From 7ad3ff4a2cd494ef8c1cc293e15c0a70b8786fee Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@controlyourself.ca>
Date: Thu, 5 Feb 2009 11:46:17 -0500
Subject: Allow re-authentication with OpenID

"Rememberme" logins aren't allowed to make changes to an account
(since cookie-stealing is too easy). Users have to re-authenticate.
Previously, it was impossible to do so without having a username and
password; this change lets you do it with OpenID, too.
---
 lib/settingsaction.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/settingsaction.php b/lib/settingsaction.php
index dfe1f114b..53c807c6f 100644
--- a/lib/settingsaction.php
+++ b/lib/settingsaction.php
@@ -76,7 +76,12 @@ class SettingsAction extends Action
             // change important settings or see private info, and
             // _all_ our settings are important
             common_set_returnto($this->selfUrl());
-            common_redirect(common_local_url('login'));
+            $user = common_current_user();
+            if ($user->hasOpenID()) {
+                common_redirect(common_local_url('openidlogin'));
+            } else {
+                common_redirect(common_local_url('login'));
+            }
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->handlePost();
         } else {
-- 
cgit v1.2.3-54-g00ecf