summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/finishopenidlogin.php2
-rw-r--r--actions/openidlogin.php13
-rw-r--r--classes/User.php11
-rw-r--r--lib/settingsaction.php7
4 files changed, 29 insertions, 4 deletions
diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php
index 880a9505b..bc9151120 100644
--- a/actions/finishopenidlogin.php
+++ b/actions/finishopenidlogin.php
@@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action
function handle($args)
{
parent::handle($args);
- if (common_logged_in()) {
+ if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$token = $this->trimmed('token');
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index 7a267a2bd..1a4372d73 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -26,7 +26,7 @@ class OpenidloginAction extends Action
function handle($args)
{
parent::handle($args);
- if (common_logged_in()) {
+ if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$openid_url = $this->trimmed('openid_url');
@@ -59,7 +59,16 @@ class OpenidloginAction extends Action
function getInstructions()
{
- return _('Login with an [OpenID](%%doc.openid%%) account.');
+ if (common_logged_in() && !common_is_real_login() &&
+ common_get_returnto()) {
+ // rememberme logins have to reauthenticate before
+ // changing any profile settings (cookie-stealing protection)
+ return _('For security reasons, please re-login with your ' .
+ '[OpenID](%%doc.openid%%) ' .
+ 'before changing your settings.');
+ } else {
+ return _('Login with an [OpenID](%%doc.openid%%) account.');
+ }
}
function showPageNotice()
diff --git a/classes/User.php b/classes/User.php
index b1c061c18..a6a1b11b9 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -630,4 +630,15 @@ class User extends Memcached_DataObject
return $profile;
}
+
+ function hasOpenID()
+ {
+ $oid = new User_openid();
+
+ $oid->user_id = $this->id;
+
+ $cnt = $oid->find();
+
+ return ($cnt > 0);
+ }
}
diff --git a/lib/settingsaction.php b/lib/settingsaction.php
index dfe1f114b..53c807c6f 100644
--- a/lib/settingsaction.php
+++ b/lib/settingsaction.php
@@ -76,7 +76,12 @@ class SettingsAction extends Action
// change important settings or see private info, and
// _all_ our settings are important
common_set_returnto($this->selfUrl());
- common_redirect(common_local_url('login'));
+ $user = common_current_user();
+ if ($user->hasOpenID()) {
+ common_redirect(common_local_url('openidlogin'));
+ } else {
+ common_redirect(common_local_url('login'));
+ }
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$this->handlePost();
} else {