diff options
Diffstat (limited to 'plugins/OpenID')
-rw-r--r-- | plugins/OpenID/OpenIDPlugin.php | 239 | ||||
-rw-r--r-- | plugins/OpenID/User_openid.php | 5 | ||||
-rw-r--r-- | plugins/OpenID/User_openid_trustroot.php | 5 | ||||
-rw-r--r-- | plugins/OpenID/openid.php | 6 | ||||
-rw-r--r-- | plugins/OpenID/openidsettings.php | 70 |
5 files changed, 270 insertions, 55 deletions
diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 248afe3fa..1724b5f7b 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -59,6 +59,8 @@ class OpenIDPlugin extends Plugin * * Hook for RouterInitialized event. * + * @param Net_URL_Mapper $m URL mapper + * * @return boolean hook return */ @@ -67,54 +69,87 @@ class OpenIDPlugin extends Plugin $m->connect('main/openid', array('action' => 'openidlogin')); $m->connect('main/openidtrust', array('action' => 'openidtrust')); $m->connect('settings/openid', array('action' => 'openidsettings')); - $m->connect('index.php?action=finishopenidlogin', array('action' => 'finishopenidlogin')); - $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); + $m->connect('index.php?action=finishopenidlogin', + array('action' => 'finishopenidlogin')); + $m->connect('index.php?action=finishaddopenid', + array('action' => 'finishaddopenid')); $m->connect('main/openidserver', array('action' => 'openidserver')); return true; } + /** + * Public XRDS output hook + * + * Puts the bits of code needed by some OpenID providers to show + * we're good citizens. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndPublicXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { $xrdsOutputter->showXrdsService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); + common_local_url($finish)); } //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/server', - common_local_url('openidserver'), - null, - null, - 'http://specs.openid.net/auth/2.0/identifier_select'); + common_local_url('openidserver'), + null, + null, + 'http://specs.openid.net/auth/2.0/identifier_select'); $xrdsOutputter->elementEnd('XRD'); } + /** + * User XRDS output hook + * + * Puts the bits of code needed to discover OpenID endpoints. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndUserXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xml:id' => 'openid', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xml:id' => 'openid', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/return_to', - common_local_url('finishopenidlogin')); + common_local_url('finishopenidlogin')); //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/signon', - common_local_url('openidserver'), - null, - null, - common_profile_url($action->user->nickname)); + common_local_url('openidserver'), + null, + null, + common_profile_url($action->user->nickname)); $xrdsOutputter->elementEnd('XRD'); } + /** + * Menu item for login + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndLoginGroupNav(&$action) { $action_name = $action->trimmed('action'); @@ -127,6 +162,14 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Menu item for OpenID admin + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndAccountSettingsNav(&$action) { $action_name = $action->trimmed('action'); @@ -139,68 +182,102 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Autoloader + * + * Loads our classes if they're requested. + * + * @param string $cls Class requested + * + * @return boolean hook return + */ + function onAutoload($cls) { switch ($cls) { - case 'OpenidloginAction': - case 'FinishopenidloginAction': - case 'FinishaddopenidAction': - case 'XrdsAction': - case 'PublicxrdsAction': - case 'OpenidsettingsAction': - case 'OpenidserverAction': - case 'OpenidtrustAction': - require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'); + case 'OpenidloginAction': + case 'FinishopenidloginAction': + case 'FinishaddopenidAction': + case 'XrdsAction': + case 'PublicxrdsAction': + case 'OpenidsettingsAction': + case 'OpenidserverAction': + case 'OpenidtrustAction': + require_once INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; return false; - case 'User_openid': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); + case 'User_openid': + require_once INSTALLDIR.'/plugins/OpenID/User_openid.php'; return false; - case 'User_openid_trustroot': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); + case 'User_openid_trustroot': + require_once INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'; return false; - default: + default: return true; } } + /** + * Sensitive actions + * + * These actions should use https when SSL support is 'sometimes' + * + * @param Action $action Action to form an URL for + * @param boolean &$ssl Whether to mark it for SSL + * + * @return boolean hook return + */ + function onSensitiveAction($action, &$ssl) { switch ($action) { - case 'finishopenidlogin': - case 'finishaddopenid': + case 'finishopenidlogin': + case 'finishaddopenid': $ssl = true; return false; - default: + default: return true; } } + /** + * Login actions + * + * These actions should be visible even when the site is marked private + * + * @param Action $action Action to show + * @param boolean &$login Whether it's a login action + * + * @return boolean hook return + */ + function onLoginAction($action, &$login) { switch ($action) { - case 'openidlogin': - case 'finishopenidlogin': - case 'openidserver': + case 'openidlogin': + case 'finishopenidlogin': + case 'openidserver': $login = true; return false; - default: + default: return true; } } /** - * We include a <meta> element linking to the publicxrds page, for OpenID + * We include a <meta> element linking to the userxrds page, for OpenID * client-side authentication. * + * @param Action $action Action being shown + * * @return void */ function onEndShowHeadElements($action) { - if($action instanceof ShowstreamAction){ + if ($action instanceof ShowstreamAction) { $action->element('link', array('rel' => 'openid2.provider', 'href' => common_local_url('openidserver'))); $action->element('link', array('rel' => 'openid2.local_id', @@ -216,6 +293,9 @@ class OpenIDPlugin extends Plugin /** * Redirect to OpenID login if they have an OpenID * + * @param Action $action Action being executed + * @param User $user User doing the action + * * @return boolean whether to continue */ @@ -228,23 +308,36 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Show some extra instructions for using OpenID + * + * @param Action $action Action being executed + * + * @return boolean hook value + */ + function onEndShowPageNotice($action) { $name = $action->trimmed('action'); switch ($name) { - case 'register': - $instr = '(Have an [OpenID](http://openid.net/)? ' . - 'Try our [OpenID registration]'. - '(%%action.openidlogin%%)!)'; + case 'register': + if (common_logged_in()) { + $instr = '(Have an [OpenID](http://openid.net/)? ' . + '[Add an OpenID to your account](%%action.openidsettings%%)!'; + } else { + $instr = '(Have an [OpenID](http://openid.net/)? ' . + 'Try our [OpenID registration]'. + '(%%action.openidlogin%%)!)'; + } break; - case 'login': + case 'login': $instr = '(Have an [OpenID](http://openid.net/)? ' . 'Try our [OpenID login]'. '(%%action.openidlogin%%)!)'; break; - default: + default: return true; } @@ -253,13 +346,21 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Load our document if requested + * + * @param string &$title Title to fetch + * @param string &$output HTML to output + * + * @return boolean hook value + */ + function onStartLoadDoc(&$title, &$output) { - if ($title == 'openid') - { + if ($title == 'openid') { $filename = INSTALLDIR.'/plugins/OpenID/doc-src/openid'; - $c = file_get_contents($filename); + $c = file_get_contents($filename); $output = common_markup_to_html($c); return false; // success! } @@ -267,10 +368,18 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our document to the global menu + * + * @param string $title Title being fetched + * @param string &$output HTML being output + * + * @return boolean hook value + */ + function onEndLoadDoc($title, &$output) { - if ($title == 'help') - { + if ($title == 'help') { $menuitem = '* [OpenID](%%doc.openid%%) - what OpenID is and how to use it with this service'; $output .= common_markup_to_html($menuitem); @@ -279,7 +388,16 @@ class OpenIDPlugin extends Plugin return true; } - function onCheckSchema() { + /** + * Data definitions + * + * Assure that our data objects are available in the DB + * + * @return boolean hook value + */ + + function onCheckSchema() + { $schema = Schema::get(); $schema->ensureTable('user_openid', array(new ColumnDef('canonical', 'varchar', @@ -302,6 +420,15 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our tables to be deleted when a user is deleted + * + * @param User $user User being deleted + * @param array &$tables Array of table names + * + * @return boolean hook value + */ + function onUserDeleteRelated($user, &$tables) { $tables[] = 'User_openid'; @@ -309,6 +436,14 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our version information to output + * + * @param array &$versions Array of version-data arrays + * + * @return boolean hook value + */ + function onPluginVersion(&$versions) { $versions[] = array('name' => 'OpenID', diff --git a/plugins/OpenID/User_openid.php b/plugins/OpenID/User_openid.php index 5ef05b4c7..1beff9ea3 100644 --- a/plugins/OpenID/User_openid.php +++ b/plugins/OpenID/User_openid.php @@ -45,6 +45,11 @@ class User_openid extends Memcached_DataObject */ function keys() { + return array_keys($this->keyTypes()); + } + + function keyTypes() + { return array('canonical' => 'K', 'display' => 'U', 'user_id' => 'U'); } diff --git a/plugins/OpenID/User_openid_trustroot.php b/plugins/OpenID/User_openid_trustroot.php index 0b411b8f7..17c03afb0 100644 --- a/plugins/OpenID/User_openid_trustroot.php +++ b/plugins/OpenID/User_openid_trustroot.php @@ -43,6 +43,11 @@ class User_openid_trustroot extends Memcached_DataObject function keys() { + return array_keys($this->keyTypes()); + } + + function keyTypes() + { return array('trustroot' => 'K', 'user_id' => 'K'); } diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php index 8f949c9c5..9e02c7a88 100644 --- a/plugins/OpenID/openid.php +++ b/plugins/OpenID/openid.php @@ -225,11 +225,11 @@ function oid_update_user(&$user, &$sreg) $orig_profile = clone($profile); - if ($sreg['fullname'] && strlen($sreg['fullname']) <= 255) { + if (!empty($sreg['fullname']) && strlen($sreg['fullname']) <= 255) { $profile->fullname = $sreg['fullname']; } - if ($sreg['country']) { + if (!empty($sreg['country'])) { if ($sreg['postcode']) { # XXX: use postcode to get city and region # XXX: also, store postcode somewhere -- it's valuable! @@ -249,7 +249,7 @@ function oid_update_user(&$user, &$sreg) $orig_user = clone($user); - if ($sreg['email'] && Validate::email($sreg['email'], common_config('email', 'check_domain'))) { + if (!empty($sreg['email']) && Validate::email($sreg['email'], common_config('email', 'check_domain'))) { $user->email = $sreg['email']; } diff --git a/plugins/OpenID/openidsettings.php b/plugins/OpenID/openidsettings.php index 3fc3d6128..16142cf48 100644 --- a/plugins/OpenID/openidsettings.php +++ b/plugins/OpenID/openidsettings.php @@ -176,6 +176,43 @@ class OpenidsettingsAction extends AccountSettingsAction } } } + + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_trustroots', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_trustroots')); + $this->element('legend', null, _m('OpenID Trusted Sites')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _m('The following sites are allowed to access your ' . + 'identity and log you in. You can remove a site from ' . + 'this list to deny it access to your OpenID.')); + $this->elementStart('ul', 'form_data'); + $user_openid_trustroot = new User_openid_trustroot(); + $user_openid_trustroot->user_id=$user->id; + if($user_openid_trustroot->find()) { + while($user_openid_trustroot->fetch()) { + $this->elementStart('li'); + $this->element('input', array('name' => 'openid_trustroot[]', + 'type' => 'checkbox', + 'class' => 'checkbox', + 'value' => $user_openid_trustroot->trustroot, + 'id' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot))); + $this->element('label', array('class'=>'checkbox', 'for' => 'openid_trustroot_' . crc32($user_openid_trustroot->trustroot)), + $user_openid_trustroot->trustroot); + $this->elementEnd('li'); + } + } + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_trustroots_action-submit', + 'name' => 'remove_trustroots', + 'class' => 'submit', + 'value' => _m('Remove'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); } /** @@ -204,12 +241,45 @@ class OpenidsettingsAction extends AccountSettingsAction } } else if ($this->arg('remove')) { $this->removeOpenid(); + } else if($this->arg('remove_trustroots')) { + $this->removeTrustroots(); } else { $this->showForm(_m('Something weird happened.')); } } /** + * Handles a request to remove OpenID trustroots from the user's account + * + * Validates input and, if everything is OK, deletes the trustroots. + * Reloads the form with a success or error notification. + * + * @return void + */ + + function removeTrustroots() + { + $user = common_current_user(); + $trustroots = $this->arg('openid_trustroot'); + if($trustroots) { + foreach($trustroots as $trustroot) { + $user_openid_trustroot = User_openid_trustroot::pkeyGet( + array('user_id'=>$user->id, 'trustroot'=>$trustroot)); + if($user_openid_trustroot) { + $user_openid_trustroot->delete(); + } else { + $this->showForm(_m('No such OpenID trustroot.')); + return; + } + } + $this->showForm(_m('Trustroots removed'), true); + } else { + $this->showForm(); + } + return; + } + + /** * Handles a request to remove an OpenID from the user's account * * Validates input and, if everything is OK, deletes the OpenID. |