summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlyourself.ca>2009-02-05 11:46:17 -0500
committerEvan Prodromou <evan@controlyourself.ca>2009-02-05 11:46:17 -0500
commit7ad3ff4a2cd494ef8c1cc293e15c0a70b8786fee (patch)
tree75d8718b5a0607dd80b5474c977508a85cf6d19a /actions
parenta97f8f6a43b27b3392ef9b03be58e37d743f394d (diff)
Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account (since cookie-stealing is too easy). Users have to re-authenticate. Previously, it was impossible to do so without having a username and password; this change lets you do it with OpenID, too.
Diffstat (limited to 'actions')
-rw-r--r--actions/finishopenidlogin.php2
-rw-r--r--actions/openidlogin.php13
2 files changed, 12 insertions, 3 deletions
diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 880a9505b..bc9151120 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action
function handle($args)
{
parent::handle($args);
- if (common_logged_in()) {
+ if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$token = $this->trimmed('token');
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index 7a267a2bd..1a4372d73 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -26,7 +26,7 @@ class OpenidloginAction extends Action
function handle($args)
{
parent::handle($args);
- if (common_logged_in()) {
+ if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$openid_url = $this->trimmed('openid_url');
@@ -59,7 +59,16 @@ class OpenidloginAction extends Action
function getInstructions()
{
- return _('Login with an [OpenID](%%doc.openid%%) account.');
+ if (common_logged_in() && !common_is_real_login() &&
+ common_get_returnto()) {
+ // rememberme logins have to reauthenticate before
+ // changing any profile settings (cookie-stealing protection)
+ return _('For security reasons, please re-login with your ' .
+ '[OpenID](%%doc.openid%%) ' .
+ 'before changing your settings.');
+ } else {
+ return _('Login with an [OpenID](%%doc.openid%%) account.');
+ }
}
function showPageNotice()