From 7c828ae5f8ab20f0daa8a1482fadce9b3e858975 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 18 May 2010 10:39:56 -0700 Subject: OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default. To enable the admin panel: $config['admin']['panels'][] = 'openid'; Or to set them manually: $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/'; $config['openid']['required_team'] = 'my-project-cabal'; $config['site']['openidonly'] = true; OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility. Note: if it's set there, that value will override the setting from the database or config.php. Note that team restrictions are only really meaningful if a trusted provider is set; otherwise, any OpenID server could report back that users are members of the given team. Restrictions are checked only at OpenID authentication time and will not kick off people currently with a session open; existing remembered logins may also survive these changes. Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of WordPress teams integration plugin: https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk --- plugins/OpenID/openidsettings.php | 70 +++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 32 deletions(-) (limited to 'plugins/OpenID/openidsettings.php') diff --git a/plugins/OpenID/openidsettings.php b/plugins/OpenID/openidsettings.php index 16142cf48..505e7d0ee 100644 --- a/plugins/OpenID/openidsettings.php +++ b/plugins/OpenID/openidsettings.php @@ -90,34 +90,36 @@ class OpenidsettingsAction extends AccountSettingsAction { $user = common_current_user(); - $this->elementStart('form', array('method' => 'post', - 'id' => 'form_settings_openid_add', - 'class' => 'form_settings', - 'action' => - common_local_url('openidsettings'))); - $this->elementStart('fieldset', array('id' => 'settings_openid_add')); - $this->element('legend', null, _m('Add OpenID')); - $this->hidden('token', common_session_token()); - $this->element('p', 'form_guide', - _m('If you want to add an OpenID to your account, ' . - 'enter it in the box below and click "Add".')); - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->element('label', array('for' => 'openid_url'), - _m('OpenID URL')); - $this->element('input', array('name' => 'openid_url', - 'type' => 'text', - 'id' => 'openid_url')); - $this->elementEnd('li'); - $this->elementEnd('ul'); - $this->element('input', array('type' => 'submit', - 'id' => 'settings_openid_add_action-submit', - 'name' => 'add', - 'class' => 'submit', - 'value' => _m('Add'))); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); - + if (!common_config('openid', 'trusted_provider')) { + $this->elementStart('form', array('method' => 'post', + 'id' => 'form_settings_openid_add', + 'class' => 'form_settings', + 'action' => + common_local_url('openidsettings'))); + $this->elementStart('fieldset', array('id' => 'settings_openid_add')); + + $this->element('legend', null, _m('Add OpenID')); + $this->hidden('token', common_session_token()); + $this->element('p', 'form_guide', + _m('If you want to add an OpenID to your account, ' . + 'enter it in the box below and click "Add".')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + $this->element('label', array('for' => 'openid_url'), + _m('OpenID URL')); + $this->element('input', array('name' => 'openid_url', + 'type' => 'text', + 'id' => 'openid_url')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + $this->element('input', array('type' => 'submit', + 'id' => 'settings_openid_add_action-submit', + 'name' => 'add', + 'class' => 'submit', + 'value' => _m('Add'))); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } $oid = new User_openid(); $oid->user_id = $user->id; @@ -234,10 +236,14 @@ class OpenidsettingsAction extends AccountSettingsAction } if ($this->arg('add')) { - $result = oid_authenticate($this->trimmed('openid_url'), - 'finishaddopenid'); - if (is_string($result)) { // error message - $this->showForm($result); + if (common_config('openid', 'trusted_provider')) { + $this->showForm(_m("Can't add new providers.")); + } else { + $result = oid_authenticate($this->trimmed('openid_url'), + 'finishaddopenid'); + if (is_string($result)) { // error message + $this->showForm($result); + } } } else if ($this->arg('remove')) { $this->removeOpenid(); -- cgit v1.2.3-54-g00ecf