summaryrefslogtreecommitdiff
path: root/plugins/OpenID
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2009-10-30 13:21:11 -0400
committerCraig Andrews <candrews@integralblue.com>2009-10-30 13:21:37 -0400
commitacaf07f6e8c873e0069e84dac74bac3c7da98a97 (patch)
tree8b488ffe0f2c9249dd66d3c022e6477045b22150 /plugins/OpenID
parent87781b85c4eb0925f04bfb9f1468d8b4a26af39a (diff)
Added an "Verify Your Identity" page to the OpenID provider
Diffstat (limited to 'plugins/OpenID')
-rw-r--r--plugins/OpenID/OpenIDPlugin.php9
-rw-r--r--plugins/OpenID/User_openid_trustroot.php29
-rw-r--r--plugins/OpenID/openidserver.php24
-rw-r--r--plugins/OpenID/openidtrust.php142
4 files changed, 202 insertions, 2 deletions
diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php
index 5ebee2cbe..02fc79b04 100644
--- a/plugins/OpenID/OpenIDPlugin.php
+++ b/plugins/OpenID/OpenIDPlugin.php
@@ -150,6 +150,7 @@ class OpenIDPlugin extends Plugin
case 'PublicxrdsAction':
case 'OpenidsettingsAction':
case 'OpenidserverAction':
+ case 'OpenidtrustAction':
require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php');
return false;
case 'User_openid':
@@ -286,6 +287,14 @@ class OpenIDPlugin extends Plugin
new ColumnDef('created', 'datetime',
null, false),
new ColumnDef('modified', 'timestamp')));
+ $schema->ensureTable('user_openid_trustroot',
+ array(new ColumnDef('trustroot', 'varchar',
+ '255', false, 'PRI'),
+ new ColumnDef('user_id', 'integer',
+ null, false, 'PRI'),
+ new ColumnDef('created', 'datetime',
+ null, false),
+ new ColumnDef('modified', 'timestamp')));
return true;
}
}
diff --git a/plugins/OpenID/User_openid_trustroot.php b/plugins/OpenID/User_openid_trustroot.php
new file mode 100644
index 000000000..4654b72df
--- /dev/null
+++ b/plugins/OpenID/User_openid_trustroot.php
@@ -0,0 +1,29 @@
+<?php
+/**
+ * Table Definition for user_openid_trustroot
+ */
+require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
+
+class User_openid_trustroot extends Memcached_DataObject
+{
+ ###START_AUTOCODE
+ /* the code below is auto generated do not remove the above tag */
+
+ public $__table = 'user_openid_trustroot'; // table name
+ public $trustroot; // varchar(255) primary_key not_null
+ public $user_id; // int(4) primary_key not_null
+ public $created; // datetime() not_null
+ public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
+
+ /* Static get */
+ function staticGet($k,$v=null)
+ { return Memcached_DataObject::staticGet('User_openid_trustroot',$k,$v); }
+
+ /* the code above is auto generated do not remove the tag below */
+ ###END_AUTOCODE
+
+ function &pkeyGet($kv)
+ {
+ return Memcached_DataObject::pkeyGet('User_openid_trustroot', $kv);
+ }
+}
diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php
index a6b18608d..8ffe979b0 100644
--- a/plugins/OpenID/openidserver.php
+++ b/plugins/OpenID/openidserver.php
@@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
require_once INSTALLDIR.'/lib/action.php';
require_once INSTALLDIR.'/plugins/OpenID/openid.php';
+require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php');
/**
* Settings for OpenID
@@ -56,14 +57,33 @@ class OpenidserverAction extends Action
if (in_array($request->mode, array('checkid_immediate',
'checkid_setup'))) {
$cur = common_current_user();
- error_log("Request identity: " . $request->identity);
if(!$cur){
/* Go log in, and then come back. */
common_set_returnto($_SERVER['REQUEST_URI']);
common_redirect(common_local_url('login'));
return;
}else if(common_profile_url($cur->nickname) == $request->identity || $request->idSelect()){
- $response = &$request->answer(true, null, common_profile_url($cur->nickname));
+ $user_openid_trustroot = User_openid_trustroot::pkeyGet(
+ array('user_id'=>$cur->id, 'trustroot'=>$request->trustroot));
+ if(empty($user_openid_trustroot)){
+ if($request->immediate){
+ //cannot prompt the user to trust this trust root in immediate mode, so answer false
+ $response = &$request->answer(false);
+ }else{
+ //ask the user to trust this trust root
+ $_SESSION['openid_trust_root'] = $request->trust_root;
+ $allowResponse = $request->answer(true, null, common_profile_url($cur->nickname));
+ $denyResponse = $request->answer(false);
+ common_ensure_session();
+ $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
+ $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
+ common_redirect(common_local_url('openidtrust'));
+ return;
+ }
+ }else{
+ //user has previously authorized this trust root
+ $response = &$request->answer(true, null, common_profile_url($cur->nickname));
+ }
} else if ($request->immediate) {
$response = &$request->answer(false);
} else {
diff --git a/plugins/OpenID/openidtrust.php b/plugins/OpenID/openidtrust.php
new file mode 100644
index 000000000..29c7bdc23
--- /dev/null
+++ b/plugins/OpenID/openidtrust.php
@@ -0,0 +1,142 @@
+<?php
+/*
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
+
+require_once INSTALLDIR.'/plugins/OpenID/openid.php';
+require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php');
+
+class OpenidtrustAction extends Action
+{
+ var $trust_root;
+ var $allowUrl;
+ var $denyUrl;
+ var $user;
+
+ /**
+ * Is this a read-only action?
+ *
+ * @return boolean false
+ */
+
+ function isReadOnly($args)
+ {
+ return false;
+ }
+
+ /**
+ * Title of the page
+ *
+ * @return string title of the page
+ */
+
+ function title()
+ {
+ return _('OpenID Identity Verification');
+ }
+
+ function prepare($args)
+ {
+ parent::prepare($args);
+ common_ensure_session();
+ $this->user = common_current_user();
+ if(empty($this->user)){
+ /* Go log in, and then come back. */
+ common_set_returnto($_SERVER['REQUEST_URI']);
+ common_redirect(common_local_url('login'));
+ return;
+ }
+ $this->trust_root = $_SESSION['openid_trust_root'];
+ $this->allowUrl = $_SESSION['openid_allow_url'];
+ $this->denyUrl = $_SESSION['openid_deny_url'];
+ if(empty($this->trust_root) || empty($this->allowUrl) || empty($this->denyUrl)){
+ $this->clientError(_('This page should only be reached during OpenID processing, not directly.'));
+ return;
+ }
+ return true;
+ }
+
+ function handle($args)
+ {
+ parent::handle($args);
+ if($_SERVER['REQUEST_METHOD'] == 'POST'){
+ $this->handleSubmit();
+ }else{
+ $this->showPage();
+ }
+ }
+
+ function handleSubmit()
+ {
+ unset($_SESSION['openid_trust_root']);
+ unset($_SESSION['openid_allow_url']);
+ unset($_SESSION['openid_deny_url']);
+ if($this->arg('allow'))
+ {
+ //save to database
+ $user_openid_trustroot = new User_openid_trustroot();
+ $user_openid_trustroot->user_id = $this->user->id;
+ $user_openid_trustroot->trustroot = $this->trust_root;
+ $user_openid_trustroot->created = DB_DataObject_Cast::dateTime();
+ if (!$user_openid_trustroot->insert()) {
+ $err = PEAR::getStaticProperty('DB_DataObject','lastError');
+ common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__);
+ }
+ common_redirect($this->allowUrl, $code=302);
+ }else{
+ common_redirect($this->denyUrl, $code=302);
+ }
+ }
+
+ /**
+ * Show page notice
+ *
+ * Display a notice for how to use the page, or the
+ * error if it exists.
+ *
+ * @return void
+ */
+
+ function showPageNotice()
+ {
+ $this->element('p',null,sprintf(_('%s has asked to verify your identity. Click Continue to verify your identity and login without creating a new password.'),$this->trust_root));
+ }
+
+ /**
+ * Core of the display code
+ *
+ * Shows the login form.
+ *
+ * @return void
+ */
+
+ function showContent()
+ {
+ $this->elementStart('form', array('method' => 'post',
+ 'id' => 'form_openidtrust',
+ 'class' => 'form_settings',
+ 'action' => common_local_url('openidtrust')));
+ $this->elementStart('fieldset');
+ $this->submit('allow', _('Continue'));
+ $this->submit('deny', _('Cancel'));
+
+ $this->elementEnd('fieldset');
+ $this->elementEnd('form');
+ }
+}