From fa90195c4de9da656d1f463b1a06c379391bd6c7 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 19 Jun 2008 11:32:31 -0400 Subject: cant remove last openid, public xrds includes immediate Added a check to make sure the user doesn't remove their last OpenID if they don't also have a password. Also, put the finishimmediate URL in the publicxrds so that e.g. Yahoo! doesn't get snippy. darcs-hash:20080619153231-5ed1f-a5d784ff39b53afdfb0584689188dd78bdb90c41.gz --- actions/openidsettings.php | 69 +++++++++++++++++++++++++++++----------------- actions/publicxrds.php | 9 +++--- 2 files changed, 47 insertions(+), 31 deletions(-) (limited to 'actions') diff --git a/actions/openidsettings.php b/actions/openidsettings.php index 7c12bd442..1488c79b8 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -69,41 +69,58 @@ class OpenidsettingsAction extends SettingsAction { $oid = new User_openid(); $oid->user_id = $user->id; - - if ($oid->find()) { + + $cnt = $oid->find(); + + if ($cnt > 0) { - common_element('h2', NULL, _t('OpenID')); - common_element('p', NULL, - _t('You can remove an OpenID from your account '. - 'by clicking the button marked "Delete" next to it.')); - $idx = 0; + common_element('h2', NULL, _t('Remove OpenID')); - while ($oid->fetch()) { - common_element_start('form', array('method' => 'POST', - 'id' => 'openiddelete' . $idx, - 'action' => - common_local_url('openidsettings'))); + if ($cnt == 1 && !$user->password) { + + common_element('p', NULL, + _t('Removing your only OpenID would make it impossible to log in! ' . + 'If you need to remove it, add another OpenID first.')); common_element_start('p'); common_element('a', array('href' => $oid->canonical), $oid->display); - common_element('input', array('type' => 'hidden', - 'id' => 'openid_url'.$idx, - 'name' => 'openid_url', - 'value' => $oid->canonical)); - common_element('input', array('type' => 'submit', - 'id' => 'remove'.$idx, - 'name' => 'remove', - 'class' => 'submit', - 'value' => _t('Remove'))); common_element_end('p'); - common_element_end('form'); - $idx++; + + } else { + + common_element('h2', NULL, _t('Remove OpenID')); + common_element('p', NULL, + _t('You can remove an OpenID from your account '. + 'by clicking the button marked "Remove".')); + $idx = 0; + + while ($oid->fetch()) { + common_element_start('form', array('method' => 'POST', + 'id' => 'openiddelete' . $idx, + 'action' => + common_local_url('openidsettings'))); + common_element_start('p'); + common_element('a', array('href' => $oid->canonical), + $oid->display); + common_element('input', array('type' => 'hidden', + 'id' => 'openid_url'.$idx, + 'name' => 'openid_url', + 'value' => $oid->canonical)); + common_element('input', array('type' => 'submit', + 'id' => 'remove'.$idx, + 'name' => 'remove', + 'class' => 'submit', + 'value' => _t('Remove'))); + common_element_end('p'); + common_element_end('form'); + $idx++; + } } + + common_show_footer(); } - - common_show_footer(); } - + function handle_post() { if ($this->arg('add')) { $result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid'); diff --git a/actions/publicxrds.php b/actions/publicxrds.php index 98d7a164e..c41c3b2a8 100644 --- a/actions/publicxrds.php +++ b/actions/publicxrds.php @@ -40,11 +40,10 @@ class PublicxrdsAction extends Action { common_element('Type', NULL, 'xri://$xrds*simple'); - $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url('finishopenidlogin')); - - $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url('finishaddopenid')); + foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) { + $this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE, + common_local_url($finish)); + } common_element_end('XRD'); -- cgit v1.2.3-54-g00ecf