diff options
| author | Evan Prodromou <evan@status.net> | 2010-01-08 17:20:25 -0800 |
|---|---|---|
| committer | Evan Prodromou <evan@status.net> | 2010-01-09 15:26:06 -0800 |
| commit | ed5828f30ea0f7a30e01d407058990b06164c6f3 (patch) | |
| tree | 7ad837785d6c6ea5156092543857df6447812a58 /lib | |
| parent | f396701b6466749c09ce16b1e7f2f96c10b05cdd (diff) | |
Redirect to a one-time-password when ssl and regular server are different
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/command.php | 24 | ||||
| -rw-r--r-- | lib/router.php | 5 |
2 files changed, 12 insertions, 17 deletions
diff --git a/lib/command.php b/lib/command.php index 67140c348..f846fb823 100644 --- a/lib/command.php +++ b/lib/command.php @@ -650,25 +650,17 @@ class LoginCommand extends Command $channel->error($this->user, _('Login command is disabled')); return; } - $login_token = Login_token::staticGet('user_id',$this->user->id); - if($login_token){ - $login_token->delete(); - } - $login_token = new Login_token(); - $login_token->user_id = $this->user->id; - $login_token->token = common_good_rand(16); - $login_token->created = common_sql_now(); - $result = $login_token->insert(); - if (!$result) { - common_log_db_error($login_token, 'INSERT', __FILE__); - $channel->error($this->user, sprintf(_('Could not create login token for %s'), - $this->user->nickname)); - return; + + try { + $login_token = Login_token::makeNew($this->user); + } catch (Exception $e) { + $channel->error($this->user, $e->getMessage()); } + $channel->output($this->user, sprintf(_('This link is useable only once, and is good for only 2 minutes: %s'), - common_local_url('login', - array('user_id'=>$login_token->user_id, 'token'=>$login_token->token)))); + common_local_url('otp', + array('user_id' => $login_token->user_id, 'token' => $login_token->token)))); } } diff --git a/lib/router.php b/lib/router.php index 287d3c79f..4128741a8 100644 --- a/lib/router.php +++ b/lib/router.php @@ -88,7 +88,10 @@ class Router $m->connect('doc/:title', array('action' => 'doc')); - $m->connect('main/login?user_id=:user_id&token=:token', array('action'=>'login'), array('user_id'=> '[0-9]+', 'token'=>'.+')); + $m->connect('main/otp/:user_id/:token', + array('action' => 'otp'), + array('user_id' => '[0-9]+', + 'token' => '.+')); // main stuff is repetitive |