Added an "Verify Your Identity" page to the OpenID provider
This commit is contained in:
parent
87781b85c4
commit
acaf07f6e8
|
@ -537,6 +537,16 @@ modified = 384
|
|||
canonical = K
|
||||
display = U
|
||||
|
||||
[user_openid_trustroot]
|
||||
trustroot = 130
|
||||
user_id = 129
|
||||
created = 142
|
||||
modified = 384
|
||||
|
||||
[user_openid__keys]
|
||||
trustroot = K
|
||||
user_id = K
|
||||
|
||||
[user_role]
|
||||
user_id = 129
|
||||
role = 130
|
||||
|
|
|
@ -150,6 +150,7 @@ class OpenIDPlugin extends Plugin
|
|||
case 'PublicxrdsAction':
|
||||
case 'OpenidsettingsAction':
|
||||
case 'OpenidserverAction':
|
||||
case 'OpenidtrustAction':
|
||||
require_once(INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php');
|
||||
return false;
|
||||
case 'User_openid':
|
||||
|
@ -286,6 +287,14 @@ class OpenIDPlugin extends Plugin
|
|||
new ColumnDef('created', 'datetime',
|
||||
null, false),
|
||||
new ColumnDef('modified', 'timestamp')));
|
||||
$schema->ensureTable('user_openid_trustroot',
|
||||
array(new ColumnDef('trustroot', 'varchar',
|
||||
'255', false, 'PRI'),
|
||||
new ColumnDef('user_id', 'integer',
|
||||
null, false, 'PRI'),
|
||||
new ColumnDef('created', 'datetime',
|
||||
null, false),
|
||||
new ColumnDef('modified', 'timestamp')));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
29
plugins/OpenID/User_openid_trustroot.php
Normal file
29
plugins/OpenID/User_openid_trustroot.php
Normal file
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
/**
|
||||
* Table Definition for user_openid_trustroot
|
||||
*/
|
||||
require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
|
||||
|
||||
class User_openid_trustroot extends Memcached_DataObject
|
||||
{
|
||||
###START_AUTOCODE
|
||||
/* the code below is auto generated do not remove the above tag */
|
||||
|
||||
public $__table = 'user_openid_trustroot'; // table name
|
||||
public $trustroot; // varchar(255) primary_key not_null
|
||||
public $user_id; // int(4) primary_key not_null
|
||||
public $created; // datetime() not_null
|
||||
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
|
||||
|
||||
/* Static get */
|
||||
function staticGet($k,$v=null)
|
||||
{ return Memcached_DataObject::staticGet('User_openid_trustroot',$k,$v); }
|
||||
|
||||
/* the code above is auto generated do not remove the tag below */
|
||||
###END_AUTOCODE
|
||||
|
||||
function &pkeyGet($kv)
|
||||
{
|
||||
return Memcached_DataObject::pkeyGet('User_openid_trustroot', $kv);
|
||||
}
|
||||
}
|
|
@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
|
|||
|
||||
require_once INSTALLDIR.'/lib/action.php';
|
||||
require_once INSTALLDIR.'/plugins/OpenID/openid.php';
|
||||
require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php');
|
||||
|
||||
/**
|
||||
* Settings for OpenID
|
||||
|
@ -56,14 +57,33 @@ class OpenidserverAction extends Action
|
|||
if (in_array($request->mode, array('checkid_immediate',
|
||||
'checkid_setup'))) {
|
||||
$cur = common_current_user();
|
||||
error_log("Request identity: " . $request->identity);
|
||||
if(!$cur){
|
||||
/* Go log in, and then come back. */
|
||||
common_set_returnto($_SERVER['REQUEST_URI']);
|
||||
common_redirect(common_local_url('login'));
|
||||
return;
|
||||
}else if(common_profile_url($cur->nickname) == $request->identity || $request->idSelect()){
|
||||
$user_openid_trustroot = User_openid_trustroot::pkeyGet(
|
||||
array('user_id'=>$cur->id, 'trustroot'=>$request->trustroot));
|
||||
if(empty($user_openid_trustroot)){
|
||||
if($request->immediate){
|
||||
//cannot prompt the user to trust this trust root in immediate mode, so answer false
|
||||
$response = &$request->answer(false);
|
||||
}else{
|
||||
//ask the user to trust this trust root
|
||||
$_SESSION['openid_trust_root'] = $request->trust_root;
|
||||
$allowResponse = $request->answer(true, null, common_profile_url($cur->nickname));
|
||||
$denyResponse = $request->answer(false);
|
||||
common_ensure_session();
|
||||
$_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
|
||||
$_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
|
||||
common_redirect(common_local_url('openidtrust'));
|
||||
return;
|
||||
}
|
||||
}else{
|
||||
//user has previously authorized this trust root
|
||||
$response = &$request->answer(true, null, common_profile_url($cur->nickname));
|
||||
}
|
||||
} else if ($request->immediate) {
|
||||
$response = &$request->answer(false);
|
||||
} else {
|
||||
|
|
142
plugins/OpenID/openidtrust.php
Normal file
142
plugins/OpenID/openidtrust.php
Normal file
|
@ -0,0 +1,142 @@
|
|||
<?php
|
||||
/*
|
||||
* StatusNet - the distributed open-source microblogging tool
|
||||
* Copyright (C) 2008, 2009, StatusNet, Inc.
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
|
||||
|
||||
require_once INSTALLDIR.'/plugins/OpenID/openid.php';
|
||||
require_once(INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php');
|
||||
|
||||
class OpenidtrustAction extends Action
|
||||
{
|
||||
var $trust_root;
|
||||
var $allowUrl;
|
||||
var $denyUrl;
|
||||
var $user;
|
||||
|
||||
/**
|
||||
* Is this a read-only action?
|
||||
*
|
||||
* @return boolean false
|
||||
*/
|
||||
|
||||
function isReadOnly($args)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Title of the page
|
||||
*
|
||||
* @return string title of the page
|
||||
*/
|
||||
|
||||
function title()
|
||||
{
|
||||
return _('OpenID Identity Verification');
|
||||
}
|
||||
|
||||
function prepare($args)
|
||||
{
|
||||
parent::prepare($args);
|
||||
common_ensure_session();
|
||||
$this->user = common_current_user();
|
||||
if(empty($this->user)){
|
||||
/* Go log in, and then come back. */
|
||||
common_set_returnto($_SERVER['REQUEST_URI']);
|
||||
common_redirect(common_local_url('login'));
|
||||
return;
|
||||
}
|
||||
$this->trust_root = $_SESSION['openid_trust_root'];
|
||||
$this->allowUrl = $_SESSION['openid_allow_url'];
|
||||
$this->denyUrl = $_SESSION['openid_deny_url'];
|
||||
if(empty($this->trust_root) || empty($this->allowUrl) || empty($this->denyUrl)){
|
||||
$this->clientError(_('This page should only be reached during OpenID processing, not directly.'));
|
||||
return;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function handle($args)
|
||||
{
|
||||
parent::handle($args);
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST'){
|
||||
$this->handleSubmit();
|
||||
}else{
|
||||
$this->showPage();
|
||||
}
|
||||
}
|
||||
|
||||
function handleSubmit()
|
||||
{
|
||||
unset($_SESSION['openid_trust_root']);
|
||||
unset($_SESSION['openid_allow_url']);
|
||||
unset($_SESSION['openid_deny_url']);
|
||||
if($this->arg('allow'))
|
||||
{
|
||||
//save to database
|
||||
$user_openid_trustroot = new User_openid_trustroot();
|
||||
$user_openid_trustroot->user_id = $this->user->id;
|
||||
$user_openid_trustroot->trustroot = $this->trust_root;
|
||||
$user_openid_trustroot->created = DB_DataObject_Cast::dateTime();
|
||||
if (!$user_openid_trustroot->insert()) {
|
||||
$err = PEAR::getStaticProperty('DB_DataObject','lastError');
|
||||
common_debug('DB error ' . $err->code . ': ' . $err->message, __FILE__);
|
||||
}
|
||||
common_redirect($this->allowUrl, $code=302);
|
||||
}else{
|
||||
common_redirect($this->denyUrl, $code=302);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Show page notice
|
||||
*
|
||||
* Display a notice for how to use the page, or the
|
||||
* error if it exists.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function showPageNotice()
|
||||
{
|
||||
$this->element('p',null,sprintf(_('%s has asked to verify your identity. Click Continue to verify your identity and login without creating a new password.'),$this->trust_root));
|
||||
}
|
||||
|
||||
/**
|
||||
* Core of the display code
|
||||
*
|
||||
* Shows the login form.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function showContent()
|
||||
{
|
||||
$this->elementStart('form', array('method' => 'post',
|
||||
'id' => 'form_openidtrust',
|
||||
'class' => 'form_settings',
|
||||
'action' => common_local_url('openidtrust')));
|
||||
$this->elementStart('fieldset');
|
||||
$this->submit('allow', _('Continue'));
|
||||
$this->submit('deny', _('Cancel'));
|
||||
|
||||
$this->elementEnd('fieldset');
|
||||
$this->elementEnd('form');
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user