summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/openidlogin.php89
-rw-r--r--actions/openidsettings.php88
-rw-r--r--lib/openid.php79
3 files changed, 87 insertions, 169 deletions
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index 9b0b1793c..fa04d4576 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -28,7 +28,10 @@ class OpenidloginAction extends Action {
if (common_logged_in()) {
common_user_error(_t('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $this->start_openid_login();
+ $result = oid_authenticate($this->trimmed('openid_url'), 'finishopenidlogin');
+ if (is_string($result)) { # error message
+ $this->show_form($result);
+ }
} else {
$this->show_form();
}
@@ -50,88 +53,4 @@ class OpenidloginAction extends Action {
common_element_end('form');
common_show_footer();
}
-
- function start_openid_login() {
- # XXX: form token in $_SESSION to prevent XSS
- # XXX: login throttle
- $openid_url = $this->trimmed('openid_url');
-
- $consumer = oid_consumer();
-
- if (!$consumer) {
- common_server_error(_t('Cannot instantiate OpenID consumer object.'));
- return;
- }
-
- common_ensure_session();
-
- $auth_request = $consumer->begin($openid_url);
-
- // Handle failure status return values.
- if (!$auth_request) {
- $this->show_form(_t('Not a valid OpenID.'));
- return;
- } else if (Auth_OpenID::isFailure($auth_request)) {
- $this->show_form(_t('OpenID failure: ') . $auth_request->message);
- return;
- }
-
- $sreg_request = Auth_OpenID_SRegRequest::build(// Required
- array(),
- // Optional
- array('nickname',
- 'email',
- 'fullname',
- 'language',
- 'timezone',
- 'postcode',
- 'country'));
-
- if ($sreg_request) {
- $auth_request->addExtension($sreg_request);
- }
-
- $trust_root = common_root_url();
- $process_url = common_local_url('finishopenidlogin');
-
- if ($auth_request->shouldSendRedirect()) {
- $redirect_url = $auth_request->redirectURL($trust_root,
- $process_url);
- if (!$redirect_url) {
- } else if (Auth_OpenID::isFailure($redirect_url)) {
- $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message);
- return;
- } else {
- common_redirect($redirect_url);
- }
- } else {
- // Generate form markup and render it.
- $form_id = 'openid_message';
- $form_html = $auth_request->formMarkup($trust_root, $process_url,
- false, array('id' => $form_id));
-
- # XXX: This is cheap, but things choke if we don't escape ampersands
- # in the HTML attributes
-
- $form_html = preg_replace('/&/', '&', $form_html);
-
- // Display an error if the form markup couldn't be generated;
- // otherwise, render the HTML.
- if (Auth_OpenID::isFailure($form_html)) {
- $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
- } else {
- common_show_header(_t('OpenID Auto-Submit'));
- common_element('p', 'instructions',
- _t('This form should automatically submit itself. '.
- 'If not, click the submit button to go to your '.
- 'OpenID provider.'));
- common_raw($form_html);
- common_element('script', NULL,
- '$(document).ready(function() { ' .
- ' $("#'. $form_id .'").submit(); '.
- '});');
- common_show_footer();
- }
- }
- }
}
diff --git a/actions/openidsettings.php b/actions/openidsettings.php
index c918cc27e..d4ec8a8cd 100644
--- a/actions/openidsettings.php
+++ b/actions/openidsettings.php
@@ -80,7 +80,10 @@ class OpenidsettingsAction extends SettingsAction {
function handle_post() {
if ($this->arg('add')) {
- $this->add_openid();
+ $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid');
+ if (is_string($result)) { # error message
+ $this->show_form($result);
+ }
} else if ($this->arg('remove')) {
$this->remove_openid();
} else {
@@ -105,87 +108,4 @@ class OpenidsettingsAction extends SettingsAction {
$this->show_form(_t('OpenID removed.', true));
return;
}
-
- function add_openid() {
-
- $openid_url = $this->trimmed('openid_url');
-
- $consumer = oid_consumer();
-
- if (!$consumer) {
- common_server_error(_t('Cannot instantiate OpenID consumer object.'));
- return;
- }
-
- common_ensure_session();
-
- $auth_request = $consumer->begin($openid_url);
-
- // Handle failure status return values.
- if (!$auth_request) {
- $this->show_form(_t('Not a valid OpenID.'));
- return;
- } else if (Auth_OpenID::isFailure($auth_request)) {
- $this->show_form(_t('OpenID failure: ') . $auth_request->message);
- return;
- }
-
- $sreg_request = Auth_OpenID_SRegRequest::build(// Required
- array(),
- // Optional
- array('nickname',
- 'email',
- 'fullname',
- 'language',
- 'timezone',
- 'postcode',
- 'country'));
-
- if ($sreg_request) {
- $auth_request->addExtension($sreg_request);
- }
-
- $trust_root = common_root_url();
- $process_url = common_local_url('finishaddopenid');
-
- if ($auth_request->shouldSendRedirect()) {
- $redirect_url = $auth_request->redirectURL($trust_root,
- $process_url);
- if (!$redirect_url) {
- } else if (Auth_OpenID::isFailure($redirect_url)) {
- $this->show_form(_t('Could not redirect to server: ') . $redirect_url->message);
- return;
- } else {
- common_redirect($redirect_url);
- }
- } else {
- // Generate form markup and render it.
- $form_id = 'openid_message';
- $form_html = $auth_request->formMarkup($trust_root, $process_url,
- false, array('id' => $form_id));
-
- # XXX: This is cheap, but things choke if we don't escape ampersands
- # in the HTML attributes
-
- $form_html = preg_replace('/&/', '&', $form_html);
-
- // Display an error if the form markup couldn't be generated;
- // otherwise, render the HTML.
- if (Auth_OpenID::isFailure($form_html)) {
- $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
- } else {
- common_show_header(_t('OpenID Auto-Submit'));
- common_element('p', 'instructions',
- _t('This form should automatically submit itself. '.
- 'If not, click the submit button to go to your '.
- 'OpenID provider.'));
- common_raw($form_html);
- common_element('script', NULL,
- '$(document).ready(function() { ' .
- ' $("#'. $form_id .'").submit(); '.
- '});');
- common_show_footer();
- }
- }
- }
} \ No newline at end of file
diff --git a/lib/openid.php b/lib/openid.php
index c41b3424c..c28041554 100644
--- a/lib/openid.php
+++ b/lib/openid.php
@@ -59,3 +59,82 @@ function oid_link_user($id, $canonical, $display) {
return true;
}
+
+function oid_authenticate($openid_url, $returnto) {
+
+ $consumer = oid_consumer();
+
+ if (!$consumer) {
+ common_server_error(_t('Cannot instantiate OpenID consumer object.'));
+ return false;
+ }
+
+ common_ensure_session();
+
+ $auth_request = $consumer->begin($openid_url);
+
+ // Handle failure status return values.
+ if (!$auth_request) {
+ return _t('Not a valid OpenID.');
+ } else if (Auth_OpenID::isFailure($auth_request)) {
+ return _t('OpenID failure: ') . $auth_request->message;
+ }
+
+ $sreg_request = Auth_OpenID_SRegRequest::build(// Required
+ array(),
+ // Optional
+ array('nickname',
+ 'email',
+ 'fullname',
+ 'language',
+ 'timezone',
+ 'postcode',
+ 'country'));
+
+ if ($sreg_request) {
+ $auth_request->addExtension($sreg_request);
+ }
+
+ $trust_root = common_root_url();
+ $process_url = common_local_url($returnto);
+
+ if ($auth_request->shouldSendRedirect()) {
+ $redirect_url = $auth_request->redirectURL($trust_root,
+ $process_url);
+ if (!$redirect_url) {
+ } else if (Auth_OpenID::isFailure($redirect_url)) {
+ return _t('Could not redirect to server: ') . $redirect_url->message;
+ } else {
+ common_redirect($redirect_url);
+ }
+ } else {
+ // Generate form markup and render it.
+ $form_id = 'openid_message';
+ $form_html = $auth_request->formMarkup($trust_root, $process_url,
+ false, array('id' => $form_id));
+
+ # XXX: This is cheap, but things choke if we don't escape ampersands
+ # in the HTML attributes
+
+ $form_html = preg_replace('/&/', '&', $form_html);
+
+ // Display an error if the form markup couldn't be generated;
+ // otherwise, render the HTML.
+ if (Auth_OpenID::isFailure($form_html)) {
+ $this->show_form(_t('Could not create OpenID form: ') . $form_html->message);
+ } else {
+ common_show_header(_t('OpenID Auto-Submit'));
+ common_element('p', 'instructions',
+ _t('This form should automatically submit itself. '.
+ 'If not, click the submit button to go to your '.
+ 'OpenID provider.'));
+ common_raw($form_html);
+ common_element('script', NULL,
+ '$(document).ready(function() { ' .
+ ' $("#'. $form_id .'").submit(); '.
+ '});');
+ common_show_footer();
+ }
+ }
+ }
+} \ No newline at end of file