summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@prodromou.name>2008-06-17 09:35:01 -0400
committerEvan Prodromou <evan@prodromou.name>2008-06-17 09:35:01 -0400
commitc02a01914ab67c2bc25850034a75ee1046fd6870 (patch)
treec95b7ea20255b4791a8f292fd267de643647f1f1
parentc4e50084369432242863161ccd95cca097fac80a (diff)
start openid rp integration
darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz
-rw-r--r--actions/openidlogin.php57
-rw-r--r--classes/Avatar.php6
-rw-r--r--classes/Profile.php12
-rw-r--r--classes/User_openid.php23
-rw-r--r--classes/stoica.ini10
-rw-r--r--db/laconica.sql30
-rw-r--r--doc/roadmap233
7 files changed, 361 insertions, 10 deletions
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
new file mode 100644
index 000000000..0a5182a61
--- /dev/null
+++ b/actions/openidlogin.php
@@ -0,0 +1,57 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+class OpenidloginAction extends Action {
+
+ function handle($args) {
+ parent::handle($args);
+ if (common_logged_in()) {
+ common_user_error(_t('Already logged in.'));
+ } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $this->start_openid_login();
+ } else {
+ $this->show_form();
+ }
+ }
+
+ function show_form($error=NULL) {
+ common_show_header(_t('OpenID Login'));
+ if ($error) {
+ common_element('div', array('class' => 'error'), $error);
+ } else {
+ common_element('div', 'instructions',
+ _t('Login with an OpenID account.'));
+ }
+ common_element_start('form', array('method' => 'POST',
+ 'id' => 'openidlogin',
+ 'action' => common_local_url('openidlogin')));
+ common_input('openid_url', _t('OpenID URL'));
+ common_submit('submit', _t('Login'));
+ common_element_end('form');
+ common_show_footer();
+ }
+
+ function check_login() {
+ # XXX: form token in $_SESSION to prevent XSS
+ # XXX: login throttle
+ $openid_url = $this->trimmed('openid_url');
+ }
+}
diff --git a/classes/Avatar.php b/classes/Avatar.php
index 24dca038e..180777053 100644
--- a/classes/Avatar.php
+++ b/classes/Avatar.php
@@ -4,18 +4,18 @@
*/
require_once 'DB/DataObject.php';
-class Avatar extends DB_DataObject
+class Avatar extends DB_DataObject
{
###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */
public $__table = 'avatar'; // table name
public $profile_id; // int(4) primary_key not_null
- public $original; // tinyint(1)
+ public $original; // tinyint(1)
public $width; // int(4) primary_key not_null
public $height; // int(4) primary_key not_null
public $mediatype; // varchar(32) not_null
- public $filename; // varchar(255)
+ public $filename; // varchar(255)
public $url; // varchar(255) unique_key
public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
diff --git a/classes/Profile.php b/classes/Profile.php
index 5a45d4397..000590a98 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -24,7 +24,7 @@ if (!defined('LACONICA')) { exit(1); }
*/
require_once 'DB/DataObject.php';
-class Profile extends DB_DataObject
+class Profile extends DB_DataObject
{
###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */
@@ -32,11 +32,11 @@ class Profile extends DB_DataObject
public $__table = 'profile'; // table name
public $id; // int(4) primary_key not_null
public $nickname; // varchar(64) not_null
- public $fullname; // varchar(255)
- public $profileurl; // varchar(255)
- public $homepage; // varchar(255)
- public $bio; // varchar(140)
- public $location; // varchar(255)
+ public $fullname; // varchar(255)
+ public $profileurl; // varchar(255)
+ public $homepage; // varchar(255)
+ public $bio; // varchar(140)
+ public $location; // varchar(255)
public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
diff --git a/classes/User_openid.php b/classes/User_openid.php
new file mode 100644
index 000000000..9811879ec
--- /dev/null
+++ b/classes/User_openid.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Table Definition for user_openid
+ */
+require_once 'DB/DataObject.php';
+
+class User_openid extends DB_DataObject
+{
+ ###START_AUTOCODE
+ /* the code below is auto generated do not remove the above tag */
+
+ public $__table = 'user_openid'; // table name
+ public $url; // varchar(255) primary_key not_null
+ public $user_id; // int(4) unique_key not_null
+ public $created; // datetime() not_null
+ public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
+
+ /* Static get */
+ function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('User_openid',$k,$v); }
+
+ /* the code above is auto generated do not remove the tag below */
+ ###END_AUTOCODE
+}
diff --git a/classes/stoica.ini b/classes/stoica.ini
index 38ecfe84b..0f7675e06 100644
--- a/classes/stoica.ini
+++ b/classes/stoica.ini
@@ -115,3 +115,13 @@ id = K
nickname = U
email = U
uri = U
+
+[user_openid]
+url = 130
+user_id = 129
+created = 142
+modified = 384
+
+[user_openid__keys]
+url = K
+user_id = U
diff --git a/db/laconica.sql b/db/laconica.sql
index 97f56bd15..973d4f914 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -112,4 +112,32 @@ create table nonce (
constraint primary key (consumer_key, tok, nonce),
constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
-); \ No newline at end of file
+);
+
+/* One-to-many relationship of user to openid_url */
+
+create table user_openid (
+ url varchar(255) primary key comment 'OpenID URL',
+ user_id integer not null unique key comment 'user owning this URL' references user (id),
+ created datetime not null comment 'date this record was created',
+ modified timestamp comment 'date this record was modified'
+);
+
+/* These are used by JanRain OpenID library */
+
+create table oid_associations (
+ server_url BLOB,
+ handle VARCHAR(255),
+ secret BLOB,
+ issued INTEGER,
+ lifetime INTEGER,
+ assoc_type VARCHAR(64),
+ PRIMARY KEY (server_url(255), handle)
+);
+
+create table oid_nonces (
+ server_url VARCHAR(2047),
+ timestamp INTEGER,
+ salt CHAR(40),
+ UNIQUE (server_url(255), timestamp, salt)
+);
diff --git a/doc/roadmap b/doc/roadmap
new file mode 100644
index 000000000..65f2750f0
--- /dev/null
+++ b/doc/roadmap
@@ -0,0 +1,233 @@
+Roadmap
+-------
+
+This is a roadmap of tasks for different versions of the
+[Laconica](http://laconi.ca/) software. It's meant to help answer the
+question, "Is Laconica ever going to have such-and-such a feature?" or
+"When will Laconica do such-and-such?"
+
+Release 0.1
+-----------
+
+This was an internal milestone release, mostly for developing the core
+functionality.
+
++ login
++ register
++ settings
++ upload avatar
++ change password
++ settings menu
++ disallow login if user is logged in
++ disallow register if user is logged in
++ common_current_user()
++ common_logged_in()
++ session variable for login
++ post notice
++ logout
++ subscribe
++ unsubscribe
++ subscribe links on profile
++ header menu
++ footer menu
++ disallow direct to PHP files
++ common_local_url()
++ configuration for DB_DataObject
++ date formatting
++ new notice redirects to notice page
++ date in shown notice links to notice page
++ common_redirect()
++ configuration system ($config)
+
+Release 0.2
+-----------
+
+Another internal milestone. Bumped up from cruddy caveman HTML to a
+borrowed design from [OSWD](http://www.oswd.org/), added a lot of RSS
+generation, and more careful form validation.
+
++ design from Open Source Web Designs
++ add H1 to each page
++ add H2 for each page section
++ default to public stream
++ default avatar
++ default HTML type
++ set Content-Type
++ show current values in profile settings
++ save profile URL in profilesettings
++ save profile URL on registration
++ require valid nicknames
++ reject empty notices
++ validate registration form results
++ validate profilesettings form results
++ validate newnotice form results
++ remove validation code from classes
++ use only canonical usernames
++ fix layout of textarea
++ make notices into "big links"
++ RSS 1.0 feeds of a user's notices
++ RSS 1.0 feeds of a user's notices + friends
++ RSS 1.0 dump of a user's notices
++ RSS 1.0 feed of all public notices
++ deal with PHP quotes escaping
++ source link in footer menu
++ public stream link in top menu
++ dump, fix, undump database
+
+Release 0.3
+-----------
+
+First public release (theoretically). Added distributed subscriptions,
+"fancy" URLs, and a new graphic design for stoi.ca.
+
++ YADIS document link on showstream
++ YADIS document
++ subscribe remote
++ add subscriber remote
++ server side of user authorization
++ server side of request token
++ server side of access token
++ OAuth store
++ log of consumers who ask for access
++ receive remote notice
++ send remote notice
++ receive remote profile update
++ send remote profile update
++ subscribe form for not-logged-in users on showstream
++ pretty URLs
++ doc action
++ about doc
++ help doc
++ privacy doc
++ source doc
++ roadmap doc
++ add a way to stick variables into documents
++ FOAF document for user
++ license in RSS feeds
++ TOS checkbox on register
++ registration instructions
++ login instructions
++ profile settings instructions
++ avatar instructions
++ password change instructions
++ fix spacing on notices
++ fix spacing in profile
++ add a next page link to showstream
++ add a next page link to public
++ add a next page link to all
++ @ messages
++ Automatically linkify URLs in notices
++ themes
++ theme per site
++ only local notices in public stream
++ only local notices in public RSS
++ graphic refresh on all
++ graphic refresh on avatar
++ graphic refresh on doc
++ graphic refresh on login
++ graphic refresh on newnotice
++ graphic refresh on password
++ graphic refresh on profilesettings
++ graphic refresh on public
++ graphic refresh on register
++ graphic refresh on remotesubscribe
++ graphic refresh on shownotice
++ graphic refresh on showstream
++ graphic refresh on subscribed
++ graphic refresh on subscriptions
++ graphic refresh on userauthorization
++ correct use of views menu in settings
++ correct use of views menu in streams
++ content negotiation for content type
+
+Release 0.4
+-----------
+
+- contact doc
+- FAQ doc
+- update default theme to use new, more semantic, HTML
+- INSTALL file
+- limit entry in textarea to 140 chars
++ AGPL notification
+- Check licenses of all libraries for compatibility
+- jQuery for as much as possible
+- forward notices to Jabber
+- receive notices from Jabber
+- forward notices to other IM
+- forward notices to mobile phone
+- receive notices from other IM
+- receive notices from mobile phone
+- microid for profile page
+- format times per user
+- timezone preferences in Profile settings
++ email notification on subscriptions
+- content negotiation for interface language
+- user preference for interface language
+- gettext
+- tinyurl-ification of URLs
+- set Last-Modified
+- XML sitemap generation
+- email confirmation for registration
+- email options
+- change cookie handling for anon users to be more cache-friendly
+- content negotiation for encoding
+- If-Modified-Since support
+- Vary
++ site logo
+- check license compatibility for remote subscribe
+- optional FOAF URL in openmicroblogging exchange
+- subscribe/unsubscribe on subscriptions page
+- subscribe/unsubscribe on subscribed page
+
+Release 0.5
+-----------
+
+- content negotiation for charset (iconv?)
+- license per notice
+- use only canonical email addresses
+- allow mixed-case usernames
+- allow non-latin usernames
+- store canonical username for comparison and fetch
+- theme per profile
+- email newsletter
+- RDF dump of entire site
+- delete a notice
+- plugins and hooks and other extensibility
+- RDFa for stream pages
+- RDFa for subscriber pages
+- RDFa for subscribed pages
+- # tags
+- L: location
+- hreviews
+- stay logged in between sessions
+- use RSS as a subscription
+- license per attachment
+
+Release 0.6
+-----------
+
+- URL notices
+- image notices
+- video notices
+- audio notices
+- machine tags
+
+Release 1.0
+-----------
+
+- OAuth for third-party tools (desktop, other sites)
+- Twitter-compatible API
+- Pownce-compatible API
+- include twitter subscriptions (push and pull)
+- include Pownce subscriptions (push and pull)
+- privacy
+- Wrap DB_DataObject with memcached caching layer
+- login throttle to prevent brute-force attacks
+- form token in login to prevent XSS
+
+Post-1.0
+--------
+
+- Atom Publishing Protocol
+- "Universal" public feed
+- global registry (LDAP at openmicroblogging.net, maybe?) \ No newline at end of file