add whitelist and blacklist for openid URLs

author: Evan Prodromou <evan@status.net> 2010-03-25 16:58:05 -0400
committer: Evan Prodromou <evan@status.net> 2010-03-25 16:58:05 -0400
commit: 9c63ae6e443e7b23f64e31617a1762393473509a (patch)
tree: 740ce8c74676f0ee5c6d1482891ad01d8c79a9a9 /plugins/OpenID/openid.php
parent: 5b23b7e7367a1c42ac5e44b0d799328a8235d96c (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php
index d49941aed..152438917 100644
--- a/plugins/OpenID/openid.php
+++ b/plugins/OpenID/openid.php
@@ -257,6 +257,35 @@ function oid_update_user(&$user, &$sreg)
     return true;
 }
 
+function oid_assert_allowed($url)
+{
+    $blacklist = common_config('openid', 'blacklist');
+    $whitelist = common_config('openid', 'whitelist');
+
+    if (empty($blacklist)) {
+        $blacklist = array();
+    }
+
+    if (empty($whitelist)) {
+        $whitelist = array();
+    }
+
+    foreach ($blacklist as $pattern) {
+        if (preg_match("/$pattern/", $url)) {
+            common_log(LOG_INFO, "Matched OpenID blacklist pattern {$pattern} with {$url}");
+            foreach ($whitelist as $exception) {
+                if (preg_match("/$exception/", $url)) {
+                    common_log(LOG_INFO, "Matched OpenID whitelist pattern {$exception} with {$url}");
+                    return;
+                }
+            }
+            throw new ClientException(_m("Unauthorized URL used for OpenID login."), 403);
+        }
+    }
+
+    return;
+}
+
 class AutosubmitAction extends Action
 {
     var $form_html = null;
author	Evan Prodromou <evan@status.net>	2010-03-25 16:58:05 -0400
committer	Evan Prodromou <evan@status.net>	2010-03-25 16:58:05 -0400
commit	9c63ae6e443e7b23f64e31617a1762393473509a (patch)
tree	740ce8c74676f0ee5c6d1482891ad01d8c79a9a9 /plugins/OpenID/openid.php
parent	5b23b7e7367a1c42ac5e44b0d799328a8235d96c (diff)