summaryrefslogtreecommitdiff
path: root/plugins/OpenID/openid.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/OpenID/openid.php')
-rw-r--r--plugins/OpenID/openid.php49
1 files changed, 45 insertions, 4 deletions
diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php
index 4ec336e1c..8be02e031 100644
--- a/plugins/OpenID/openid.php
+++ b/plugins/OpenID/openid.php
@@ -144,8 +144,10 @@ function oid_authenticate($openid_url, $returnto, $immediate=false)
// Handle failure status return values.
if (!$auth_request) {
+ common_log(LOG_ERR, __METHOD__ . ": mystery fail contacting $openid_url");
return _m('Not a valid OpenID.');
} else if (Auth_OpenID::isFailure($auth_request)) {
+ common_log(LOG_ERR, __METHOD__ . ": OpenID fail to $openid_url: $auth_request->message");
return sprintf(_m('OpenID failure: %s'), $auth_request->message);
}
@@ -164,6 +166,15 @@ function oid_authenticate($openid_url, $returnto, $immediate=false)
$auth_request->addExtension($sreg_request);
}
+ $requiredTeam = common_config('openid', 'required_team');
+ if ($requiredTeam) {
+ // LaunchPad OpenID extension
+ $team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam));
+ if ($team_request) {
+ $auth_request->addExtension($team_request);
+ }
+ }
+
$trust_root = common_root_url(true);
$process_url = common_local_url($returnto);
@@ -212,11 +223,14 @@ function _oid_print_instructions()
'OpenID provider.'));
}
-# update a user from sreg parameters
-
-function oid_update_user(&$user, &$sreg)
+/**
+ * Update a user from sreg parameters
+ * @param User $user
+ * @param array $sreg fields from OpenID sreg response
+ * @access private
+ */
+function oid_update_user($user, $sreg)
{
-
$profile = $user->getProfile();
$orig_profile = clone($profile);
@@ -286,6 +300,33 @@ function oid_assert_allowed($url)
return;
}
+/**
+ * Check the teams available in the given OpenID response
+ * Using Launchpad's OpenID teams extension
+ *
+ * @return boolean whether this user is acceptable
+ */
+function oid_check_teams($response)
+{
+ $requiredTeam = common_config('openid', 'required_team');
+ if ($requiredTeam) {
+ $team_resp = new Auth_OpenID_TeamsResponse($response);
+ if ($team_resp) {
+ $teams = $team_resp->getTeams();
+ } else {
+ $teams = array();
+ }
+
+ $match = in_array($requiredTeam, $teams);
+ $is = $match ? 'is' : 'is not';
+ common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]");
+
+ return $match;
+ }
+
+ return true;
+}
+
class AutosubmitAction extends Action
{
var $form_html = null;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-08-05 06:24:56 +0000