Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account (since cookie-stealing is too easy). Users have to re-authenticate. Previously, it was impossible to do so without having a username and password; this change lets you do it with OpenID, too.
This commit is contained in:
parent
a97f8f6a43
commit
7ad3ff4a2c
|
@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action
|
||||||
function handle($args)
|
function handle($args)
|
||||||
{
|
{
|
||||||
parent::handle($args);
|
parent::handle($args);
|
||||||
if (common_logged_in()) {
|
if (common_is_real_login()) {
|
||||||
$this->clientError(_('Already logged in.'));
|
$this->clientError(_('Already logged in.'));
|
||||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
$token = $this->trimmed('token');
|
$token = $this->trimmed('token');
|
||||||
|
|
|
@ -26,7 +26,7 @@ class OpenidloginAction extends Action
|
||||||
function handle($args)
|
function handle($args)
|
||||||
{
|
{
|
||||||
parent::handle($args);
|
parent::handle($args);
|
||||||
if (common_logged_in()) {
|
if (common_is_real_login()) {
|
||||||
$this->clientError(_('Already logged in.'));
|
$this->clientError(_('Already logged in.'));
|
||||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
$openid_url = $this->trimmed('openid_url');
|
$openid_url = $this->trimmed('openid_url');
|
||||||
|
@ -59,8 +59,17 @@ class OpenidloginAction extends Action
|
||||||
|
|
||||||
function getInstructions()
|
function getInstructions()
|
||||||
{
|
{
|
||||||
|
if (common_logged_in() && !common_is_real_login() &&
|
||||||
|
common_get_returnto()) {
|
||||||
|
// rememberme logins have to reauthenticate before
|
||||||
|
// changing any profile settings (cookie-stealing protection)
|
||||||
|
return _('For security reasons, please re-login with your ' .
|
||||||
|
'[OpenID](%%doc.openid%%) ' .
|
||||||
|
'before changing your settings.');
|
||||||
|
} else {
|
||||||
return _('Login with an [OpenID](%%doc.openid%%) account.');
|
return _('Login with an [OpenID](%%doc.openid%%) account.');
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function showPageNotice()
|
function showPageNotice()
|
||||||
{
|
{
|
||||||
|
|
|
@ -630,4 +630,15 @@ class User extends Memcached_DataObject
|
||||||
|
|
||||||
return $profile;
|
return $profile;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function hasOpenID()
|
||||||
|
{
|
||||||
|
$oid = new User_openid();
|
||||||
|
|
||||||
|
$oid->user_id = $this->id;
|
||||||
|
|
||||||
|
$cnt = $oid->find();
|
||||||
|
|
||||||
|
return ($cnt > 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,12 @@ class SettingsAction extends Action
|
||||||
// change important settings or see private info, and
|
// change important settings or see private info, and
|
||||||
// _all_ our settings are important
|
// _all_ our settings are important
|
||||||
common_set_returnto($this->selfUrl());
|
common_set_returnto($this->selfUrl());
|
||||||
|
$user = common_current_user();
|
||||||
|
if ($user->hasOpenID()) {
|
||||||
|
common_redirect(common_local_url('openidlogin'));
|
||||||
|
} else {
|
||||||
common_redirect(common_local_url('login'));
|
common_redirect(common_local_url('login'));
|
||||||
|
}
|
||||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
$this->handlePost();
|
$this->handlePost();
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user