Redirect to a one-time-password when ssl and regular server are different

1 files changed, 145 insertions, 0 deletions

diff --git a/actions/otp.php b/actions/otp.php
new file mode 100644
index 000000000..acf84aee8
--- /dev/null
+++ b/actions/otp.php
@@ -0,0 +1,145 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Allow one-time password login
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  Login
+ * @package   StatusNet
+ * @author    Evan Prodromou <evan@status.net>
+ * @copyright 2010 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3
+ * @link      http://status.net/
+ */
+
+if (!defined('STATUSNET')) {
+    exit(1);
+}
+
+/**
+ * Allow one-time password login
+ *
+ * This action will automatically log in the user identified by the user_id
+ * parameter. A login_token record must be constructed beforehand, typically
+ * by code where the user is already authenticated.
+ *
+ * @category  Login
+ * @package   StatusNet
+ * @author    Evan Prodromou <evan@status.net>
+ * @copyright 2010 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3
+ * @link      http://status.net/
+ */
+
+class OtpAction extends Action
+{
+    var $user;
+    var $token;
+    var $rememberme;
+    var $returnto;
+    var $lt;
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        if (common_is_real_login()) {
+            $this->clientError(_('Already logged in.'));
+            return false;
+        }
+
+        $id = $this->trimmed('user_id');
+
+        if (empty($id)) {
+            $this->clientError(_('No user ID specified.'));
+            return false;
+        }
+
+        $this->user = User::staticGet('id', $id);
+
+        if (empty($this->user)) {
+            $this->clientError(_('No such user.'));
+            return false;
+        }
+
+        $this->token = $this->trimmed('token');
+
+        if (empty($this->token)) {
+            $this->clientError(_('No login token specified.'));
+            return false;
+        }
+
+        $this->lt = Login_token::staticGet('user_id', $id);
+
+        if (empty($this->lt)) {
+            $this->clientError(_('No login token requested.'));
+            return false;
+        }
+
+        if ($this->lt->token != $this->token) {
+            $this->clientError(_('Invalid login token specified.'));
+            return false;
+        }
+
+        if ($this->lt->modified > time() + Login_token::TIMEOUT) {
+            //token has expired
+            //delete the token as it is useless
+            $this->lt->delete();
+            $this->lt = null;
+            $this->clientError(_('Login token expired.'));
+            return false;
+        }
+
+        $this->rememberme = $this->boolean('rememberme');
+        $this->returnto = $this->trimmed('returnto');
+
+        return true;
+    }
+
+	function handle($args)
+    {
+        parent::handle($args);
+
+        // success!
+        if (!common_set_user($this->user)) {
+            $this->serverError(_('Error setting user. You are probably not authorized.'));
+            return;
+        }
+
+        // We're now logged in; disable the lt
+
+        $this->lt->delete();
+        $this->lt = null;
+
+        if ($this->rememberme) {
+            common_rememberme($this->user);
+        }
+
+        if (!empty($this->returnto)) {
+            $url = $this->returnto;
+            // We don't have to return to it again
+            common_set_returnto(null);
+        } else {
+            $url = common_local_url('all',
+                                    array('nickname' =>
+                                          $this->user->nickname));
+        }
+
+        common_redirect($url, 303);
+    }
+}