds'))); + } + + /** + * Redirect to OpenID login if they have an OpenID + * + * @return boolean whether to continue + */ + + function onRedirectToLogin($action, $user) + { + if (!empty($user) && User_openid::hasOpenID($user->id)) { + common_redirect(common_local_url('openidlogin'), 303); + return false; + } + return true; + } + + function onEndShowPageNotice($action) + { + $name = $action->trimmed('action'); + + switch ($name) + { + case 'register': + $instr = '(Have an [OpenID](http://openid.net/)? ' . + 'Try our [OpenID registration]'. + '(%%action.openidlogin%%)!)'; + break; + case 'login': + $instr = '(Have an [OpenID](http://openid.net/)? ' . + 'Try our [OpenID login]'. + '(%%action.openidlogin%%)!)'; + break; + default: + return true; + } + + $output = common_markup_to_html($instr); + $action->raw($output); + return true; + } +} diff --git a/plugins/OpenID/User_openid.php b/plugins/OpenID/User_openid.php new file mode 100644 index 0000000000..338e0f6e92 --- /dev/null +++ b/plugins/OpenID/User_openid.php @@ -0,0 +1,36 @@ +user_id = $user_id; + + $cnt = $oid->find(); + + return ($cnt > 0); + } +} diff --git a/plugins/OpenID/finishaddopenid.php b/plugins/OpenID/finishaddopenid.php new file mode 100644 index 0000000000..7753158d5d --- /dev/null +++ b/plugins/OpenID/finishaddopenid.php @@ -0,0 +1,185 @@ +. + * + * @category Settings + * @package Laconica + * @author Evan Prodromou + * @copyright 2008-2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +/** + * Complete adding an OpenID + * + * Handle the return from an OpenID verification + * + * @category Settings + * @package Laconica + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +class FinishaddopenidAction extends Action +{ + var $msg = null; + + /** + * Handle the redirect back from OpenID confirmation + * + * Check to see if the user's logged in, and then try + * to use the OpenID login system. + * + * @param array $args $_REQUEST arguments + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + if (!common_logged_in()) { + $this->clientError(_('Not logged in.')); + } else { + $this->tryLogin(); + } + } + + /** + * Try to log in using OpenID + * + * Check the OpenID for validity; potentially store it. + * + * @return void + */ + + function tryLogin() + { + $consumer =& oid_consumer(); + + $response = $consumer->complete(common_local_url('finishaddopenid')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), + $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint && $response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $display; + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $cur =& common_current_user(); + + $other = oid_get_user($canonical); + + if ($other) { + if ($other->id == $cur->id) { + $this->message(_('You already have this OpenID!')); + } else { + $this->message(_('Someone else already has this OpenID.')); + } + return; + } + + // start a transaction + + $cur->query('BEGIN'); + + $result = oid_link_user($cur->id, $canonical, $display); + + if (!$result) { + $this->message(_('Error connecting user.')); + return; + } + if ($sreg) { + if (!oid_update_user($cur, $sreg)) { + $this->message(_('Error updating profile')); + return; + } + } + + // success! + + $cur->query('COMMIT'); + + oid_set_last($display); + + common_redirect(common_local_url('openidsettings'), 303); + } + } + + /** + * Show a failure message + * + * Something went wrong. Save the message, and show the page. + * + * @param string $msg Error message to show + * + * @return void + */ + + function message($msg) + { + $this->message = $msg; + $this->showPage(); + } + + /** + * Title of the page + * + * @return string title + */ + + function title() + { + return _('OpenID Login'); + } + + /** + * Show error message + * + * @return void + */ + + function showPageNotice() + { + if ($this->message) { + $this->element('p', 'error', $this->message); + } + } +} diff --git a/plugins/OpenID/finishopenidlogin.php b/plugins/OpenID/finishopenidlogin.php new file mode 100644 index 0000000000..87fc3881e2 --- /dev/null +++ b/plugins/OpenID/finishopenidlogin.php @@ -0,0 +1,497 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +class FinishopenidloginAction extends Action +{ + var $error = null; + var $username = null; + var $message = null; + + function handle($args) + { + parent::handle($args); + if (!common_config('openid', 'enabled')) { + common_redirect(common_local_url('login')); + } else if (common_is_real_login()) { + $this->clientError(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->showForm(_('There was a problem with your session token. Try again, please.')); + return; + } + if ($this->arg('create')) { + if (!$this->boolean('license')) { + $this->showForm(_('You can\'t register if you don\'t agree to the license.'), + $this->trimmed('newname')); + return; + } + $this->createNewUser(); + } else if ($this->arg('connect')) { + $this->connectUser(); + } else { + common_debug(print_r($this->args, true), __FILE__); + $this->showForm(_('Something weird happened.'), + $this->trimmed('newname')); + } + } else { + $this->tryLogin(); + } + } + + function showPageNotice() + { + if ($this->error) { + $this->element('div', array('class' => 'error'), $this->error); + } else { + $this->element('div', 'instructions', + sprintf(_('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), common_config('site', 'name'))); + } + } + + function title() + { + return _('OpenID Account Setup'); + } + + function showForm($error=null, $username=null) + { + $this->error = $error; + $this->username = $username; + + $this->showPage(); + } + + function showContent() + { + if (!empty($this->message_text)) { + $this->element('div', array('class' => 'error'), $this->message_text); + return; + } + + $this->elementStart('form', array('method' => 'post', + 'id' => 'account_connect', + 'action' => common_local_url('finishopenidlogin'))); + $this->hidden('token', common_session_token()); + $this->element('h2', null, + _('Create new account')); + $this->element('p', null, + _('Create a new user with this nickname.')); + $this->input('newname', _('New nickname'), + ($this->username) ? $this->username : '', + _('1-64 lowercase letters or numbers, no punctuation or spaces')); + $this->elementStart('p'); + $this->element('input', array('type' => 'checkbox', + 'id' => 'license', + 'name' => 'license', + 'value' => 'true')); + $this->text(_('My text and files are available under ')); + $this->element('a', array('href' => common_config('license', 'url')), + common_config('license', 'title')); + $this->text(_(' except this private data: password, email address, IM address, phone number.')); + $this->elementEnd('p'); + $this->submit('create', _('Create')); + $this->element('h2', null, + _('Connect existing account')); + $this->element('p', null, + _('If you already have an account, login with your username and password to connect it to your OpenID.')); + $this->input('nickname', _('Existing nickname')); + $this->password('password', _('Password')); + $this->submit('connect', _('Connect')); + $this->elementEnd('form'); + } + + function tryLogin() + { + $consumer = oid_consumer(); + + $response = $consumer->complete(common_local_url('finishopenidlogin')); + + if ($response->status == Auth_OpenID_CANCEL) { + $this->message(_('OpenID authentication cancelled.')); + return; + } else if ($response->status == Auth_OpenID_FAILURE) { + // Authentication failed; display the error message. + $this->message(sprintf(_('OpenID authentication failed: %s'), $response->message)); + } else if ($response->status == Auth_OpenID_SUCCESS) { + // This means the authentication succeeded; extract the + // identity URL and Simple Registration data (if it was + // returned). + $display = $response->getDisplayIdentifier(); + $canonical = ($response->endpoint->canonicalID) ? + $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); + + if ($sreg_resp) { + $sreg = $sreg_resp->contents(); + } + + $user = oid_get_user($canonical); + + if ($user) { + oid_set_last($display); + # XXX: commented out at @edd's request until better + # control over how data flows from OpenID provider. + # oid_update_user($user, $sreg); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + $this->goHome($user->nickname); + } else { + $this->saveValues($display, $canonical, $sreg); + $this->showForm(null, $this->bestNewNickname($display, $sreg)); + } + } + } + + function message($msg) + { + $this->message_text = $msg; + $this->showPage(); + } + + function saveValues($display, $canonical, $sreg) + { + common_ensure_session(); + $_SESSION['openid_display'] = $display; + $_SESSION['openid_canonical'] = $canonical; + $_SESSION['openid_sreg'] = $sreg; + } + + function getSavedValues() + { + return array($_SESSION['openid_display'], + $_SESSION['openid_canonical'], + $_SESSION['openid_sreg']); + } + + function createNewUser() + { + # FIXME: save invite code before redirect, and check here + + if (common_config('site', 'closed')) { + $this->clientError(_('Registration not allowed.')); + return; + } + + $invite = null; + + if (common_config('site', 'inviteonly')) { + $code = $_SESSION['invitecode']; + if (empty($code)) { + $this->clientError(_('Registration not allowed.')); + return; + } + + $invite = Invitation::staticGet($code); + + if (empty($invite)) { + $this->clientError(_('Not a valid invitation code.')); + return; + } + } + + $nickname = $this->trimmed('newname'); + + if (!Validate::string($nickname, array('min_length' => 1, + 'max_length' => 64, + 'format' => NICKNAME_FMT))) { + $this->showForm(_('Nickname must have only lowercase letters and numbers and no spaces.')); + return; + } + + if (!User::allowed_nickname($nickname)) { + $this->showForm(_('Nickname not allowed.')); + return; + } + + if (User::staticGet('nickname', $nickname)) { + $this->showForm(_('Nickname already in use. Try another one.')); + return; + } + + list($display, $canonical, $sreg) = $this->getSavedValues(); + + if (!$display || !$canonical) { + $this->serverError(_('Stored OpenID not found.')); + return; + } + + # Possible race condition... let's be paranoid + + $other = oid_get_user($canonical); + + if ($other) { + $this->serverError(_('Creating new account for OpenID that already has a user.')); + return; + } + + $location = ''; + if (!empty($sreg['country'])) { + if ($sreg['postcode']) { + # XXX: use postcode to get city and region + # XXX: also, store postcode somewhere -- it's valuable! + $location = $sreg['postcode'] . ', ' . $sreg['country']; + } else { + $location = $sreg['country']; + } + } + + if (!empty($sreg['fullname']) && mb_strlen($sreg['fullname']) <= 255) { + $fullname = $sreg['fullname']; + } else { + $fullname = ''; + } + + if (!empty($sreg['email']) && Validate::email($sreg['email'], true)) { + $email = $sreg['email']; + } else { + $email = ''; + } + + # XXX: add language + # XXX: add timezone + + $args = array('nickname' => $nickname, + 'email' => $email, + 'fullname' => $fullname, + 'location' => $location); + + if (!empty($invite)) { + $args['code'] = $invite->code; + } + + $user = User::register($args); + + $result = oid_link_user($user->id, $canonical, $display); + + oid_set_last($display); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)), + 303); + } + + function connectUser() + { + $nickname = $this->trimmed('nickname'); + $password = $this->trimmed('password'); + + if (!common_check_user($nickname, $password)) { + $this->showForm(_('Invalid username or password.')); + return; + } + + # They're legit! + + $user = User::staticGet('nickname', $nickname); + + list($display, $canonical, $sreg) = $this->getSavedValues(); + + if (!$display || !$canonical) { + $this->serverError(_('Stored OpenID not found.')); + return; + } + + $result = oid_link_user($user->id, $canonical, $display); + + if (!$result) { + $this->serverError(_('Error connecting user to OpenID.')); + return; + } + + oid_update_user($user, $sreg); + oid_set_last($display); + common_set_user($user); + common_real_login(true); + if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) { + common_rememberme($user); + } + unset($_SESSION['openid_rememberme']); + $this->goHome($user->nickname); + } + + function goHome($nickname) + { + $url = common_get_returnto(); + if ($url) { + # We don't have to return to it again + common_set_returnto(null); + } else { + $url = common_local_url('all', + array('nickname' => + $nickname)); + } + common_redirect($url, 303); + } + + function bestNewNickname($display, $sreg) + { + + # Try the passed-in nickname + + if (!empty($sreg['nickname'])) { + $nickname = $this->nicknamize($sreg['nickname']); + if ($this->isNewNickname($nickname)) { + return $nickname; + } + } + + # Try the full name + + if (!empty($sreg['fullname'])) { + $fullname = $this->nicknamize($sreg['fullname']); + if ($this->isNewNickname($fullname)) { + return $fullname; + } + } + + # Try the URL + + $from_url = $this->openidToNickname($display); + + if ($from_url && $this->isNewNickname($from_url)) { + return $from_url; + } + + # XXX: others? + + return null; + } + + function isNewNickname($str) + { + if (!Validate::string($str, array('min_length' => 1, + 'max_length' => 64, + 'format' => NICKNAME_FMT))) { + return false; + } + if (!User::allowed_nickname($str)) { + return false; + } + if (User::staticGet('nickname', $str)) { + return false; + } + return true; + } + + function openidToNickname($openid) + { + if (Auth_Yadis_identifierScheme($openid) == 'XRI') { + return $this->xriToNickname($openid); + } else { + return $this->urlToNickname($openid); + } + } + + # We try to use an OpenID URL as a legal Laconica user name in this order + # 1. Plain hostname, like http://evanp.myopenid.com/ + # 2. One element in path, like http://profile.typekey.com/EvanProdromou/ + # or http://getopenid.com/evanprodromou + + function urlToNickname($openid) + { + static $bad = array('query', 'user', 'password', 'port', 'fragment'); + + $parts = parse_url($openid); + + # If any of these parts exist, this won't work + + foreach ($bad as $badpart) { + if (array_key_exists($badpart, $parts)) { + return null; + } + } + + # We just have host and/or path + + # If it's just a host... + if (array_key_exists('host', $parts) && + (!array_key_exists('path', $parts) || strcmp($parts['path'], '/') == 0)) + { + $hostparts = explode('.', $parts['host']); + + # Try to catch common idiom of nickname.service.tld + + if ((count($hostparts) > 2) && + (strlen($hostparts[count($hostparts) - 2]) > 3) && # try to skip .co.uk, .com.au + (strcmp($hostparts[0], 'www') != 0)) + { + return $this->nicknamize($hostparts[0]); + } else { + # Do the whole hostname + return $this->nicknamize($parts['host']); + } + } else { + if (array_key_exists('path', $parts)) { + # Strip starting, ending slashes + $path = preg_replace('@/$@', '', $parts['path']); + $path = preg_replace('@^/@', '', $path); + if (strpos($path, '/') === false) { + return $this->nicknamize($path); + } + } + } + + return null; + } + + function xriToNickname($xri) + { + $base = $this->xriBase($xri); + + if (!$base) { + return null; + } else { + # =evan.prodromou + # or @gratis*evan.prodromou + $parts = explode('*', substr($base, 1)); + return $this->nicknamize(array_pop($parts)); + } + } + + function xriBase($xri) + { + if (substr($xri, 0, 6) == 'xri://') { + return substr($xri, 6); + } else { + return $xri; + } + } + + # Given a string, try to make it work as a nickname + + function nicknamize($str) + { + $str = preg_replace('/\W/', '', $str); + return strtolower($str); + } +} diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php new file mode 100644 index 0000000000..4787cd605d --- /dev/null +++ b/plugins/OpenID/openid.php @@ -0,0 +1,280 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); + +require_once('Auth/OpenID.php'); +require_once('Auth/OpenID/Consumer.php'); +require_once('Auth/OpenID/SReg.php'); +require_once('Auth/OpenID/MySQLStore.php'); + +# About one year cookie expiry + +define('OPENID_COOKIE_EXPIRY', round(365.25 * 24 * 60 * 60)); +define('OPENID_COOKIE_KEY', 'lastusedopenid'); + +function oid_store() +{ + static $store = null; + if (!$store) { + # Can't be called statically + $user = new User(); + $conn = $user->getDatabaseConnection(); + $store = new Auth_OpenID_MySQLStore($conn); + } + return $store; +} + +function oid_consumer() +{ + $store = oid_store(); + $consumer = new Auth_OpenID_Consumer($store); + return $consumer; +} + +function oid_clear_last() +{ + oid_set_last(''); +} + +function oid_set_last($openid_url) +{ + common_set_cookie(OPENID_COOKIE_KEY, + $openid_url, + time() + OPENID_COOKIE_EXPIRY); +} + +function oid_get_last() +{ + if (empty($_COOKIE[OPENID_COOKIE_KEY])) { + return null; + } + $openid_url = $_COOKIE[OPENID_COOKIE_KEY]; + if ($openid_url && strlen($openid_url) > 0) { + return $openid_url; + } else { + return null; + } +} + +function oid_link_user($id, $canonical, $display) +{ + + $oid = new User_openid(); + $oid->user_id = $id; + $oid->canonical = $canonical; + $oid->display = $display; + $oid->created = DB_DataObject_Cast::dateTime(); + + if (!$oid->insert()) { + $err = PEAR::getStaticProperty('DB_DataObject','lastError'); + common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); + return false; + } + + return true; +} + +function oid_get_user($openid_url) +{ + $user = null; + $oid = User_openid::staticGet('canonical', $openid_url); + if ($oid) { + $user = User::staticGet('id', $oid->user_id); + } + return $user; +} + +function oid_check_immediate($openid_url, $backto=null) +{ + if (!$backto) { + $action = $_REQUEST['action']; + $args = common_copy_args($_GET); + unset($args['action']); + $backto = common_local_url($action, $args); + } + common_debug('going back to "' . $backto . '"', __FILE__); + + common_ensure_session(); + + $_SESSION['openid_immediate_backto'] = $backto; + common_debug('passed-in variable is "' . $backto . '"', __FILE__); + common_debug('session variable is "' . $_SESSION['openid_immediate_backto'] . '"', __FILE__); + + oid_authenticate($openid_url, + 'finishimmediate', + true); +} + +function oid_authenticate($openid_url, $returnto, $immediate=false) +{ + + $consumer = oid_consumer(); + + if (!$consumer) { + common_server_error(_('Cannot instantiate OpenID consumer object.')); + return false; + } + + common_ensure_session(); + + $auth_request = $consumer->begin($openid_url); + + // Handle failure status return values. + if (!$auth_request) { + return _('Not a valid OpenID.'); + } else if (Auth_OpenID::isFailure($auth_request)) { + return sprintf(_('OpenID failure: %s'), $auth_request->message); + } + + $sreg_request = Auth_OpenID_SRegRequest::build(// Required + array(), + // Optional + array('nickname', + 'email', + 'fullname', + 'language', + 'timezone', + 'postcode', + 'country')); + + if ($sreg_request) { + $auth_request->addExtension($sreg_request); + } + + $trust_root = common_root_url(true); + $process_url = common_local_url($returnto); + + if ($auth_request->shouldSendRedirect()) { + $redirect_url = $auth_request->redirectURL($trust_root, + $process_url, + $immediate); + if (!$redirect_url) { + } else if (Auth_OpenID::isFailure($redirect_url)) { + return sprintf(_('Could not redirect to server: %s'), $redirect_url->message); + } else { + common_redirect($redirect_url, 303); + } + } else { + // Generate form markup and render it. + $form_id = 'openid_message'; + $form_html = $auth_request->formMarkup($trust_root, $process_url, + $immediate, array('id' => $form_id)); + + # XXX: This is cheap, but things choke if we don't escape ampersands + # in the HTML attributes + + $form_html = preg_replace('/&/', '&', $form_html); + + // Display an error if the form markup couldn't be generated; + // otherwise, render the HTML. + if (Auth_OpenID::isFailure($form_html)) { + common_server_error(sprintf(_('Could not create OpenID form: %s'), $form_html->message)); + } else { + $action = new AutosubmitAction(); // see below + $action->form_html = $form_html; + $action->form_id = $form_id; + $action->prepare(array('action' => 'autosubmit')); + $action->handle(array('action' => 'autosubmit')); + } + } +} + +# Half-assed attempt at a module-private function + +function _oid_print_instructions() +{ + common_element('div', 'instructions', + _('This form should automatically submit itself. '. + 'If not, click the submit button to go to your '. + 'OpenID provider.')); +} + +# update a user from sreg parameters + +function oid_update_user(&$user, &$sreg) +{ + + $profile = $user->getProfile(); + + $orig_profile = clone($profile); + + if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { + $profile->fullname = $sreg['fullname']; + } + + if ($sreg['country']) { + if ($sreg['postcode']) { + # XXX: use postcode to get city and region + # XXX: also, store postcode somewhere -- it's valuable! + $profile->location = $sreg['postcode'] . ', ' . $sreg['country']; + } else { + $profile->location = $sreg['country']; + } + } + + # XXX save language if it's passed + # XXX save timezone if it's passed + + if (!$profile->update($orig_profile)) { + common_server_error(_('Error saving the profile.')); + return false; + } + + $orig_user = clone($user); + + if ($sreg['email'] && Validate::email($sreg['email'], true)) { + $user->email = $sreg['email']; + } + + if (!$user->update($orig_user)) { + common_server_error(_('Error saving the user.')); + return false; + } + + return true; +} + +class AutosubmitAction extends Action +{ + var $form_html = null; + var $form_id = null; + + function handle($args) + { + parent::handle($args); + $this->showPage(); + } + + function title() + { + return _('OpenID Auto-Submit'); + } + + function showContent() + { + $this->raw($this->form_html); + $this->element('script', null, + '$(document).ready(function() { ' . + ' $(\'#'. $this->form_id .'\').submit(); '. + '});'); + } +} diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php new file mode 100644 index 0000000000..76f573b9f5 --- /dev/null +++ b/plugins/OpenID/openidlogin.php @@ -0,0 +1,133 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +class OpenidloginAction extends Action +{ + function handle($args) + { + parent::handle($args); + if (!common_config('openid', 'enabled')) { + common_redirect(common_local_url('login')); + } else if (common_is_real_login()) { + $this->clientError(_('Already logged in.')); + } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $openid_url = $this->trimmed('openid_url'); + + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->showForm(_('There was a problem with your session token. Try again, please.'), $openid_url); + return; + } + + $rememberme = $this->boolean('rememberme'); + + common_ensure_session(); + + $_SESSION['openid_rememberme'] = $rememberme; + + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + + if (is_string($result)) { # error message + unset($_SESSION['openid_rememberme']); + $this->showForm($result, $openid_url); + } + } else { + $openid_url = oid_get_last(); + $this->showForm(null, $openid_url); + } + } + + function getInstructions() + { + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-login with your ' . + '[OpenID](%%doc.openid%%) ' . + 'before changing your settings.'); + } else { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } + } + + function showPageNotice() + { + if ($this->error) { + $this->element('div', array('class' => 'error'), $this->error); + } else { + $instr = $this->getInstructions(); + $output = common_markup_to_html($instr); + $this->elementStart('div', 'instructions'); + $this->raw($output); + $this->elementEnd('div'); + } + } + + function title() + { + return _('OpenID Login'); + } + + function showForm($error=null, $openid_url) + { + $this->error = $error; + $this->openid_url = $openid_url; + $this->showPage(); + } + + function showContent() { + $formaction = common_local_url('openidlogin'); + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_openid_login', + 'class' => 'form_settings', + 'action' => $formaction)); + $this->elementStart('fieldset'); + $this->element('legend', null, _('OpenID login')); + $this->hidden('token', common_session_token()); + + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->input('openid_url', _('OpenID URL'), + $this->openid_url, + _('Your OpenID URL')); + $this->elementEnd('li'); + $this->elementStart('li', array('id' => 'settings_rememberme')); + $this->checkbox('rememberme', _('Remember me'), false, + _('Automatically login in the future; ' . + 'not for shared computers!')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->submit('submit', _('Login')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + function showLocalNav() + { + $nav = new LoginGroupNav($this); + $nav->show(); + } +} diff --git a/plugins/OpenID/openidsettings.php b/plugins/OpenID/openidsettings.php new file mode 100644 index 0000000000..57389903d1 --- /dev/null +++ b/plugins/OpenID/openidsettings.php @@ -0,0 +1,240 @@ +. + * + * @category Settings + * @package Laconica + * @author Evan Prodromou + * @copyright 2008-2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/accountsettingsaction.php'; +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +/** + * Settings for OpenID + * + * Lets users add, edit and delete OpenIDs from their account + * + * @category Settings + * @package Laconica + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +class OpenidsettingsAction extends AccountSettingsAction +{ + /** + * Title of the page + * + * @return string Page title + */ + + function title() + { + return _('OpenID settings'); + } + + /** + * Instructions for use + * + * @return string Instructions for use + */ + + function getInstructions() + { + return _('[OpenID](%%doc.openid%%) lets you log into many sites' . + ' with the same user account.'. + ' Manage your associated OpenIDs from here.'); + } + + /** + * Show the form for OpenID management + * + * We have one form with a few different submit buttons to do different things. + * + * @return void + */ + + function showContent() + { + if (!common_config('openid', 'enabled')) { + $this->element('div', array('class' => 'error'), + _('OpenID is not available.')); + return; + } + + $user = common_current_user(); + + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_add', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_add')); + $this->element('legend', null, _('Add OpenID')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->element('label', array('for' => 'openid_url'), + _('OpenID URL')); + $this->element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_add_action-submit', + 'name' => 'add', + 'class' => 'submit', + 'value' => _('Add'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + + $oid = new User_openid(); + + $oid->user_id = $user->id; + + $cnt = $oid->find(); + + if ($cnt > 0) { + + $this->element('h2', null, _('Remove OpenID')); + + if ($cnt == 1 && !$user->password) { + + $this->element('p', 'form_guide', + _('Removing your only OpenID '. + 'would make it impossible to log in! ' . + 'If you need to remove it, '. + 'add another OpenID first.')); + + if ($oid->fetch()) { + $this->elementStart('p'); + $this->element('a', array('href' => $oid->canonical), + $oid->display); + $this->elementEnd('p'); + } + + } else { + + $this->element('p', 'form_guide', + _('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + $this->elementStart('form', + array('method' => 'POST', + 'id' => 'form_settings_openid_delete' . $idx, + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('a', array('href' => $oid->canonical), + $oid->display); + $this->element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + $this->element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit remove', + 'value' => _('Remove'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + $idx++; + } + } + } + } + + /** + * Handle a POST request + * + * Muxes to different sub-functions based on which button was pushed + * + * @return void + */ + + function handlePost() + { + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->showForm(_('There was a problem with your session token. '. + 'Try again, please.')); + return; + } + + if ($this->arg('add')) { + $result = oid_authenticate($this->trimmed('openid_url'), + 'finishaddopenid'); + if (is_string($result)) { // error message + $this->showForm($result); + } + } else if ($this->arg('remove')) { + $this->removeOpenid(); + } else { + $this->showForm(_('Something weird happened.')); + } + } + + /** + * Handles a request to remove an OpenID from the user's account + * + * Validates input and, if everything is OK, deletes the OpenID. + * Reloads the form with a success or error notification. + * + * @return void + */ + + function removeOpenid() + { + $openid_url = $this->trimmed('openid_url'); + + $oid = User_openid::staticGet('canonical', $openid_url); + + if (!$oid) { + $this->showForm(_('No such OpenID.')); + return; + } + $cur = common_current_user(); + if (!$cur || $oid->user_id != $cur->id) { + $this->showForm(_('That OpenID does not belong to you.')); + return; + } + $oid->delete(); + $this->showForm(_('OpenID removed.'), true); + return; + } +} diff --git a/plugins/OpenID/publicxrds.php b/plugins/OpenID/publicxrds.php new file mode 100644 index 0000000000..f088c25d12 --- /dev/null +++ b/plugins/OpenID/publicxrds.php @@ -0,0 +1,122 @@ + + * @author Robin Millette + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://laconi.ca/ + * + * Laconica - a distributed open-source microblogging tool + * Copyright (C) 2008, 2009, Control Yourself, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; + +/** + * Public XRDS for OpenID + * + * @category Action + * @package Laconica + * @author Evan Prodromou + * @author Robin Millette + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://laconi.ca/ + * + * @todo factor out similarities with XrdsAction + */ +class PublicxrdsAction extends Action +{ + /** + * Is read only? + * + * @return boolean true + */ + function isReadOnly($args) + { + return true; + } + + /** + * Class handler. + * + * @param array $args array of arguments + * + * @return nothing + */ + function handle($args) + { + parent::handle($args); + header('Content-Type: application/xrds+xml'); + $this->startXML(); + $this->elementStart('XRDS', array('xmlns' => 'xri://$xrds')); + $this->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $this->element('Type', null, 'xri://$xrds*simple'); + foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { + $this->showService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, + common_local_url($finish)); + } + $this->elementEnd('XRD'); + $this->elementEnd('XRDS'); + $this->endXML(); + } + + /** + * Show service. + * + * @param string $type XRDS type + * @param string $uri URI + * @param array $params type parameters, null by default + * @param array $sigs type signatures, null by default + * @param string $localId local ID, null by default + * + * @return void + */ + function showService($type, $uri, $params=null, $sigs=null, $localId=null) + { + $this->elementStart('Service'); + if ($uri) { + $this->element('URI', null, $uri); + } + $this->element('Type', null, $type); + if ($params) { + foreach ($params as $param) { + $this->element('Type', null, $param); + } + } + if ($sigs) { + foreach ($sigs as $sig) { + $this->element('Type', null, $sig); + } + } + if ($localId) { + $this->element('LocalID', null, $localId); + } + $this->elementEnd('Service'); + } +} +