Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account (since cookie-stealing is too easy). Users have to re-authenticate. Previously, it was impossible to do so without having a username and password; this change lets you do it with OpenID, too.
This commit is contained in:
parent
a97f8f6a43
commit
7ad3ff4a2c
|
@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action
|
|||
function handle($args)
|
||||
{
|
||||
parent::handle($args);
|
||||
if (common_logged_in()) {
|
||||
if (common_is_real_login()) {
|
||||
$this->clientError(_('Already logged in.'));
|
||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$token = $this->trimmed('token');
|
||||
|
|
|
@ -26,7 +26,7 @@ class OpenidloginAction extends Action
|
|||
function handle($args)
|
||||
{
|
||||
parent::handle($args);
|
||||
if (common_logged_in()) {
|
||||
if (common_is_real_login()) {
|
||||
$this->clientError(_('Already logged in.'));
|
||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$openid_url = $this->trimmed('openid_url');
|
||||
|
@ -59,7 +59,16 @@ class OpenidloginAction extends Action
|
|||
|
||||
function getInstructions()
|
||||
{
|
||||
return _('Login with an [OpenID](%%doc.openid%%) account.');
|
||||
if (common_logged_in() && !common_is_real_login() &&
|
||||
common_get_returnto()) {
|
||||
// rememberme logins have to reauthenticate before
|
||||
// changing any profile settings (cookie-stealing protection)
|
||||
return _('For security reasons, please re-login with your ' .
|
||||
'[OpenID](%%doc.openid%%) ' .
|
||||
'before changing your settings.');
|
||||
} else {
|
||||
return _('Login with an [OpenID](%%doc.openid%%) account.');
|
||||
}
|
||||
}
|
||||
|
||||
function showPageNotice()
|
||||
|
|
|
@ -630,4 +630,15 @@ class User extends Memcached_DataObject
|
|||
|
||||
return $profile;
|
||||
}
|
||||
|
||||
function hasOpenID()
|
||||
{
|
||||
$oid = new User_openid();
|
||||
|
||||
$oid->user_id = $this->id;
|
||||
|
||||
$cnt = $oid->find();
|
||||
|
||||
return ($cnt > 0);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -76,7 +76,12 @@ class SettingsAction extends Action
|
|||
// change important settings or see private info, and
|
||||
// _all_ our settings are important
|
||||
common_set_returnto($this->selfUrl());
|
||||
common_redirect(common_local_url('login'));
|
||||
$user = common_current_user();
|
||||
if ($user->hasOpenID()) {
|
||||
common_redirect(common_local_url('openidlogin'));
|
||||
} else {
|
||||
common_redirect(common_local_url('login'));
|
||||
}
|
||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$this->handlePost();
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue
Block a user