diff options
Diffstat (limited to 'plugins/OpenID')
| -rw-r--r-- | plugins/OpenID/OpenIDPlugin.php | 441 | ||||
| -rw-r--r-- | plugins/OpenID/extlib/README | 6 | ||||
| -rw-r--r-- | plugins/OpenID/extlib/teams-extension.php | 175 | ||||
| -rw-r--r-- | plugins/OpenID/finishaddopenid.php | 27 | ||||
| -rw-r--r-- | plugins/OpenID/finishopenidlogin.php | 73 | ||||
| -rw-r--r-- | plugins/OpenID/locale/OpenID.pot (renamed from plugins/OpenID/locale/OpenID.po) | 388 | ||||
| -rw-r--r-- | plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po | 395 | ||||
| -rw-r--r-- | plugins/OpenID/openid.php | 115 | ||||
| -rw-r--r-- | plugins/OpenID/openidadminpanel.php | 280 | ||||
| -rw-r--r-- | plugins/OpenID/openidlogin.php | 59 | ||||
| -rw-r--r-- | plugins/OpenID/openidserver.php | 21 | ||||
| -rw-r--r-- | plugins/OpenID/openidsettings.php | 70 | ||||
| -rw-r--r-- | plugins/OpenID/openidtrust.php | 5 |
13 files changed, 1758 insertions, 297 deletions
diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 6b35ec3e1..7d6a5dc00 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -20,7 +20,9 @@ * @category Plugin * @package StatusNet * @author Evan Prodromou <evan@status.net> - * @copyright 2009 StatusNet, Inc. + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -38,6 +40,8 @@ if (!defined('STATUSNET')) { * @category Plugin * @package StatusNet * @author Evan Prodromou <evan@status.net> + * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ * @link http://openid.net/ @@ -45,13 +49,18 @@ if (!defined('STATUSNET')) { class OpenIDPlugin extends Plugin { - /** - * Initializer for the plugin. - */ + // Plugin parameter: set true to disallow non-OpenID logins + // If set, overrides the setting in database or $config['site']['openidonly'] + public $openidOnly = null; - function __construct() + function initialize() { - parent::__construct(); + parent::initialize(); + if ($this->openidOnly !== null) { + global $config; + $config['site']['openidonly'] = (bool)$this->openidOnly; + } + } /** @@ -59,6 +68,8 @@ class OpenIDPlugin extends Plugin * * Hook for RouterInitialized event. * + * @param Net_URL_Mapper $m URL mapper + * * @return boolean hook return */ @@ -67,140 +78,374 @@ class OpenIDPlugin extends Plugin $m->connect('main/openid', array('action' => 'openidlogin')); $m->connect('main/openidtrust', array('action' => 'openidtrust')); $m->connect('settings/openid', array('action' => 'openidsettings')); - $m->connect('index.php?action=finishopenidlogin', array('action' => 'finishopenidlogin')); - $m->connect('index.php?action=finishaddopenid', array('action' => 'finishaddopenid')); + $m->connect('index.php?action=finishopenidlogin', + array('action' => 'finishopenidlogin')); + $m->connect('index.php?action=finishaddopenid', + array('action' => 'finishaddopenid')); $m->connect('main/openidserver', array('action' => 'openidserver')); + $m->connect('admin/openid', array('action' => 'openidadminpanel')); + + return true; + } + + /** + * In OpenID-only mode, disable paths for password stuff + * + * @param string $path path to connect + * @param array $defaults path defaults + * @param array $rules path rules + * @param array $result unused + * + * @return boolean hook return + */ + + function onStartConnectPath(&$path, &$defaults, &$rules, &$result) + { + if (common_config('site', 'openidonly')) { + static $block = array('main/login', + 'main/register', + 'main/recoverpassword', + 'settings/password'); + + if (in_array($path, $block)) { + return false; + } + } + + return true; + } + + /** + * If we've been hit with password-login args, redirect + * + * @param array $args args (URL, Get, post) + * + * @return boolean hook return + */ + function onArgsInitialize($args) + { + if (common_config('site', 'openidonly')) { + if (array_key_exists('action', $args)) { + $action = trim($args['action']); + if (in_array($action, array('login', 'register'))) { + common_redirect(common_local_url('openidlogin')); + exit(0); + } else if ($action == 'passwordsettings') { + common_redirect(common_local_url('openidsettings')); + exit(0); + } else if ($action == 'recoverpassword') { + throw new ClientException('Unavailable action'); + } + } + } return true; } + /** + * Public XRDS output hook + * + * Puts the bits of code needed by some OpenID providers to show + * we're good citizens. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndPublicXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer foreach (array('finishopenidlogin', 'finishaddopenid') as $finish) { $xrdsOutputter->showXrdsService(Auth_OpenID_RP_RETURN_TO_URL_TYPE, - common_local_url($finish)); + common_local_url($finish)); } //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/server', - common_local_url('openidserver'), - null, - null, - 'http://specs.openid.net/auth/2.0/identifier_select'); + common_local_url('openidserver'), + null, + null, + 'http://specs.openid.net/auth/2.0/identifier_select'); $xrdsOutputter->elementEnd('XRD'); } + /** + * User XRDS output hook + * + * Puts the bits of code needed to discover OpenID endpoints. + * + * @param Action $action Action being executed + * @param XMLOutputter &$xrdsOutputter Output channel + * + * @return boolean hook return + */ + function onEndUserXRDS($action, &$xrdsOutputter) { $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', - 'xml:id' => 'openid', - 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', - 'version' => '2.0')); + 'xml:id' => 'openid', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); //consumer $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/return_to', - common_local_url('finishopenidlogin')); + common_local_url('finishopenidlogin')); //provider $xrdsOutputter->showXrdsService('http://specs.openid.net/auth/2.0/signon', - common_local_url('openidserver'), - null, - null, - common_profile_url($action->user->nickname)); + common_local_url('openidserver'), + null, + null, + common_profile_url($action->user->nickname)); $xrdsOutputter->elementEnd('XRD'); } + /** + * If we're in OpenID-only mode, hide all the main menu except OpenID login. + * + * @param Action $action Action being run + * + * @return boolean hook return + */ + + function onStartPrimaryNav($action) + { + if (common_config('site', 'openidonly') && !common_logged_in()) { + // TRANS: Tooltip for main menu option "Login" + $tooltip = _m('TOOLTIP', 'Login to the site'); + $action->menuItem(common_local_url('openidlogin'), + // TRANS: Main menu option when not logged in to log in + _m('MENU', 'Login'), + $tooltip, + false, + 'nav_login'); + // TRANS: Tooltip for main menu option "Help" + $tooltip = _m('TOOLTIP', 'Help me!'); + $action->menuItem(common_local_url('doc', array('title' => 'help')), + // TRANS: Main menu option for help on the StatusNet site + _m('MENU', 'Help'), + $tooltip, + false, + 'nav_help'); + if (!common_config('site', 'private')) { + // TRANS: Tooltip for main menu option "Search" + $tooltip = _m('TOOLTIP', 'Search for people or text'); + $action->menuItem(common_local_url('peoplesearch'), + // TRANS: Main menu option when logged in or when the StatusNet instance is not private + _m('MENU', 'Search'), $tooltip, false, 'nav_search'); + } + Event::handle('EndPrimaryNav', array($action)); + return false; + } + return true; + } + + /** + * Menu for login + * + * If we're in openidOnly mode, we disable the menu for all other login. + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + + function onStartLoginGroupNav(&$action) + { + if (common_config('site', 'openidonly')) { + $this->showOpenIDLoginTab($action); + // Even though we replace this code, we + // DON'T run the End* hook, to keep others from + // adding tabs. Not nice, but. + return false; + } + + return true; + } + + /** + * Menu item for login + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndLoginGroupNav(&$action) { + $this->showOpenIDLoginTab($action); + + return true; + } + + /** + * Show menu item for login + * + * @param Action $action Action being executed + * + * @return void + */ + + function showOpenIDLoginTab($action) + { $action_name = $action->trimmed('action'); $action->menuItem(common_local_url('openidlogin'), - _m('OpenID'), + // TRANS: OpenID plugin menu item on site logon page. + _m('MENU', 'OpenID'), + // TRANS: OpenID plugin tooltip for logon menu item. _m('Login or register with OpenID'), $action_name === 'openidlogin'); + } + /** + * Show menu item for password + * + * We hide it in openID-only mode + * + * @param Action $menu Widget for menu + * @param void &$unused Unused value + * + * @return void + */ + + function onStartAccountSettingsPasswordMenuItem($menu, &$unused) { + if (common_config('site', 'openidonly')) { + return false; + } return true; } + /** + * Menu item for OpenID settings + * + * @param Action &$action Action being executed + * + * @return boolean hook return + */ + function onEndAccountSettingsNav(&$action) { $action_name = $action->trimmed('action'); $action->menuItem(common_local_url('openidsettings'), - _m('OpenID'), + // TRANS: OpenID plugin menu item on user settings page. + _m('MENU', 'OpenID'), + // TRANS: OpenID plugin tooltip for user settings menu item. _m('Add or remove OpenIDs'), $action_name === 'openidsettings'); return true; } + /** + * Autoloader + * + * Loads our classes if they're requested. + * + * @param string $cls Class requested + * + * @return boolean hook return + */ + function onAutoload($cls) { switch ($cls) { - case 'OpenidloginAction': - case 'FinishopenidloginAction': - case 'FinishaddopenidAction': - case 'XrdsAction': - case 'PublicxrdsAction': - case 'OpenidsettingsAction': - case 'OpenidserverAction': - case 'OpenidtrustAction': - require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php'); + case 'OpenidloginAction': + case 'FinishopenidloginAction': + case 'FinishaddopenidAction': + case 'XrdsAction': + case 'PublicxrdsAction': + case 'OpenidsettingsAction': + case 'OpenidserverAction': + case 'OpenidtrustAction': + case 'OpenidadminpanelAction': + require_once dirname(__FILE__) . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php'; + return false; + case 'User_openid': + require_once dirname(__FILE__) . '/User_openid.php'; return false; - case 'User_openid': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid.php'); + case 'User_openid_trustroot': + require_once dirname(__FILE__) . '/User_openid_trustroot.php'; return false; - case 'User_openid_trustroot': - require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); + case 'Auth_OpenID_TeamsExtension': + case 'Auth_OpenID_TeamsRequest': + case 'Auth_OpenID_TeamsResponse': + require_once dirname(__FILE__) . '/extlib/teams-extension.php'; return false; - default: + default: return true; } } + /** + * Sensitive actions + * + * These actions should use https when SSL support is 'sometimes' + * + * @param Action $action Action to form an URL for + * @param boolean &$ssl Whether to mark it for SSL + * + * @return boolean hook return + */ + function onSensitiveAction($action, &$ssl) { switch ($action) { - case 'finishopenidlogin': - case 'finishaddopenid': + case 'finishopenidlogin': + case 'finishaddopenid': $ssl = true; return false; - default: + default: return true; } } + /** + * Login actions + * + * These actions should be visible even when the site is marked private + * + * @param Action $action Action to show + * @param boolean &$login Whether it's a login action + * + * @return boolean hook return + */ + function onLoginAction($action, &$login) { switch ($action) { - case 'openidlogin': - case 'finishopenidlogin': - case 'openidserver': + case 'openidlogin': + case 'finishopenidlogin': + case 'openidserver': $login = true; return false; - default: + default: return true; } } /** - * We include a <meta> element linking to the publicxrds page, for OpenID + * We include a <meta> element linking to the userxrds page, for OpenID * client-side authentication. * + * @param Action $action Action being shown + * * @return void */ function onEndShowHeadElements($action) { - if($action instanceof ShowstreamAction){ + if ($action instanceof ShowstreamAction) { $action->element('link', array('rel' => 'openid2.provider', 'href' => common_local_url('openidserver'))); $action->element('link', array('rel' => 'openid2.local_id', @@ -216,25 +461,36 @@ class OpenIDPlugin extends Plugin /** * Redirect to OpenID login if they have an OpenID * + * @param Action $action Action being executed + * @param User $user User doing the action + * * @return boolean whether to continue */ function onRedirectToLogin($action, $user) { - if (!empty($user) && User_openid::hasOpenID($user->id)) { + if (common_config('site', 'openid_only') || (!empty($user) && User_openid::hasOpenID($user->id))) { common_redirect(common_local_url('openidlogin'), 303); return false; } return true; } + /** + * Show some extra instructions for using OpenID + * + * @param Action $action Action being executed + * + * @return boolean hook value + */ + function onEndShowPageNotice($action) { $name = $action->trimmed('action'); switch ($name) { - case 'register': + case 'register': if (common_logged_in()) { $instr = '(Have an [OpenID](http://openid.net/)? ' . '[Add an OpenID to your account](%%action.openidsettings%%)!'; @@ -244,12 +500,12 @@ class OpenIDPlugin extends Plugin '(%%action.openidlogin%%)!)'; } break; - case 'login': + case 'login': $instr = '(Have an [OpenID](http://openid.net/)? ' . 'Try our [OpenID login]'. '(%%action.openidlogin%%)!)'; break; - default: + default: return true; } @@ -258,13 +514,21 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Load our document if requested + * + * @param string &$title Title to fetch + * @param string &$output HTML to output + * + * @return boolean hook value + */ + function onStartLoadDoc(&$title, &$output) { - if ($title == 'openid') - { + if ($title == 'openid') { $filename = INSTALLDIR.'/plugins/OpenID/doc-src/openid'; - $c = file_get_contents($filename); + $c = file_get_contents($filename); $output = common_markup_to_html($c); return false; // success! } @@ -272,10 +536,18 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our document to the global menu + * + * @param string $title Title being fetched + * @param string &$output HTML being output + * + * @return boolean hook value + */ + function onEndLoadDoc($title, &$output) { - if ($title == 'help') - { + if ($title == 'help') { $menuitem = '* [OpenID](%%doc.openid%%) - what OpenID is and how to use it with this service'; $output .= common_markup_to_html($menuitem); @@ -284,7 +556,16 @@ class OpenIDPlugin extends Plugin return true; } - function onCheckSchema() { + /** + * Data definitions + * + * Assure that our data objects are available in the DB + * + * @return boolean hook value + */ + + function onCheckSchema() + { $schema = Schema::get(); $schema->ensureTable('user_openid', array(new ColumnDef('canonical', 'varchar', @@ -307,6 +588,15 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add our tables to be deleted when a user is deleted + * + * @param User $user User being deleted + * @param array &$tables Array of table names + * + * @return boolean hook value + */ + function onUserDeleteRelated($user, &$tables) { $tables[] = 'User_openid'; @@ -314,6 +604,40 @@ class OpenIDPlugin extends Plugin return true; } + /** + * Add an OpenID tab to the admin panel + * + * @param Widget $nav Admin panel nav + * + * @return boolean hook value + */ + + function onEndAdminPanelNav($nav) + { + if (AdminPanelAction::canAdmin('openid')) { + + $action_name = $nav->action->trimmed('action'); + + $nav->out->menuItem( + common_local_url('openidadminpanel'), + _m('OpenID'), + _m('OpenID configuration'), + $action_name == 'openidadminpanel', + 'nav_openid_admin_panel' + ); + } + + return true; + } + + /** + * Add our version information to output + * + * @param array &$versions Array of version-data arrays + * + * @return boolean hook value + */ + function onPluginVersion(&$versions) { $versions[] = array('name' => 'OpenID', @@ -321,6 +645,7 @@ class OpenIDPlugin extends Plugin 'author' => 'Evan Prodromou, Craig Andrews', 'homepage' => 'http://status.net/wiki/Plugin:OpenID', 'rawdescription' => + // TRANS: OpenID plugin description. _m('Use <a href="http://openid.net/">OpenID</a> to login to the site.')); return true; } diff --git a/plugins/OpenID/extlib/README b/plugins/OpenID/extlib/README new file mode 100644 index 000000000..1fe80d79b --- /dev/null +++ b/plugins/OpenID/extlib/README @@ -0,0 +1,6 @@ +team-extension.php + Support for Launchpad's OpenID Teams extension + Maintainer: Canonical + Source: https://code.edge.launchpad.net/wordpress-teams-integration + r27 2010-04-27 + License: AGPLv3 diff --git a/plugins/OpenID/extlib/teams-extension.php b/plugins/OpenID/extlib/teams-extension.php new file mode 100644 index 000000000..451f2fb19 --- /dev/null +++ b/plugins/OpenID/extlib/teams-extension.php @@ -0,0 +1,175 @@ +<?php +/* + * Wordpress Teams plugin + * Copyright (C) 2009-2010 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * Provides an example OpenID extension to query user team/group membership + * + * This code is based on code supplied with the openid library for simple + * registration data. + */ + +/** + * Require the Message implementation. + */ +require_once 'Auth/OpenID/Message.php'; +require_once 'Auth/OpenID/Extension.php'; + +/** + * The team/group extension base class + */ +class Auth_OpenID_TeamsExtension extends Auth_OpenID_Extension { + var $ns_uri = 'http://ns.launchpad.net/2007/openid-teams'; + var $ns_alias = 'lp'; + var $request_field = 'query_membership'; + var $response_field = 'is_member'; + + /** + * Get the string arguments that should be added to an OpenID + * message for this extension. + */ + function getExtensionArgs() { + $args = array(); + + if ($this->_teams) { + $args[$this->request_field] = implode(',', $this->_teams); + } + + return $args; + } + + /** + * Add the arguments from this extension to the provided message. + * + * Returns the message with the extension arguments added. + */ + function toMessage(&$message) { + if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) { + if ($message->namespaces->getAlias($this->ns_uri) != $this->ns_alias) { + return null; + } + } + + $message->updateArgs($this->ns_uri, $this->getExtensionArgs()); + return $message; + } + + /** + * Extract the team/group namespace URI from the given OpenID message. + * Handles OpenID 1 and 2. + * + * $message: The OpenID message from which to parse team/group data. + * This may be a request or response message. + * + * Returns the sreg namespace URI for the supplied message. + * + * @access private + */ + function _getExtensionNS(&$message) { + $alias = null; + $found_ns_uri = null; + + // See if there exists an alias for the namespace + $alias = $message->namespaces->getAlias($this->ns_uri); + + if ($alias !== null) { + $found_ns_uri = $this->ns_uri; + } + + if ($alias === null) { + // There is no alias for this extension, so try to add one. + $found_ns_uri = Auth_OpenID_TYPE_1_0; + + if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) { + // An alias for the string 'lp' already exists, but + // it's defined for something other than team/group membership + return null; + } + } + + return $found_ns_uri; + } +} + +/** + * The team/group extension request class + */ +class Auth_OpenID_TeamsRequest extends Auth_OpenID_TeamsExtension { + function __init($teams) { + if (!is_array($teams)) { + if (!empty($teams)) { + $teams = explode(',', $teams); + } else { + $teams = Array(); + } + } + + $this->_teams = $teams; + } + + function Auth_OpenID_TeamsRequest($teams) { + $this->__init($teams); + } +} + +/** + * The team/group extension response class + */ +class Auth_OpenID_TeamsResponse extends Auth_OpenID_TeamsExtension { + var $_teams = array(); + + function __init(&$resp, $signed_only=true) { + $this->ns_uri = $this->_getExtensionNS($resp->message); + + if ($signed_only) { + $args = $resp->getSignedNS($this->ns_uri); + } else { + $args = $resp->message->getArgs($this->ns_uri); + } + + if ($args === null) { + return null; + } + + // An OpenID 2.0 response will handle the namespaces + if (in_array($this->response_field, array_keys($args)) && !empty($args[$this->response_field])) { + $this->_teams = explode(',', $args[$this->response_field]); + } + + // Piggybacking on a 1.x request, however, won't so the field name will + // be different + elseif (in_array($this->ns_alias.'.'.$this->response_field, array_keys($args)) && !empty($args[$this->ns_alias.'.'.$this->response_field])) { + $this->_teams = explode(',', $args[$this->ns_alias.'.'.$this->response_field]); + } + } + + function Auth_OpenID_TeamsResponse(&$resp, $signed_only=true) { + $this->__init($resp, $signed_only); + } + + /** + * Get the array of teams the user is a member of + * + * @return array + */ + function getTeams() { + return $this->_teams; + } +} + +?> diff --git a/plugins/OpenID/finishaddopenid.php b/plugins/OpenID/finishaddopenid.php index 991e6584e..47b3f7fb1 100644 --- a/plugins/OpenID/finishaddopenid.php +++ b/plugins/OpenID/finishaddopenid.php @@ -64,6 +64,7 @@ class FinishaddopenidAction extends Action { parent::handle($args); if (!common_logged_in()) { + // TRANS: Client error message $this->clientError(_m('Not logged in.')); } else { $this->tryLogin(); @@ -85,10 +86,12 @@ class FinishaddopenidAction extends Action $response = $consumer->complete(common_local_url('finishaddopenid')); if ($response->status == Auth_OpenID_CANCEL) { + // TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled. $this->message(_m('OpenID authentication cancelled.')); return; } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. + // TRANS: OpenID authentication failed; display the error message. + // TRANS: %s is the error message. $this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message)); } else if ($response->status == Auth_OpenID_SUCCESS) { @@ -103,14 +106,22 @@ class FinishaddopenidAction extends Action $sreg = $sreg_resp->contents(); } + // Launchpad teams extension + if (!oid_check_teams($response)) { + $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.')); + return; + } + $cur = common_current_user(); $other = oid_get_user($canonical); if ($other) { if ($other->id == $cur->id) { + // TRANS: message in case a user tries to add an OpenID that is already connected to them. $this->message(_m('You already have this OpenID!')); } else { + // TRANS: message in case a user tries to add an OpenID that is already used by another user. $this->message(_m('Someone else already has this OpenID.')); } return; @@ -123,15 +134,20 @@ class FinishaddopenidAction extends Action $result = oid_link_user($cur->id, $canonical, $display); if (!$result) { + // TRANS: message in case the OpenID object cannot be connected to the user. $this->message(_m('Error connecting user.')); return; } - if ($sreg) { - if (!oid_update_user($cur, $sreg)) { - $this->message(_m('Error updating profile')); - return; + if (Event::handle('StartOpenIDUpdateUser', array($cur, $canonical, &$sreg))) { + if ($sreg) { + if (!oid_update_user($cur, $sreg)) { + // TRANS: message in case the user or the user profile cannot be saved in StatusNet. + $this->message(_m('Error updating profile')); + return; + } } } + Event::handle('EndOpenIDUpdateUser', array($cur, $canonical, $sreg)); // success! @@ -167,6 +183,7 @@ class FinishaddopenidAction extends Action function title() { + // TRANS: Title after getting the status of the OpenID authorisation request. return _m('OpenID Login'); } diff --git a/plugins/OpenID/finishopenidlogin.php b/plugins/OpenID/finishopenidlogin.php index 438a728d8..0c03b5c4d 100644 --- a/plugins/OpenID/finishopenidlogin.php +++ b/plugins/OpenID/finishopenidlogin.php @@ -31,15 +31,18 @@ class FinishopenidloginAction extends Action { parent::handle($args); if (common_is_real_login()) { + // TRANS: Client error message trying to log on with OpenID while already logged on. $this->clientError(_m('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + // TRANS: Message given when there is a problem with the user's session token. $this->showForm(_m('There was a problem with your session token. Try again, please.')); return; } if ($this->arg('create')) { if (!$this->boolean('license')) { + // TRANS: Message given if user does not agree with the site's license. $this->showForm(_m('You can\'t register if you don\'t agree to the license.'), $this->trimmed('newname')); return; @@ -48,8 +51,8 @@ class FinishopenidloginAction extends Action } else if ($this->arg('connect')) { $this->connectUser(); } else { - common_debug(print_r($this->args, true), __FILE__); - $this->showForm(_m('Something weird happened.'), + // TRANS: Messag given on an unknown error. + $this->showForm(_m('An unknown error has occured.'), $this->trimmed('newname')); } } else { @@ -63,12 +66,15 @@ class FinishopenidloginAction extends Action $this->element('div', array('class' => 'error'), $this->error); } else { $this->element('div', 'instructions', + // TRANS: Instructions given after a first successful logon using OpenID. + // TRANS: %s is the site name. sprintf(_m('This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.'), common_config('site', 'name'))); } } function title() { + // TRANS: Title return _m('OpenID Account Setup'); } @@ -80,6 +86,11 @@ class FinishopenidloginAction extends Action $this->showPage(); } + /** + * @fixme much of this duplicates core code, which is very fragile. + * Should probably be replaced with an extensible mini version of + * the core registration form. + */ function showContent() { if (!empty($this->message_text)) { @@ -111,30 +122,43 @@ class FinishopenidloginAction extends Action 'value' => 'true')); $this->elementStart('label', array('for' => 'license', 'class' => 'checkbox')); - $this->text(_m('My text and files are available under ')); - $this->element('a', array('href' => common_config('license', 'url')), - common_config('license', 'title')); - $this->text(_m(' except this private data: password, email address, IM address, phone number.')); + // TRANS: OpenID plugin link text. + // TRANS: %s is a link to a licese with the license name as link text. + $message = _('My text and files are available under %s ' . + 'except this private data: password, ' . + 'email address, IM address, and phone number.'); + $link = '<a href="' . + htmlspecialchars(common_config('license', 'url')) . + '">' . + htmlspecialchars(common_config('license', 'title')) . + '</a>'; + $this->raw(sprintf(htmlspecialchars($message), $link)); $this->elementEnd('label'); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('create', _m('Create')); + // TRANS: Button label in form in which to create a new user on the site for an OpenID. + $this->submit('create', _m('BUTTON', 'Create')); $this->elementEnd('fieldset'); $this->elementStart('fieldset', array('id' => 'form_openid_createaccount')); $this->element('legend', null, + // TRANS: Used as form legend for form in which to connect an OpenID to an existing user on the site. _m('Connect existing account')); $this->element('p', null, + // TRANS: User instructions for form in which to connect an OpenID to an existing user on the site. _m('If you already have an account, login with your username and password to connect it to your OpenID.')); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); + // TRANS: Field label in form in which to connect an OpenID to an existing user on the site. $this->input('nickname', _m('Existing nickname')); $this->elementEnd('li'); $this->elementStart('li'); + // TRANS: Field label in form in which to connect an OpenID to an existing user on the site. $this->password('password', _m('Password')); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('connect', _m('Connect')); + // TRANS: Button label in form in which to connect an OpenID to an existing user on the site. + $this->submit('connect', _m('BUTTON', 'Connect')); $this->elementEnd('fieldset'); $this->elementEnd('form'); } @@ -146,10 +170,11 @@ class FinishopenidloginAction extends Action $response = $consumer->complete(common_local_url('finishopenidlogin')); if ($response->status == Auth_OpenID_CANCEL) { + // TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled. $this->message(_m('OpenID authentication cancelled.')); return; } else if ($response->status == Auth_OpenID_FAILURE) { - // Authentication failed; display the error message. + // TRANS: OpenID authentication failed; display the error message. %s is the error message. $this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message)); } else if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the @@ -159,12 +184,21 @@ class FinishopenidloginAction extends Action $canonical = ($response->endpoint->canonicalID) ? $response->endpoint->canonicalID : $response->getDisplayIdentifier(); + oid_assert_allowed($display); + oid_assert_allowed($canonical); + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); if ($sreg_resp) { $sreg = $sreg_resp->contents(); } + // Launchpad teams extension + if (!oid_check_teams($response)) { + $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.')); + return; + } + $user = oid_get_user($canonical); if ($user) { @@ -212,6 +246,7 @@ class FinishopenidloginAction extends Action # FIXME: save invite code before redirect, and check here if (common_config('site', 'closed')) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site. $this->clientError(_m('Registration not allowed.')); return; } @@ -221,6 +256,7 @@ class FinishopenidloginAction extends Action if (common_config('site', 'inviteonly')) { $code = $_SESSION['invitecode']; if (empty($code)) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site without an invitation code, and none was provided. $this->clientError(_m('Registration not allowed.')); return; } @@ -228,6 +264,7 @@ class FinishopenidloginAction extends Action $invite = Invitation::staticGet($code); if (empty($invite)) { + // TRANS: OpenID plugin message. No new user registration is allowed on the site without an invitation code, and the one provided was not valid. $this->clientError(_m('Not a valid invitation code.')); return; } @@ -238,16 +275,19 @@ class FinishopenidloginAction extends Action if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, 'format' => NICKNAME_FMT))) { + // TRANS: OpenID plugin message. The entered new user name did not conform to the requirements. $this->showForm(_m('Nickname must have only lowercase letters and numbers and no spaces.')); return; } if (!User::allowed_nickname($nickname)) { + // TRANS: OpenID plugin message. The entered new user name is blacklisted. $this->showForm(_m('Nickname not allowed.')); return; } if (User::staticGet('nickname', $nickname)) { + // TRANS: OpenID plugin message. The entered new user name is already used. $this->showForm(_m('Nickname already in use. Try another one.')); return; } @@ -255,6 +295,7 @@ class FinishopenidloginAction extends Action list($display, $canonical, $sreg) = $this->getSavedValues(); if (!$display || !$canonical) { + // TRANS: OpenID plugin server error. A stored OpenID cannot be retrieved. $this->serverError(_m('Stored OpenID not found.')); return; } @@ -264,10 +305,13 @@ class FinishopenidloginAction extends Action $other = oid_get_user($canonical); if ($other) { + // TRANS: OpenID plugin server error. $this->serverError(_m('Creating new account for OpenID that already has a user.')); return; } + Event::handle('StartOpenIDCreateNewUser', array($canonical, &$sreg)); + $location = ''; if (!empty($sreg['country'])) { if ($sreg['postcode']) { @@ -307,6 +351,8 @@ class FinishopenidloginAction extends Action $result = oid_link_user($user->id, $canonical, $display); + Event::handle('EndOpenIDCreateNewUser', array($user, $canonical, $sreg)); + oid_set_last($display); common_set_user($user); common_real_login(true); @@ -324,6 +370,7 @@ class FinishopenidloginAction extends Action $password = $this->trimmed('password'); if (!common_check_user($nickname, $password)) { + // TRANS: OpenID plugin message. $this->showForm(_m('Invalid username or password.')); return; } @@ -335,6 +382,7 @@ class FinishopenidloginAction extends Action list($display, $canonical, $sreg) = $this->getSavedValues(); if (!$display || !$canonical) { + // TRANS: OpenID plugin server error. A stored OpenID cannot be found. $this->serverError(_m('Stored OpenID not found.')); return; } @@ -342,11 +390,16 @@ class FinishopenidloginAction extends Action $result = oid_link_user($user->id, $canonical, $display); if (!$result) { + // TRANS: OpenID plugin server error. The user or user profile could not be saved. $this->serverError(_m('Error connecting user to OpenID.')); return; } - oid_update_user($user, $sreg); + if (Event::handle('StartOpenIDUpdateUser', array($user, $canonical, &$sreg))) { + oid_update_user($user, $sreg); + } + Event::handle('EndOpenIDUpdateUser', array($user, $canonical, $sreg)); + oid_set_last($display); common_set_user($user); common_real_login(true); diff --git a/plugins/OpenID/locale/OpenID.po b/plugins/OpenID/locale/OpenID.pot index 7ed879835..70908422e 100644 --- a/plugins/OpenID/locale/OpenID.po +++ b/plugins/OpenID/locale/OpenID.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2010-03-01 14:58-0800\n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,311 +16,347 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: finishaddopenid.php:67 -msgid "Not logged in." +#: openidsettings.php:59 +msgid "OpenID settings" msgstr "" -#: finishaddopenid.php:88 finishopenidlogin.php:149 -msgid "OpenID authentication cancelled." +#: openidsettings.php:70 +#, php-format +msgid "" +"[OpenID](%%doc.openid%%) lets you log into many sites with the same user " +"account. Manage your associated OpenIDs from here." msgstr "" -#: finishaddopenid.php:92 finishopenidlogin.php:153 -#, php-format -msgid "OpenID authentication failed: %s" +#: openidsettings.php:99 +msgid "Add OpenID" msgstr "" -#: finishaddopenid.php:112 -msgid "You already have this OpenID!" +#: openidsettings.php:102 +msgid "" +"If you want to add an OpenID to your account, enter it in the box below and " +"click \"Add\"." msgstr "" -#: finishaddopenid.php:114 -msgid "Someone else already has this OpenID." +#: openidsettings.php:107 openidlogin.php:119 +msgid "OpenID URL" msgstr "" -#: finishaddopenid.php:126 -msgid "Error connecting user." +#: openidsettings.php:117 +msgid "Add" msgstr "" -#: finishaddopenid.php:131 -msgid "Error updating profile" +#: openidsettings.php:129 +msgid "Remove OpenID" msgstr "" -#: finishaddopenid.php:170 openidlogin.php:95 -msgid "OpenID Login" +#: openidsettings.php:134 +msgid "" +"Removing your only OpenID would make it impossible to log in! If you need to " +"remove it, add another OpenID first." msgstr "" -#: finishopenidlogin.php:34 openidlogin.php:30 -msgid "Already logged in." +#: openidsettings.php:149 +msgid "" +"You can remove an OpenID from your account by clicking the button marked " +"\"Remove\"." msgstr "" -#: finishopenidlogin.php:38 openidlogin.php:37 openidsettings.php:194 -msgid "There was a problem with your session token. Try again, please." +#: openidsettings.php:172 openidsettings.php:213 +msgid "Remove" msgstr "" -#: finishopenidlogin.php:43 -msgid "You can't register if you don't agree to the license." +#: openidsettings.php:186 +msgid "OpenID Trusted Sites" +msgstr "" + +#: openidsettings.php:189 +msgid "" +"The following sites are allowed to access your identity and log you in. You " +"can remove a site from this list to deny it access to your OpenID." msgstr "" -#: finishopenidlogin.php:52 openidsettings.php:208 +#: openidsettings.php:231 finishopenidlogin.php:38 openidlogin.php:39 +msgid "There was a problem with your session token. Try again, please." +msgstr "" + +#: openidsettings.php:247 finishopenidlogin.php:51 msgid "Something weird happened." msgstr "" -#: finishopenidlogin.php:66 -#, php-format -msgid "" -"This is the first time you've logged into %s so we must connect your OpenID " -"to a local account. You can either create a new account, or connect with " -"your existing account, if you have one." +#: openidsettings.php:271 +msgid "No such OpenID trustroot." msgstr "" -#: finishopenidlogin.php:72 -msgid "OpenID Account Setup" +#: openidsettings.php:275 +msgid "Trustroots removed" msgstr "" -#: finishopenidlogin.php:97 -msgid "Create new account" +#: openidsettings.php:298 +msgid "No such OpenID." msgstr "" -#: finishopenidlogin.php:99 -msgid "Create a new user with this nickname." +#: openidsettings.php:303 +msgid "That OpenID does not belong to you." msgstr "" -#: finishopenidlogin.php:102 -msgid "New nickname" +#: openidsettings.php:307 +msgid "OpenID removed." msgstr "" -#: finishopenidlogin.php:104 -msgid "1-64 lowercase letters or numbers, no punctuation or spaces" +#: openid.php:137 +msgid "Cannot instantiate OpenID consumer object." msgstr "" -#: finishopenidlogin.php:114 -msgid "My text and files are available under " +#: openid.php:147 +msgid "Not a valid OpenID." msgstr "" -#: finishopenidlogin.php:117 -msgid "" -" except this private data: password, email address, IM address, phone number." +#: openid.php:149 +#, php-format +msgid "OpenID failure: %s" msgstr "" -#: finishopenidlogin.php:121 -msgid "Create" +#: openid.php:176 +#, php-format +msgid "Could not redirect to server: %s" msgstr "" -#: finishopenidlogin.php:126 -msgid "Connect existing account" +#: openid.php:194 +#, php-format +msgid "Could not create OpenID form: %s" msgstr "" -#: finishopenidlogin.php:128 +#: openid.php:210 msgid "" -"If you already have an account, login with your username and password to " -"connect it to your OpenID." +"This form should automatically submit itself. If not, click the submit " +"button to go to your OpenID provider." msgstr "" -#: finishopenidlogin.php:131 -msgid "Existing nickname" +#: openid.php:242 +msgid "Error saving the profile." msgstr "" -#: finishopenidlogin.php:134 -msgid "Password" +#: openid.php:253 +msgid "Error saving the user." msgstr "" -#: finishopenidlogin.php:137 -msgid "Connect" +#: openid.php:282 +msgid "Unauthorized URL used for OpenID login." msgstr "" -#: finishopenidlogin.php:215 finishopenidlogin.php:224 -msgid "Registration not allowed." +#: openid.php:302 +msgid "OpenID Login Submission" msgstr "" -#: finishopenidlogin.php:231 -msgid "Not a valid invitation code." +#: openid.php:312 +msgid "Requesting authorization from your login provider..." msgstr "" -#: finishopenidlogin.php:241 -msgid "Nickname must have only lowercase letters and numbers and no spaces." +#: openid.php:315 +msgid "" +"If you are not redirected to your login provider in a few seconds, try " +"pushing the button below." msgstr "" -#: finishopenidlogin.php:246 -msgid "Nickname not allowed." +#. TRANS: Tooltip for main menu option "Login" +#: OpenIDPlugin.php:204 +msgctxt "TOOLTIP" +msgid "Login to the site" msgstr "" -#: finishopenidlogin.php:251 -msgid "Nickname already in use. Try another one." +#: OpenIDPlugin.php:207 +msgctxt "MENU" +msgid "Login" msgstr "" -#: finishopenidlogin.php:258 finishopenidlogin.php:338 -msgid "Stored OpenID not found." +#. TRANS: Tooltip for main menu option "Help" +#: OpenIDPlugin.php:212 +msgctxt "TOOLTIP" +msgid "Help me!" msgstr "" -#: finishopenidlogin.php:267 -msgid "Creating new account for OpenID that already has a user." +#: OpenIDPlugin.php:215 +msgctxt "MENU" +msgid "Help" msgstr "" -#: finishopenidlogin.php:327 -msgid "Invalid username or password." +#. TRANS: Tooltip for main menu option "Search" +#: OpenIDPlugin.php:221 +msgctxt "TOOLTIP" +msgid "Search for people or text" msgstr "" -#: finishopenidlogin.php:345 -msgid "Error connecting user to OpenID." +#: OpenIDPlugin.php:224 +msgctxt "MENU" +msgid "Search" msgstr "" -#: openid.php:141 -msgid "Cannot instantiate OpenID consumer object." +#: OpenIDPlugin.php:283 OpenIDPlugin.php:319 +msgid "OpenID" msgstr "" -#: openid.php:151 -msgid "Not a valid OpenID." +#: OpenIDPlugin.php:284 +msgid "Login or register with OpenID" msgstr "" -#: openid.php:153 -#, php-format -msgid "OpenID failure: %s" +#: OpenIDPlugin.php:320 +msgid "Add or remove OpenIDs" msgstr "" -#: openid.php:180 -#, php-format -msgid "Could not redirect to server: %s" +#: OpenIDPlugin.php:595 +msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." msgstr "" -#: openid.php:198 +#: openidserver.php:106 #, php-format -msgid "Could not create OpenID form: %s" -msgstr "" - -#: openid.php:214 -msgid "" -"This form should automatically submit itself. If not, click the submit " -"button to go to your OpenID provider." +msgid "You are not authorized to use the identity %s." msgstr "" -#: openid.php:246 -msgid "Error saving the profile." +#: openidserver.php:126 +msgid "Just an OpenID provider. Nothing to see here, move along..." msgstr "" -#: openid.php:257 -msgid "Error saving the user." +#: finishopenidlogin.php:34 openidlogin.php:30 +msgid "Already logged in." msgstr "" -#: openid.php:277 -msgid "OpenID Auto-Submit" +#: finishopenidlogin.php:43 +msgid "You can't register if you don't agree to the license." msgstr "" -#: openidlogin.php:66 +#: finishopenidlogin.php:65 #, php-format msgid "" -"For security reasons, please re-login with your [OpenID](%%doc.openid%%) " -"before changing your settings." +"This is the first time you've logged into %s so we must connect your OpenID " +"to a local account. You can either create a new account, or connect with " +"your existing account, if you have one." msgstr "" -#: openidlogin.php:70 -#, php-format -msgid "Login with an [OpenID](%%doc.openid%%) account." +#: finishopenidlogin.php:71 +msgid "OpenID Account Setup" msgstr "" -#: openidlogin.php:112 -msgid "OpenID login" +#: finishopenidlogin.php:101 +msgid "Create new account" msgstr "" -#: openidlogin.php:117 openidsettings.php:107 -msgid "OpenID URL" +#: finishopenidlogin.php:103 +msgid "Create a new user with this nickname." msgstr "" -#: openidlogin.php:119 -msgid "Your OpenID URL" +#: finishopenidlogin.php:106 +msgid "New nickname" msgstr "" -#: openidlogin.php:122 -msgid "Remember me" +#: finishopenidlogin.php:108 +msgid "1-64 lowercase letters or numbers, no punctuation or spaces" msgstr "" -#: openidlogin.php:123 -msgid "Automatically login in the future; not for shared computers!" +#: finishopenidlogin.php:130 +msgid "Create" msgstr "" -#: openidlogin.php:127 -msgid "Login" +#: finishopenidlogin.php:135 +msgid "Connect existing account" msgstr "" -#: OpenIDPlugin.php:123 OpenIDPlugin.php:135 -msgid "OpenID" +#: finishopenidlogin.php:137 +msgid "" +"If you already have an account, login with your username and password to " +"connect it to your OpenID." msgstr "" -#: OpenIDPlugin.php:124 -msgid "Login or register with OpenID" +#: finishopenidlogin.php:140 +msgid "Existing nickname" msgstr "" -#: OpenIDPlugin.php:136 -msgid "Add or remove OpenIDs" +#: finishopenidlogin.php:143 +msgid "Password" msgstr "" -#: OpenIDPlugin.php:324 -msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." +#: finishopenidlogin.php:146 +msgid "Connect" msgstr "" -#: openidserver.php:106 +#: finishopenidlogin.php:158 finishaddopenid.php:88 +msgid "OpenID authentication cancelled." +msgstr "" + +#: finishopenidlogin.php:162 finishaddopenid.php:92 #, php-format -msgid "You are not authorized to use the identity %s." +msgid "OpenID authentication failed: %s" msgstr "" -#: openidserver.php:126 -msgid "Just an OpenID provider. Nothing to see here, move along..." +#: finishopenidlogin.php:227 finishopenidlogin.php:236 +msgid "Registration not allowed." msgstr "" -#: openidsettings.php:59 -msgid "OpenID settings" +#: finishopenidlogin.php:243 +msgid "Not a valid invitation code." msgstr "" -#: openidsettings.php:70 -#, php-format -msgid "" -"[OpenID](%%doc.openid%%) lets you log into many sites with the same user " -"account. Manage your associated OpenIDs from here." +#: finishopenidlogin.php:253 +msgid "Nickname must have only lowercase letters and numbers and no spaces." msgstr "" -#: openidsettings.php:99 -msgid "Add OpenID" +#: finishopenidlogin.php:258 +msgid "Nickname not allowed." msgstr "" -#: openidsettings.php:102 -msgid "" -"If you want to add an OpenID to your account, enter it in the box below and " -"click \"Add\"." +#: finishopenidlogin.php:263 +msgid "Nickname already in use. Try another one." msgstr "" -#: openidsettings.php:117 -msgid "Add" +#: finishopenidlogin.php:270 finishopenidlogin.php:350 +msgid "Stored OpenID not found." msgstr "" -#: openidsettings.php:129 -msgid "Remove OpenID" +#: finishopenidlogin.php:279 +msgid "Creating new account for OpenID that already has a user." msgstr "" -#: openidsettings.php:134 -msgid "" -"Removing your only OpenID would make it impossible to log in! If you need to " -"remove it, add another OpenID first." +#: finishopenidlogin.php:339 +msgid "Invalid username or password." msgstr "" -#: openidsettings.php:149 +#: finishopenidlogin.php:357 +msgid "Error connecting user to OpenID." +msgstr "" + +#: openidlogin.php:68 +#, php-format msgid "" -"You can remove an OpenID from your account by clicking the button marked " -"\"Remove\"." +"For security reasons, please re-login with your [OpenID](%%doc.openid%%) " +"before changing your settings." msgstr "" -#: openidsettings.php:172 -msgid "Remove" +#: openidlogin.php:72 +#, php-format +msgid "Login with an [OpenID](%%doc.openid%%) account." msgstr "" -#: openidsettings.php:228 -msgid "No such OpenID." +#: openidlogin.php:97 finishaddopenid.php:170 +msgid "OpenID Login" msgstr "" -#: openidsettings.php:233 -msgid "That OpenID does not belong to you." +#: openidlogin.php:114 +msgid "OpenID login" msgstr "" -#: openidsettings.php:237 -msgid "OpenID removed." +#: openidlogin.php:121 +msgid "Your OpenID URL" +msgstr "" + +#: openidlogin.php:124 +msgid "Remember me" +msgstr "" + +#: openidlogin.php:125 +msgid "Automatically login in the future; not for shared computers!" +msgstr "" + +#: openidlogin.php:129 +msgid "Login" msgstr "" #: openidtrust.php:51 @@ -332,17 +368,37 @@ msgid "" "This page should only be reached during OpenID processing, not directly." msgstr "" -#: openidtrust.php:118 +#: openidtrust.php:117 #, php-format msgid "" "%s has asked to verify your identity. Click Continue to verify your " "identity and login without creating a new password." msgstr "" -#: openidtrust.php:136 +#: openidtrust.php:135 msgid "Continue" msgstr "" -#: openidtrust.php:137 +#: openidtrust.php:136 msgid "Cancel" msgstr "" + +#: finishaddopenid.php:67 +msgid "Not logged in." +msgstr "" + +#: finishaddopenid.php:112 +msgid "You already have this OpenID!" +msgstr "" + +#: finishaddopenid.php:114 +msgid "Someone else already has this OpenID." +msgstr "" + +#: finishaddopenid.php:126 +msgid "Error connecting user." +msgstr "" + +#: finishaddopenid.php:131 +msgid "Error updating profile" +msgstr "" diff --git a/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po b/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po new file mode 100644 index 000000000..5cda9b129 --- /dev/null +++ b/plugins/OpenID/locale/nl/LC_MESSAGES/OpenID.po @@ -0,0 +1,395 @@ +# Translation of StatusNet plugin OpenID to Dutch +# +# Author@translatewiki.net: Siebrand +# -- +# This file is distributed under the same license as the StatusNet package. +# +msgid "" +msgstr "" +"Project-Id-Version: StatusNet\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-04-29 23:39+0000\n" +"PO-Revision-Date: 2010-04-30 02:16+0100\n" +"Last-Translator: Siebrand Mazeland <s.mazeland@xs4all.nl>\n" +"Language-Team: Dutch\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: openidsettings.php:59 +msgid "OpenID settings" +msgstr "OpenID-instellingen" + +#: openidsettings.php:70 +#, php-format +msgid "[OpenID](%%doc.openid%%) lets you log into many sites with the same user account. Manage your associated OpenIDs from here." +msgstr "Met [OpenID](%%doc.openid%%) kunt u aanmelden bij veel websites met dezelfde gebruiker. U kunt hier uw gekoppelde OpenID's beheren." + +#: openidsettings.php:99 +msgid "Add OpenID" +msgstr "OpenID toevoegen" + +#: openidsettings.php:102 +msgid "If you want to add an OpenID to your account, enter it in the box below and click \"Add\"." +msgstr "Als u een OpenID aan uw gebruiker wilt toevoegen, voer deze dan hieronder in en klik op \"Toevoegen\"." + +#: openidsettings.php:107 +#: openidlogin.php:119 +msgid "OpenID URL" +msgstr "OpenID-URL" + +#: openidsettings.php:117 +msgid "Add" +msgstr "Toevoegen" + +#: openidsettings.php:129 +msgid "Remove OpenID" +msgstr "OpenID verwijderen" + +#: openidsettings.php:134 +msgid "Removing your only OpenID would make it impossible to log in! If you need to remove it, add another OpenID first." +msgstr "Door uw enige OpenID te verwijderen zou het niet meer mogelijk zijn om aan te melden. Als u het wilt verwijderen, voeg dan eerst een andere OpenID toe." + +#: openidsettings.php:149 +msgid "You can remove an OpenID from your account by clicking the button marked \"Remove\"." +msgstr "U kunt een OpenID van uw gebruiker verwijderen door te klikken op de knop \"Verwijderen\"." + +#: openidsettings.php:172 +#: openidsettings.php:213 +msgid "Remove" +msgstr "Verwijderen" + +#: openidsettings.php:186 +msgid "OpenID Trusted Sites" +msgstr "Vertrouwde OpenID-sites" + +#: openidsettings.php:189 +msgid "The following sites are allowed to access your identity and log you in. You can remove a site from this list to deny it access to your OpenID." +msgstr "De volgende sites hebben toegang tot uw indentiteit en kunnen u aanmelden. U kunt een site verwijderen uit deze lijst zodat deze niet langer toegang heeft tot uw OpenID." + +#: openidsettings.php:231 +#: finishopenidlogin.php:38 +#: openidlogin.php:39 +msgid "There was a problem with your session token. Try again, please." +msgstr "Er was een probleem met uw sessietoken. Probeer het opnieuw." + +#: openidsettings.php:247 +#: finishopenidlogin.php:51 +msgid "Something weird happened." +msgstr "Er is iets vreemds gebeurd." + +#: openidsettings.php:271 +msgid "No such OpenID trustroot." +msgstr "Die OpenID trustroot bestaat niet." + +#: openidsettings.php:275 +msgid "Trustroots removed" +msgstr "De trustroots zijn verwijderd" + +#: openidsettings.php:298 +msgid "No such OpenID." +msgstr "De OpenID bestaat niet." + +#: openidsettings.php:303 +msgid "That OpenID does not belong to you." +msgstr "Die OpenID is niet van u." + +#: openidsettings.php:307 +msgid "OpenID removed." +msgstr "OpenID verwijderd." + +#: openid.php:137 +msgid "Cannot instantiate OpenID consumer object." +msgstr "Het was niet mogelijk een OpenID-object aan te maken." + +#: openid.php:147 +msgid "Not a valid OpenID." +msgstr "Geen geldige OpenID." + +#: openid.php:149 +#, php-format +msgid "OpenID failure: %s" +msgstr "OpenID-fout: %s" + +#: openid.php:176 +#, php-format +msgid "Could not redirect to server: %s" +msgstr "Het was niet mogelijk door te verwijzen naar de server: %s" + +#: openid.php:194 +#, php-format +msgid "Could not create OpenID form: %s" +msgstr "Het was niet mogelijk het OpenID-formulier aan te maken: %s" + +#: openid.php:210 +msgid "This form should automatically submit itself. If not, click the submit button to go to your OpenID provider." +msgstr "Dit formulier hoort zichzelf automatisch op te slaan. Als dat niet gebeurt, klik dan op de knop \"Aanmelden\" om naar uw OpenID-provider te gaan." + +#: openid.php:242 +msgid "Error saving the profile." +msgstr "Fout bij het opslaan van het profiel." + +#: openid.php:253 +msgid "Error saving the user." +msgstr "Fout bij het opslaan van de gebruiker." + +#: openid.php:282 +msgid "Unauthorized URL used for OpenID login." +msgstr "Ongeautoriseerde URL gebruikt voor aanmelden via OpenID" + +#: openid.php:302 +#, fuzzy +msgid "OpenID Login Submission" +msgstr "Aanmelden via OpenID" + +#: openid.php:312 +msgid "Requesting authorization from your login provider..." +msgstr "Bezig met het vragen van autorisatie van uw aanmeldprovider..." + +#: openid.php:315 +msgid "If you are not redirected to your login provider in a few seconds, try pushing the button below." +msgstr "Als u binnen een aantal seconden niet wordt doorverwezen naar uw aanmeldprovider, klik dan op de onderstaande knop." + +#. TRANS: Tooltip for main menu option "Login" +#: OpenIDPlugin.php:204 +msgctxt "TOOLTIP" +msgid "Login to the site" +msgstr "Aanmelden bij de site" + +#: OpenIDPlugin.php:207 +#, fuzzy +msgctxt "MENU" +msgid "Login" +msgstr "Aanmelden" + +#. TRANS: Tooltip for main menu option "Help" +#: OpenIDPlugin.php:212 +msgctxt "TOOLTIP" +msgid "Help me!" +msgstr "Help me" + +#: OpenIDPlugin.php:215 +msgctxt "MENU" +msgid "Help" +msgstr "Hulp" + +#. TRANS: Tooltip for main menu option "Search" +#: OpenIDPlugin.php:221 +msgctxt "TOOLTIP" +msgid "Search for people or text" +msgstr "Zoeken naar mensen of tekst" + +#: OpenIDPlugin.php:224 +msgctxt "MENU" +msgid "Search" +msgstr "Zoeken" + +#: OpenIDPlugin.php:283 +#: OpenIDPlugin.php:319 +msgid "OpenID" +msgstr "OpenID" + +#: OpenIDPlugin.php:284 +msgid "Login or register with OpenID" +msgstr "Aanmelden of registreren met OpenID" + +#: OpenIDPlugin.php:320 +msgid "Add or remove OpenIDs" +msgstr "OpenID's toevoegen of verwijderen" + +#: OpenIDPlugin.php:595 +msgid "Use <a href=\"http://openid.net/\">OpenID</a> to login to the site." +msgstr "Gebruik <a href=\"http://openid.net/\">OpenID</a> om aan te melden bij de site." + +#: openidserver.php:106 +#, php-format +msgid "You are not authorized to use the identity %s." +msgstr "U mag de identiteit %s niet gebruiken." + +#: openidserver.php:126 +msgid "Just an OpenID provider. Nothing to see here, move along..." +msgstr "Gewoon een OpenID-provider. Niets te zien hier..." + +#: finishopenidlogin.php:34 +#: openidlogin.php:30 +msgid "Already logged in." +msgstr "U bent al aangemeld." + +#: finishopenidlogin.php:43 +msgid "You can't register if you don't agree to the license." +msgstr "U kunt niet registreren als u niet akkoord gaat met de licentie." + +#: finishopenidlogin.php:65 +#, php-format +msgid "This is the first time you've logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one." +msgstr "Dit is de eerste keer dat u aameldt bij %s en uw OpenID moet gekoppeld worden aan uw lokale gebruiker. U kunt een nieuwe gebruiker aanmaken of koppelen met uw bestaande gebruiker als u die al hebt." + +#: finishopenidlogin.php:71 +msgid "OpenID Account Setup" +msgstr "Instellingen OpenID" + +#: finishopenidlogin.php:101 +msgid "Create new account" +msgstr "Nieuwe gebruiker aanmaken" + +#: finishopenidlogin.php:103 +msgid "Create a new user with this nickname." +msgstr "Nieuwe gebruiker met deze naam aanmaken." + +#: finishopenidlogin.php:106 +msgid "New nickname" +msgstr "Nieuwe gebruiker" + +#: finishopenidlogin.php:108 +msgid "1-64 lowercase letters or numbers, no punctuation or spaces" +msgstr "1-64 kleine letters of getallen; geen leestekens of spaties" + +#: finishopenidlogin.php:130 +msgid "Create" +msgstr "Aanmaken" + +#: finishopenidlogin.php:135 +msgid "Connect existing account" +msgstr "Koppelen met bestaande gebruiker" + +#: finishopenidlogin.php:137 +msgid "If you already have an account, login with your username and password to connect it to your OpenID." +msgstr "Als u al een gebruiker hebt, meld u dan aan met uw gebruikersnaam en wachtwoord om de gebruiker te koppelen met uw OpenID." + +#: finishopenidlogin.php:140 +msgid "Existing nickname" +msgstr "Bestaande gebruiker" + +#: finishopenidlogin.php:143 +msgid "Password" +msgstr "Wachtwoord" + +#: finishopenidlogin.php:146 +msgid "Connect" +msgstr "Koppelen" + +#: finishopenidlogin.php:158 +#: finishaddopenid.php:88 +msgid "OpenID authentication cancelled." +msgstr "De authenticatie via OpenID is afgebroken." + +#: finishopenidlogin.php:162 +#: finishaddopenid.php:92 +#, php-format +msgid "OpenID authentication failed: %s" +msgstr "De authenticatie via OpenID is mislukt: %s" + +#: finishopenidlogin.php:227 +#: finishopenidlogin.php:236 +msgid "Registration not allowed." +msgstr "Registreren is niet mogelijk." + +#: finishopenidlogin.php:243 +msgid "Not a valid invitation code." +msgstr "De uitnodigingscode is niet geldig." + +#: finishopenidlogin.php:253 +msgid "Nickname must have only lowercase letters and numbers and no spaces." +msgstr "De gebruikersnaam mag alleen uit kleine letters en cijfers bestaan, en geen spaties bevatten." + +#: finishopenidlogin.php:258 +msgid "Nickname not allowed." +msgstr "Deze gebruikersnaam is niet toegestaan." + +#: finishopenidlogin.php:263 +msgid "Nickname already in use. Try another one." +msgstr "Deze gebruikersnaam wordt al gebruikt. Kies een andere." + +#: finishopenidlogin.php:270 +#: finishopenidlogin.php:350 +msgid "Stored OpenID not found." +msgstr "Het opgeslagen OpenID is niet aangetroffen." + +#: finishopenidlogin.php:279 +msgid "Creating new account for OpenID that already has a user." +msgstr "Bezig met het aanmaken van een gebruiker voor OpenID die al een gebruiker heeft." + +#: finishopenidlogin.php:339 +msgid "Invalid username or password." +msgstr "Ongeldige gebruikersnaam of wachtwoord." + +#: finishopenidlogin.php:357 +msgid "Error connecting user to OpenID." +msgstr "Fout bij het koppelen met OpenID." + +#: openidlogin.php:68 +#, php-format +msgid "For security reasons, please re-login with your [OpenID](%%doc.openid%%) before changing your settings." +msgstr "Om veiligheidsreden moet u opnieuw aanmelden met uw [OpenID](%%doc.openid%%) voordat u uw instellingen kunt wijzigen." + +#: openidlogin.php:72 +#, php-format +msgid "Login with an [OpenID](%%doc.openid%%) account." +msgstr "Aanmelden met een [OpenID](%%doc.openid%%)-gebruiker." + +#: openidlogin.php:97 +#: finishaddopenid.php:170 +msgid "OpenID Login" +msgstr "Aanmelden via OpenID" + +#: openidlogin.php:114 +msgid "OpenID login" +msgstr "Aanmelden via OpenID" + +#: openidlogin.php:121 +msgid "Your OpenID URL" +msgstr "Uw OpenID-URL" + +#: openidlogin.php:124 +msgid "Remember me" +msgstr "Aanmeldgegevens onthouden" + +#: openidlogin.php:125 +msgid "Automatically login in the future; not for shared computers!" +msgstr "In het vervolg automatisch aanmelden. Niet gebruiken op gedeelde computers!" + +#: openidlogin.php:129 +msgid "Login" +msgstr "Aanmelden" + +#: openidtrust.php:51 +msgid "OpenID Identity Verification" +msgstr "OpenID-identiteitscontrole" + +#: openidtrust.php:69 +msgid "This page should only be reached during OpenID processing, not directly." +msgstr "Deze pagina hoort alleen bezocht te worden tijdens het verwerken van een OpenID, en niet direct." + +#: openidtrust.php:117 +#, php-format +msgid "%s has asked to verify your identity. Click Continue to verify your identity and login without creating a new password." +msgstr "%s heeft gevraagd uw identiteit te bevestigen. Klik op \"Doorgaan\" om uw indentiteit te controleren en aan te melden zonder een wachtwoord te hoeven invoeren." + +#: openidtrust.php:135 +msgid "Continue" +msgstr "Doorgaan" + +#: openidtrust.php:136 +msgid "Cancel" +msgstr "Annuleren" + +#: finishaddopenid.php:67 +msgid "Not logged in." +msgstr "Niet aangemeld." + +#: finishaddopenid.php:112 +msgid "You already have this OpenID!" +msgstr "U hebt deze OpenID al!" + +#: finishaddopenid.php:114 +msgid "Someone else already has this OpenID." +msgstr "Iemand anders gebruikt deze OpenID al." + +#: finishaddopenid.php:126 +msgid "Error connecting user." +msgstr "Fout bij het verbinden met de gebruiker." + +#: finishaddopenid.php:131 +msgid "Error updating profile" +msgstr "Fout bij het bijwerken van het profiel." diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php index 9e02c7a88..4ce350f77 100644 --- a/plugins/OpenID/openid.php +++ b/plugins/OpenID/openid.php @@ -94,7 +94,6 @@ function oid_link_user($id, $canonical, $display) if (!$oid->insert()) { $err = PEAR::getStaticProperty('DB_DataObject','lastError'); - common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); return false; } @@ -119,13 +118,10 @@ function oid_check_immediate($openid_url, $backto=null) unset($args['action']); $backto = common_local_url($action, $args); } - common_debug('going back to "' . $backto . '"', __FILE__); common_ensure_session(); $_SESSION['openid_immediate_backto'] = $backto; - common_debug('passed-in variable is "' . $backto . '"', __FILE__); - common_debug('session variable is "' . $_SESSION['openid_immediate_backto'] . '"', __FILE__); oid_authenticate($openid_url, 'finishimmediate', @@ -138,6 +134,7 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $consumer = oid_consumer(); if (!$consumer) { + // TRANS: OpenID plugin server error. common_server_error(_m('Cannot instantiate OpenID consumer object.')); return false; } @@ -148,8 +145,13 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) // Handle failure status return values. if (!$auth_request) { + common_log(LOG_ERR, __METHOD__ . ": mystery fail contacting $openid_url"); + // TRANS: OpenID plugin message. Given when an OpenID is not valid. return _m('Not a valid OpenID.'); } else if (Auth_OpenID::isFailure($auth_request)) { + common_log(LOG_ERR, __METHOD__ . ": OpenID fail to $openid_url: $auth_request->message"); + // TRANS: OpenID plugin server error. Given when the OpenID authentication request fails. + // TRANS: %s is the failure message. return sprintf(_m('OpenID failure: %s'), $auth_request->message); } @@ -168,6 +170,15 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $auth_request->addExtension($sreg_request); } + $requiredTeam = common_config('openid', 'required_team'); + if ($requiredTeam) { + // LaunchPad OpenID extension + $team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam)); + if ($team_request) { + $auth_request->addExtension($team_request); + } + } + $trust_root = common_root_url(true); $process_url = common_local_url($returnto); @@ -177,6 +188,8 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) $immediate); if (!$redirect_url) { } else if (Auth_OpenID::isFailure($redirect_url)) { + // TRANS: OpenID plugin server error. Given when the OpenID authentication request cannot be redirected. + // TRANS: %s is the failure message. return sprintf(_m('Could not redirect to server: %s'), $redirect_url->message); } else { common_redirect($redirect_url, 303); @@ -195,6 +208,8 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { + // TRANS: OpenID plugin server error if the form markup could not be generated. + // TRANS: %s is the failure message. common_server_error(sprintf(_m('Could not create OpenID form: %s'), $form_html->message)); } else { $action = new AutosubmitAction(); // see below @@ -211,16 +226,20 @@ function oid_authenticate($openid_url, $returnto, $immediate=false) function _oid_print_instructions() { common_element('div', 'instructions', + // TRANS: OpenID plugin user instructions. _m('This form should automatically submit itself. '. 'If not, click the submit button to go to your '. 'OpenID provider.')); } -# update a user from sreg parameters - -function oid_update_user(&$user, &$sreg) +/** + * Update a user from sreg parameters + * @param User $user + * @param array $sreg fields from OpenID sreg response + * @access private + */ +function oid_update_user($user, $sreg) { - $profile = $user->getProfile(); $orig_profile = clone($profile); @@ -243,6 +262,7 @@ function oid_update_user(&$user, &$sreg) # XXX save timezone if it's passed if (!$profile->update($orig_profile)) { + // TRANS: OpenID plugin server error. common_server_error(_m('Error saving the profile.')); return false; } @@ -254,6 +274,7 @@ function oid_update_user(&$user, &$sreg) } if (!$user->update($orig_user)) { + // TRANS: OpenID plugin server error. common_server_error(_m('Error saving the user.')); return false; } @@ -261,6 +282,63 @@ function oid_update_user(&$user, &$sreg) return true; } +function oid_assert_allowed($url) +{ + $blacklist = common_config('openid', 'blacklist'); + $whitelist = common_config('openid', 'whitelist'); + + if (empty($blacklist)) { + $blacklist = array(); + } + + if (empty($whitelist)) { + $whitelist = array(); + } + + foreach ($blacklist as $pattern) { + if (preg_match("/$pattern/", $url)) { + common_log(LOG_INFO, "Matched OpenID blacklist pattern {$pattern} with {$url}"); + foreach ($whitelist as $exception) { + if (preg_match("/$exception/", $url)) { + common_log(LOG_INFO, "Matched OpenID whitelist pattern {$exception} with {$url}"); + return; + } + } + // TRANS: OpenID plugin client exception (403). + throw new ClientException(_m("Unauthorized URL used for OpenID login."), 403); + } + } + + return; +} + +/** + * Check the teams available in the given OpenID response + * Using Launchpad's OpenID teams extension + * + * @return boolean whether this user is acceptable + */ +function oid_check_teams($response) +{ + $requiredTeam = common_config('openid', 'required_team'); + if ($requiredTeam) { + $team_resp = new Auth_OpenID_TeamsResponse($response); + if ($team_resp) { + $teams = $team_resp->getTeams(); + } else { + $teams = array(); + } + + $match = in_array($requiredTeam, $teams); + $is = $match ? 'is' : 'is not'; + common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]"); + + return $match; + } + + return true; +} + class AutosubmitAction extends Action { var $form_html = null; @@ -274,20 +352,31 @@ class AutosubmitAction extends Action function title() { - return _m('OpenID Auto-Submit'); + // TRANS: Title + return _m('OpenID Login Submission'); } function showContent() { + $this->raw('<p style="margin: 20px 80px">'); + // @fixme this would be better using standard CSS class, but the present theme's a bit scary. + $this->element('img', array('src' => Theme::path('images/icons/icon_processing.gif', 'base'), + // for some reason the base CSS sets <img>s as block display?! + 'style' => 'display: inline')); + // TRANS: OpenID plugin message used while requesting authorization user's OpenID login provider. + $this->text(_m('Requesting authorization from your login provider...')); + $this->raw('</p>'); + $this->raw('<p style="margin-top: 60px; font-style: italic">'); + // TRANS: OpenID plugin message. User instruction while requesting authorization user's OpenID login provider. + $this->text(_m('If you are not redirected to your login provider in a few seconds, try pushing the button below.')); + $this->raw('</p>'); $this->raw($this->form_html); } - + function showScripts() { parent::showScripts(); $this->element('script', null, - '$(document).ready(function() { ' . - ' $(\'#'. $this->form_id .'\').submit(); '. - '});'); + 'document.getElementById(\'' . $this->form_id . '\').submit();'); } } diff --git a/plugins/OpenID/openidadminpanel.php b/plugins/OpenID/openidadminpanel.php new file mode 100644 index 000000000..ce4806cc8 --- /dev/null +++ b/plugins/OpenID/openidadminpanel.php @@ -0,0 +1,280 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * OpenID bridge administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer global OpenID settings + * + * @category Admin + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class OpenidadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _m('OpenID'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _m('OpenID settings'); + } + + /** + * Show the OpenID admin panel form + * + * @return void + */ + + function showForm() + { + $form = new OpenIDAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array( + 'openid' => array('trusted_provider', 'required_team') + ); + + static $booleans = array( + 'openid' => array('append_username'), + 'site' => array('openidonly') + ); + + $values = array(); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] + = $this->trimmed($setting); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] + = ($this->boolean($setting)) ? 1 : 0; + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + // Validate consumer key and secret (can't be too long) + + if (mb_strlen($values['openid']['trusted_provider']) > 255) { + $this->clientError( + _m("Invalid provider URL. Max length is 255 characters.") + ); + } + + if (mb_strlen($values['openid']['required_team']) > 255) { + $this->clientError( + _m("Invalid team name. Max length is 255 characters.") + ); + } + } +} + +class OpenIDAdminPanelForm extends AdminForm +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'openidadminpanel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('openidadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + * + * @todo Some of the options could prevent users from logging in again. + * Make sure that the acting administrator has a valid OpenID matching, + * or more carefully warn folks. + */ + + function formData() + { + $this->out->elementStart( + 'fieldset', + array('id' => 'settings_openid') + ); + $this->out->element('legend', null, _m('Trusted provider')); + $this->out->element('p', 'form_guide', + _m('By default, users are allowed to authenticate with any OpenID provider. ' . + 'If you are using your own OpenID service for shared sign-in, ' . + 'you can restrict access to only your own users here.')); + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + $this->input( + 'trusted_provider', + _m('Provider URL'), + _m('All OpenID logins will be sent to this URL; other providers may not be used.'), + 'openid' + ); + $this->unli(); + + $this->li(); + $this->out->checkbox( + 'append_username', _m('Append a username to base URL'), + (bool) $this->value('append_username', 'openid'), + _m('Login form will show the base URL and prompt for a username to add at the end. Use when OpenID provider URL should be the profile page for individual users.'), + 'true' + ); + $this->unli(); + + $this->li(); + $this->input( + 'required_team', + _m('Required team'), + _m('Only allow logins from users in the given team (Launchpad extension).'), + 'openid' + ); + $this->unli(); + + $this->out->elementEnd('ul'); + $this->out->elementEnd('fieldset'); + + $this->out->elementStart( + 'fieldset', + array('id' => 'settings_openid-options') + ); + $this->out->element('legend', null, _m('Options')); + + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + + $this->out->checkbox( + 'openidonly', _m('Enable OpenID-only mode'), + (bool) $this->value('openidonly', 'site'), + _m('Require all users to login via OpenID. WARNING: disables password authentication for all users!'), + 'true' + ); + $this->unli(); + + $this->out->elementEnd('ul'); + + $this->out->elementEnd('fieldset'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _m('Save OpenID settings')); + } +} diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php index 9ba55911c..20d6e070c 100644 --- a/plugins/OpenID/openidlogin.php +++ b/plugins/OpenID/openidlogin.php @@ -27,13 +27,25 @@ class OpenidloginAction extends Action { parent::handle($args); if (common_is_real_login()) { + // TRANS: Client error message trying to log on with OpenID while already logged on. $this->clientError(_m('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $openid_url = $this->trimmed('openid_url'); + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $openid_url = $provider; + if (common_config('openid', 'append_username')) { + $openid_url .= $this->trimmed('openid_username'); + } + } else { + $openid_url = $this->trimmed('openid_url'); + } + + oid_assert_allowed($openid_url); # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + // TRANS: Message given when there is a problem with the user's session token. $this->showForm(_m('There was a problem with your session token. Try again, please.'), $openid_url); return; } @@ -63,10 +75,14 @@ class OpenidloginAction extends Action common_get_returnto()) { // rememberme logins have to reauthenticate before // changing any profile settings (cookie-stealing protection) + // TRANS: OpenID plugin message. Rememberme logins have to reauthenticate before changing any profile settings. + // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('For security reasons, please re-login with your ' . '[OpenID](%%doc.openid%%) ' . 'before changing your settings.'); } else { + // TRANS: OpenID plugin message. + // TRANS: "OpenID" is the display text for a link with URL "(%%doc.openid%%)". return _m('Login with an [OpenID](%%doc.openid%%) account.'); } } @@ -87,11 +103,20 @@ class OpenidloginAction extends Action function showScripts() { parent::showScripts(); - $this->autofocus('openid_url'); + if (common_config('openid', 'trusted_provider')) { + if (common_config('openid', 'append_username')) { + $this->autofocus('openid_username'); + } else { + $this->autofocus('rememberme'); + } + } else { + $this->autofocus('openid_url'); + } } function title() { + // TRANS: OpenID plugin message. Title. return _m('OpenID Login'); } @@ -109,22 +134,44 @@ class OpenidloginAction extends Action 'class' => 'form_settings', 'action' => $formaction)); $this->elementStart('fieldset'); + // TRANS: OpenID plugin logon form legend. $this->element('legend', null, _m('OpenID login')); $this->hidden('token', common_session_token()); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); - $this->input('openid_url', _m('OpenID URL'), - $this->openid_url, - _m('Your OpenID URL')); + $provider = common_config('openid', 'trusted_provider'); + $appendUsername = common_config('openid', 'append_username'); + if ($provider) { + $this->element('label', array(), _m('OpenID provider')); + $this->element('span', array(), $provider); + if ($appendUsername) { + $this->element('input', array('id' => 'openid_username', + 'name' => 'openid_username', + 'style' => 'float: none')); + } + $this->element('p', 'form_guide', + ($appendUsername ? _m('Enter your username.') . ' ' : '') . + _m('You will be sent to the provider\'s site for authentication.')); + $this->hidden('openid_url', $provider); + } else { + // TRANS: OpenID plugin logon form field label. + $this->input('openid_url', _m('OpenID URL'), + $this->openid_url, + // TRANS: OpenID plugin logon form field instructions. + _m('Your OpenID URL')); + } $this->elementEnd('li'); $this->elementStart('li', array('id' => 'settings_rememberme')); + // TRANS: OpenID plugin logon form checkbox label for setting to put the OpenID information in a cookie. $this->checkbox('rememberme', _m('Remember me'), false, + // TRANS: OpenID plugin logon form field instructions. _m('Automatically login in the future; ' . 'not for shared computers!')); $this->elementEnd('li'); $this->elementEnd('ul'); - $this->submit('submit', _m('Login')); + // TRANS: OpenID plugin logon form button label to start logon with the data provided in the logon form. + $this->submit('submit', _m('BUTTON', 'Login')); $this->elementEnd('fieldset'); $this->elementEnd('form'); } diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php index afbca553f..b2cf1f8ac 100644 --- a/plugins/OpenID/openidserver.php +++ b/plugins/OpenID/openidserver.php @@ -23,6 +23,7 @@ * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -43,6 +44,7 @@ require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php'); * @category Settings * @package StatusNet * @author Craig Andrews <candrews@integralblue.com> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -69,9 +71,13 @@ class OpenidserverAction extends Action //cannot prompt the user to login in immediate mode, so answer false $response = $this->generateDenyResponse($request); }else{ - /* Go log in, and then come back. */ + // Go log in, and then come back. + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. common_set_returnto($_SERVER['REQUEST_URI']); - common_redirect(common_local_url('login')); + common_redirect(common_local_url('login'), 303); return; } }else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){ @@ -90,8 +96,13 @@ class OpenidserverAction extends Action $this->oserver->encodeResponse($denyResponse); //sign the response $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl(); $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl(); - //ask the user to trust this trust root - common_redirect(common_local_url('openidtrust')); + + // Ask the user to trust this trust root... + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. + common_redirect(common_local_url('openidtrust'), 303); return; } }else{ @@ -103,6 +114,7 @@ class OpenidserverAction extends Action $response = $this->generateDenyResponse($request); } else { //invalid + // TRANS: OpenID plugin client error given trying to add an unauthorised OpenID to a user (403). $this->clientError(sprintf(_m('You are not authorized to use the identity %s.'),$request->identity),$code=403); } } else { @@ -123,6 +135,7 @@ class OpenidserverAction extends Action } $this->raw($response->body); }else{ + // TRANS: OpenID plugin client error given when not getting a response for a given OpenID provider (500). $this->clientError(_m('Just an OpenID provider. Nothing to see here, move along...'),$code=500); } } diff --git a/plugins/OpenID/openidsettings.php b/plugins/OpenID/openidsettings.php index 16142cf48..505e7d0ee 100644 --- a/plugins/OpenID/openidsettings.php +++ b/plugins/OpenID/openidsettings.php @@ -90,34 +90,36 @@ class OpenidsettingsAction extends AccountSettingsAction { $user = common_current_user(); - $this->elementStart('form', array('method' => 'post', - 'id' => 'form_settings_openid_add', - 'class' => 'form_settings', - 'action' => - common_local_url('openidsettings'))); - $this->elementStart('fieldset', array('id' => 'settings_openid_add')); - $this->element('legend', null, _m('Add OpenID')); - $this->hidden('token', common_session_token()); - $this->element('p', 'form_guide', - _m('If you want to add an OpenID to your account, ' . - 'enter it in the box below and click "Add".')); - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->element('label', array('for' => 'openid_url'), - _m('OpenID URL')); - $this->element('input', array('name' => 'openid_url', - 'type' => 'text', - 'id' => 'openid_url')); - $this->elementEnd('li'); - $this->elementEnd('ul'); - $this->element('input', array('type' => 'submit', - 'id' => 'settings_openid_add_action-submit', - 'name' => 'add', - 'class' => 'submit', - 'value' => _m('Add'))); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - + if (!common_config('openid', 'trusted_provider')) { + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_add', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_add')); + + $this->element('legend', null, _m('Add OpenID')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _m('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->element('label', array('for' => 'openid_url'), + _m('OpenID URL')); + $this->element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_add_action-submit', + 'name' => 'add', + 'class' => 'submit', + 'value' => _m('Add'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } $oid = new User_openid(); $oid->user_id = $user->id; @@ -234,10 +236,14 @@ class OpenidsettingsAction extends AccountSettingsAction } if ($this->arg('add')) { - $result = oid_authenticate($this->trimmed('openid_url'), - 'finishaddopenid'); - if (is_string($result)) { // error message - $this->showForm($result); + if (common_config('openid', 'trusted_provider')) { + $this->showForm(_m("Can't add new providers.")); + } else { + $result = oid_authenticate($this->trimmed('openid_url'), + 'finishaddopenid'); + if (is_string($result)) { // error message + $this->showForm($result); + } } } else if ($this->arg('remove')) { $this->removeOpenid(); diff --git a/plugins/OpenID/openidtrust.php b/plugins/OpenID/openidtrust.php index fa7ea36e2..ed6ca73a4 100644 --- a/plugins/OpenID/openidtrust.php +++ b/plugins/OpenID/openidtrust.php @@ -71,7 +71,7 @@ class OpenidtrustAction extends Action } return true; } - + function handle($args) { parent::handle($args); @@ -96,7 +96,6 @@ class OpenidtrustAction extends Action $user_openid_trustroot->created = DB_DataObject_Cast::dateTime(); if (!$user_openid_trustroot->insert()) { $err = PEAR::getStaticProperty('DB_DataObject','lastError'); - common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__); } common_redirect($this->allowUrl, $code=302); }else{ @@ -135,7 +134,7 @@ class OpenidtrustAction extends Action $this->elementStart('fieldset'); $this->submit('allow', _m('Continue')); $this->submit('deny', _m('Cancel')); - + $this->elementEnd('fieldset'); $this->elementEnd('form'); } |