From 8dafce34c39c20161abb1ed2688678c3d18ad566 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Wed, 30 Oct 2013 12:21:34 +0100 Subject: [PATCH] LoginAction somewhat converted to FormAction --- actions/login.php | 105 +++++++++++---------------------------------- js/util.js | 2 +- lib/action.php | 7 ++- lib/formaction.php | 9 ++++ lib/util.php | 48 +++++++++++---------- 5 files changed, 67 insertions(+), 104 deletions(-) diff --git a/actions/login.php b/actions/login.php index f8a1a5c6a3..16016f29ec 100644 --- a/actions/login.php +++ b/actions/login.php @@ -20,44 +20,21 @@ * along with this program. If not, see . * * @category Login - * @package StatusNet + * @package GNUsocial * @author Evan Prodromou * @author Sarven Capadisli + * @author Mikael Nordfeldth * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2013 Free Software Foundation, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * @link http://www.gnu.org/software/social/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} +if (!defined('GNUSOCIAL')) { exit(1); } -/** - * Login form - * - * @category Personal - * @package StatusNet - * @author Evan Prodromou - * @author Sarven Capadisli - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ -class LoginAction extends Action +class LoginAction extends FormAction { - /** - * Has there been an error? - */ - var $error = null; - - /** - * Is this a read-only action? - * - * @return boolean false - */ - function isReadOnly($args) - { - return false; - } + protected $needLogin = false; /** * Prepare page to run @@ -66,18 +43,15 @@ class LoginAction extends Action * @param $args * @return string title */ - function prepare($args) + protected function prepare(array $args=array()) { - parent::prepare($args); - // @todo this check should really be in index.php for all sensitive actions $ssl = common_config('site', 'ssl'); if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { common_redirect(common_local_url('login')); - // exit } - return true; + return parent::prepare($args); } /** @@ -85,23 +59,15 @@ class LoginAction extends Action * * Switches on request method; either shows the form or handles its input. * - * @param array $args $_REQUEST data - * * @return void */ - function handle($args) + protected function handle() { - parent::handle($args); - if (common_is_real_login()) { - $user = common_current_user(); - common_redirect(common_local_url('all', array('nickname' => $user->nickname)), 307); - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->checkLogin(); - } else { - common_ensure_session(); - $this->showForm(); + common_redirect(common_local_url('all', array('nickname' => $this->scoped->nickname)), 307); } + + return parent::handle(); } /** @@ -113,8 +79,10 @@ class LoginAction extends Action * * @return void */ - function checkLogin($user_id=null, $token=null) + protected function handlePost() { + parent::handlePost(); + // XXX: login throttle $nickname = $this->trimmed('nickname'); @@ -122,20 +90,19 @@ class LoginAction extends Action $user = common_check_user($nickname, $password); - if (!$user) { + if (!$user instanceof User) { // TRANS: Form validation error displayed when trying to log in with incorrect credentials. - $this->showForm(_('Incorrect username or password.')); - return; + throw new ServerException(_('Incorrect username or password.')); } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when during login a server error occurs. - $this->serverError(_('Error setting user. You are probably not authorized.')); - return; + throw new ServerException(_('Error setting user. You are probably not authorized.')); } common_real_login(true); + $this->updateScopedProfile(); if ($this->boolean('rememberme')) { common_rememberme($user); @@ -146,11 +113,10 @@ class LoginAction extends Action if ($url) { // We don't have to return to it again common_set_returnto(null); - $url = common_inject_session($url); + $url = common_inject_session($url); } else { $url = common_local_url('all', - array('nickname' => - $user->nickname)); + array('nickname' => $this->scoped->nickname)); } common_redirect($url, 303); @@ -166,10 +132,10 @@ class LoginAction extends Action * * @return void */ - function showForm($error=null) + public function showForm($msg=null, $success=false) { - $this->error = $error; - $this->showPage(); + common_ensure_session(); + return parent::showForm($msg, $success); } function showScripts() @@ -189,26 +155,6 @@ class LoginAction extends Action return _('Login'); } - /** - * Show page notice - * - * Display a notice for how to use the page, or the - * error if it exists. - * - * @return void - */ - function showPageNotice() - { - if ($this->error) { - $this->element('p', 'error', $this->error); - } else { - $instr = $this->getInstructions(); - $output = common_markup_to_html($instr); - - $this->raw($output); - } - } - /** * Core of the display code * @@ -244,6 +190,7 @@ class LoginAction extends Action $this->elementEnd('ul'); // TRANS: Button text for log in on login page. $this->submit('submit', _m('BUTTON','Login')); + $this->hidden('token', common_session_token()); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementStart('p'); diff --git a/js/util.js b/js/util.js index 110c386dae..8396484859 100644 --- a/js/util.js +++ b/js/util.js @@ -1331,7 +1331,7 @@ var SN = { // StatusNet */ Get: function () { var cookieValue = $.cookie(SN.C.S.StatusNetInstance); - if (cookieValue !== null) { + if (cookieValue !== undefined) { return JSON.parse(cookieValue); } return null; diff --git a/lib/action.php b/lib/action.php index d89a8b07ac..6f953413e6 100644 --- a/lib/action.php +++ b/lib/action.php @@ -152,11 +152,16 @@ class Action extends HTMLOutputter // lawsuit $this->checkLogin(); // if not logged in, this redirs/excepts } - $this->scoped = Profile::current(); + $this->updateScopedProfile(); return true; } + function updateScopedProfile() { + $this->scoped = Profile::current(); + return $this->scoped; + } + /** * Show page, a template method. * diff --git a/lib/formaction.php b/lib/formaction.php index 8f300d3a63..a3e5498aad 100644 --- a/lib/formaction.php +++ b/lib/formaction.php @@ -102,6 +102,15 @@ class FormAction extends Action public function showInstructions() { // instructions are nice, so users know what to do + $this->raw(common_markup_to_html($this->getInstructions())); + } + + /** + * @return string with instructions to pass into common_markup_to_html() + */ + public function getInstructions() + { + return null; } public function showForm($msg=null, $success=false) diff --git a/lib/util.php b/lib/util.php index 92ae30ea00..6d752936db 100644 --- a/lib/util.php +++ b/lib/util.php @@ -244,13 +244,11 @@ function common_check_user($nickname, $password) $user = User::getKV('nickname', Nickname::normalize($nickname)); } - if (!empty($user)) { - if (!empty($password)) { // never allow login with blank password - if (0 == strcmp(common_munge_password($password, $user->id), - $user->password)) { - //internal checking passed - $authenticatedUser = $user; - } + if ($user instanceof User && !empty($password)) { + if (0 == strcmp(common_munge_password($password, $user->id), + $user->password)) { + //internal checking passed + $authenticatedUser = $user; } } Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); @@ -1302,26 +1300,26 @@ function common_path($relative, $ssl=false, $addSession=true) function common_inject_session($url, $serverpart = null) { - if (common_have_session()) { + if (!common_have_session()) { + return $url; + } - if (empty($serverpart)) { - $serverpart = parse_url($url, PHP_URL_HOST); - } + if (empty($serverpart)) { + $serverpart = parse_url($url, PHP_URL_HOST); + } - $currentServer = (array_key_exists('HTTP_HOST', $_SERVER)) ? $_SERVER['HTTP_HOST'] : null; + $currentServer = (array_key_exists('HTTP_HOST', $_SERVER)) ? $_SERVER['HTTP_HOST'] : null; - // Are we pointing to another server (like an SSL server?) + // Are we pointing to another server (like an SSL server?) - if (!empty($currentServer) && - 0 != strcasecmp($currentServer, $serverpart)) { - // Pass the session ID as a GET parameter - $sesspart = session_name() . '=' . session_id(); - $i = strpos($url, '?'); - if ($i === false) { // no GET params, just append - $url .= '?' . $sesspart; - } else { - $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1); - } + if (!empty($currentServer) && 0 != strcasecmp($currentServer, $serverpart)) { + // Pass the session ID as a GET parameter + $sesspart = session_name() . '=' . session_id(); + $i = strpos($url, '?'); + if ($i === false) { // no GET params, just append + $url .= '?' . $sesspart; + } else { + $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1); } } @@ -1954,6 +1952,10 @@ function common_confirmation_code($bits) function common_markup_to_html($c, $args=null) { + if ($c === null) { + return ''; + } + if (is_null($args)) { $args = array(); }