diff options
-rw-r--r-- | README | 12 | ||||
-rw-r--r-- | doc/openmicroblogging.txt | 325 | ||||
-rw-r--r-- | extlib/Auth/OpenID.php | 2 | ||||
-rw-r--r-- | extlib/Auth/OpenID/Consumer.php | 4 | ||||
-rw-r--r-- | extlib/Auth/OpenID/Server.php | 12 |
5 files changed, 19 insertions, 336 deletions
@@ -667,7 +667,7 @@ Upgrading ========= If you've been using Laconica 0.6, 0.5 or lower, or if you've been -tracking the "darcs" version of the software, you will probably want +tracking the "git" version of the software, you will probably want to upgrade and keep your existing data. There is no automated upgrade procedure in Laconica 0.6.4. Try these step-by-step instructions; read to the end first before trying them. @@ -1068,7 +1068,7 @@ The primary output for Laconica is syslog, unless you configured a separate logfile. This is probably the first place to look if you're getting weird behaviour from Laconica. -If you're tracking the unstable version of Laconica in the darcs +If you're tracking the unstable version of Laconica in the git repository (see below), and you get a compilation error ("unexpected T_STRING") in the browser, check to see that you don't have any conflicts in your code. @@ -1103,12 +1103,12 @@ Unstable version ================ If you're adventurous or impatient, you may want to install the -development version of Laconica. To get it, use the darcs version -control tool (http://darcs.net/) like so: +development version of Laconica. To get it, use the git version +control tool (http://git-scm.com/) like so: - darcs get http://laconi.ca/darcs/ mublog + git clone http://laconi.ca/software/laconica.git -To keep it up-to-date, use 'darcs pull'. Watch for conflicts! +To keep it up-to-date, use 'git pull'. Watch for conflicts! Further information =================== diff --git a/doc/openmicroblogging.txt b/doc/openmicroblogging.txt deleted file mode 100644 index a0df04035..000000000 --- a/doc/openmicroblogging.txt +++ /dev/null @@ -1,325 +0,0 @@ -=============================== -OpenMicroBlogging specification -=============================== - -:Author: Evan Prodromou (Control Yourself, Inc.) -:Contact: evan@controlezvous.ca -:Revision: 0.1.1 -:Date: 2008-07-07 -:Copyright: To the extent possible under law, Control Yourself, Inc - has waived all copyright, moral rights, database rights, - and any other rights that might be asserted over - The OpenMicroBlogging specification. - -Purpose -======= - -To allow users of one microblogging service to publish notices to -users of another service, given the other users' permission. - -Enabling technologies -===================== - -Depends on OAuth 1.0, OAuth Discovery 1.0, YADIS 1.0. - -We piggy-back additional information onto these protocols to pass -microblogging information back and forth. - -Terminology -=========== - -microblogging service - undefined. -user - undefined. -listen - to allow a remote service to send notices to the user's local - service on a remote user's behalf. -listener - the person listening. -listenee - the user sending notices. -remote service - the listenee's microblogging service. -local service - the listener's microblogging service. -profile URL - "home" URL for the listener, typically their profile page on a - microblogging site. -nickname - An alphanumeric short name for a person, 1-64 characters. -identifier URI - A globally unique and unchanging identifying URI for a user. - Need not be an URL. [*]_ -notice URI - A unique and unchanging identifier for a notice. Need not be an - URL. [*]_ - -.. [*] May be the profile URL, if it's defined not to change or be - re-used. The profile URL of some services includes the nickname, - and some let the user change his/her nickname. This user's profile - URL may change from 'http://example.net/~john' to - 'http://example.net/~johnsmith' A tag URI, like - 'tag:example.net,2008:user:1' may be more appropriate here. -.. [*] IWBNI the notice URI is used everywhere the notice is - published; for example, in any RSS feeds. - -Initiation -========== - -The user submits their profile URL [*]_ to the remote service somehow -- -for example, with an HTML form on the remote service's Web site. - -.. [*] For OAuth Discovery, this is the "protected resource". It may - be more correct that the protected resource is the postNotice URL - (see below), but the listener will be more familiar with their own - profile URL. So there will have to be discovery of the postNotice - URL anyways, and it might as well all be done in one step. - -Discovery -========= - -The remote service recovers a YADIS document from the profile URL, as -described in OAuth Discovery. - -The request token service must have a LocalID associated with it, -containing the identifier URI for the listener. - -The following two extra services must be included in the YADIS -document, with accompanying URIs. - -http://openmicroblogging.org/protocol/0.1/postNotice - Post Notice URL, as defined below. - -http://openmicroblogging.org/protocol/0.1/updateProfile - Update Profile URL, as defined below. - -If any of the URIs is unavailable, the remote service MUST stop -processing. - -Authorization -============= - -The remote service must go through the OAuth 1.0 dance to get -authorization to post notices and update profiles. - -In all OAuth, the consumer key should be the root URL for the -microblogging service, if available. The secret should be the blank -string (''), unless the remote server and local service have negotiated -another key. Such negotiation is out-of-scope for this document, and we -assume an "open" network of microblogging services. But if you want to -have that kind of network, do it with this key. - -The remote service MUST do OAuth for every new listener, regardless of -whether they've already received authorization for posting to the -given postNotice URL. See `Posting a Notice`_ below. - -Request token -------------- - -The remote service uses the defined requestToken URL to get a request -token. - -In the request token HTTP request, the remote service MUST send the -following additional parameter(s): - -omb_version - 'http://openmicroblogging.org/protocol/0.1' -omb_listener - The identifier URI for the listener. - -In the results for the request token request, the local service MUST -send the following additional parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1' - -User authorization ------------------- - -In requesting user authorization, the remote service must send the -following parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listener - The identifier URI for the listener. -omb_listenee - The identifier URI for the listenee. -omb_listenee_profile - The profile URL of the listenee. -omb_listenee_nickname - The nickname of the listenee. -omb_listenee_license - The default license URL for the listenee's stream. Typically the - URL of a Creative Commons license, with the Attribution license - being heavily encouraged. CC0 quitclaim also pretty good. The - local service MAY reject listenees if their licenses are - incompatible with the service. - -The remote service should send as many of the following parameters as -possible. This will help the user decide if they really want to allow -the listening to happen, and allow the local service to store a copy -of the listenee's profile. - -omb_listenee_fullname - The full name of the listenee. Up to 255 chars. -omb_listenee_homepage - The home page of the listenee (may be distinct from the profile - URL). -omb_listenee_bio - A brief biography of the listenee; less than 140 chars. -omb_listenee_location - Physical location of the listenee; less that 255 chars. No fixed - structure, but "Locality, Region, Country" or "Locality, Country" - or "Locality, Region" recommended. -omb_listenee_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listenee. - -The local service, in a successful response, must return the -following additional parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listener_nickname - A nickname for the listener. -omb_listener_profile - The profile URL for the listener, possibly cleaned up or - canonicalized. - -It should return as many of the following as possible: - -omb_listener_fullname - The full name of the listener. Up to 255 chars. -omb_listener_homepage - The home page of the listener (may be distinct from the profile - URL). -omb_listener_bio - A brief biography of the listener; less than 140 chars. -omb_listener_location - Physical location of the listener; less that 255 chars. No fixed - structure, but "Locality, Region, Country" or "Locality, Country" - or "Locality, Region" recommended. -omb_listener_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listener. - -This will allow the remote service to display information about the -listener in the listenee's "listeners" or "subscribers" list. - -Access token ------------- - -The access token step of the OAuth protocol requires no additional -parameters. - -Posting a Notice -================ - -To post a notice to the local service, the remote service sends an HTTP -POST message to the postNotice URL discovered above. The message must -use OAuth authorization. The message must also include the following -parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listenee - The identifier URI for the listenee. -omb_notice - The notice URI. -omb_notice_content - The content of the notice. No maximum, but 140 chars is recommended. - -The message may include the following parameters: - -omb_notice_url - The URL of the notice, if the notice is retrievable. -omb_notice_license - The URL of the license for the notice, if different from the - listenee's default license. -omb_seealso - URL of additional content for the notice; for example, an image, - video, or audio file. -omb_seealso_disposition - One of 'link' or 'inline', to recommend how the extra data should - be shown. Default 'link'. -omb_seealso_mediatype - Internet Media Type of the see-also data. Advisory, probably - shouldn't be trusted. -omb_seealso_license - License for the attached data. May be distinct from the notice's - license (if they're passing along someone else's content). - -The local service should include the following parameters in its -response: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. - -The local service makes no guarantees about the delivery of the notice -to anyone. - -The remote service SHOULD NOT send a message with the same notice URL -to the same postNotice URL more than once. [*]_ If the request returns -a 403 Unauthorized message, the remote service SHOULD NOT post -messages to the same URL again with the same listenee, until another -listener has gone through the OAuth dance. [*]_ - -.. [*] A half-assed optimization. A local service may have a lot of - listeners listening to the same listenee. It would be pointless to - have the remote service post the same notice 100 times to the same - service. However, if the local service wants fine-grained control, - it can have a different postNotice URL for each listener. -.. [*] If there's one postNotice URL per listener, the 403 message - means the listener has told the local service not to allow posting - any more ("unsubscribed"). If there's one postNotice URL per local - service, it means that the count of listeners has dropped to 0. - -Updating a profile -================== - -If the listenee's profile information changes, the remote service MAY -send an HTTP POST message to to the updateProfile URL to tell the -local service about the change. - -The message must use OAuth authorization. The message must also -include the following parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listenee - The identifier URI for the listenee. - -The message may include any of the following parameters: - -omb_listenee_profile - The profile URL of the listenee. -omb_listenee_nickname - The nickname of the listenee. -omb_listenee_license - The default license URL for the listenee's stream. A change in the - default license only applies to future notices; notices previous - to the update SHOULD be treated as under the old license. -omb_listenee_fullname - The full name of the listenee. Up to 255 chars. -omb_listenee_homepage - The home page of the listenee. -omb_listenee_bio - A brief biography of the listenee; less than 140 chars. -omb_listenee_location - Physical location of the listenee; less that 255 chars. -omb_listenee_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listenee. - -Missing parameters should not be construed to mean that the profile -field has been blanked. The remote service MUST set the parameter to -an empty string to show that the field is blank. - -References -========== - -* OAuth: http://oauth.net/ -* OAuth Discovery: http://oauth.net/discovery/1.0 -* XRDS Simple: http://xrds-simple.net/core/1.0/
\ No newline at end of file diff --git a/extlib/Auth/OpenID.php b/extlib/Auth/OpenID.php index 6a6e54f8b..6556b5b01 100644 --- a/extlib/Auth/OpenID.php +++ b/extlib/Auth/OpenID.php @@ -20,7 +20,7 @@ /** * The library version string */ -define('Auth_OpenID_VERSION', '2.1.1'); +define('Auth_OpenID_VERSION', '2.1.2'); /** * Require the fetcher code. diff --git a/extlib/Auth/OpenID/Consumer.php b/extlib/Auth/OpenID/Consumer.php index 6631cbaa9..a72684c6b 100644 --- a/extlib/Auth/OpenID/Consumer.php +++ b/extlib/Auth/OpenID/Consumer.php @@ -711,7 +711,9 @@ class Auth_OpenID_GenericConsumer { return $this->_completeInvalid($message, $endpoint); } - return new Auth_OpenID_SetupNeededResponse($endpoint); + $user_setup_url = $message->getArg(Auth_OpenID_OPENID2_NS, + 'user_setup_url'); + return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } /** diff --git a/extlib/Auth/OpenID/Server.php b/extlib/Auth/OpenID/Server.php index e746bcc57..f1db4d872 100644 --- a/extlib/Auth/OpenID/Server.php +++ b/extlib/Auth/OpenID/Server.php @@ -765,12 +765,17 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { function Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root = null, $immediate = false, - $assoc_handle = null, $server = null) + $assoc_handle = null, $server = null, + $claimed_id = null) { $this->namespace = Auth_OpenID_OPENID2_NS; $this->assoc_handle = $assoc_handle; $this->identity = $identity; - $this->claimed_id = $identity; + if ($claimed_id === null) { + $this->claimed_id = $identity; + } else { + $this->claimed_id = $claimed_id; + } $this->return_to = $return_to; $this->trust_root = $trust_root; $this->server =& $server; @@ -1098,7 +1103,8 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { $this->trust_root, false, $this->assoc_handle, - $this->server); + $this->server, + $this->claimed_id); $setup_request->message = $this->message; $setup_url = $setup_request->encodeToURL($server_url); |