start openid rp integration

darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz
This commit is contained in:
Evan Prodromou 2008-06-17 09:35:01 -04:00
parent c4e5008436
commit c02a01914a
7 changed files with 361 additions and 10 deletions

57
actions/openidlogin.php Normal file
View File

@ -0,0 +1,57 @@
<?php
/*
* Laconica - a distributed open-source microblogging tool
* Copyright (C) 2008, Controlez-Vous, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('LACONICA')) { exit(1); }
class OpenidloginAction extends Action {
function handle($args) {
parent::handle($args);
if (common_logged_in()) {
common_user_error(_t('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$this->start_openid_login();
} else {
$this->show_form();
}
}
function show_form($error=NULL) {
common_show_header(_t('OpenID Login'));
if ($error) {
common_element('div', array('class' => 'error'), $error);
} else {
common_element('div', 'instructions',
_t('Login with an OpenID account.'));
}
common_element_start('form', array('method' => 'POST',
'id' => 'openidlogin',
'action' => common_local_url('openidlogin')));
common_input('openid_url', _t('OpenID URL'));
common_submit('submit', _t('Login'));
common_element_end('form');
common_show_footer();
}
function check_login() {
# XXX: form token in $_SESSION to prevent XSS
# XXX: login throttle
$openid_url = $this->trimmed('openid_url');
}
}

23
classes/User_openid.php Normal file
View File

@ -0,0 +1,23 @@
<?php
/**
* Table Definition for user_openid
*/
require_once 'DB/DataObject.php';
class User_openid extends DB_DataObject
{
###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */
public $__table = 'user_openid'; // table name
public $url; // varchar(255) primary_key not_null
public $user_id; // int(4) unique_key not_null
public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
/* Static get */
function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('User_openid',$k,$v); }
/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
}

View File

@ -115,3 +115,13 @@ id = K
nickname = U
email = U
uri = U
[user_openid]
url = 130
user_id = 129
created = 142
modified = 384
[user_openid__keys]
url = K
user_id = U

View File

@ -113,3 +113,31 @@ create table nonce (
constraint primary key (consumer_key, tok, nonce),
constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
);
/* One-to-many relationship of user to openid_url */
create table user_openid (
url varchar(255) primary key comment 'OpenID URL',
user_id integer not null unique key comment 'user owning this URL' references user (id),
created datetime not null comment 'date this record was created',
modified timestamp comment 'date this record was modified'
);
/* These are used by JanRain OpenID library */
create table oid_associations (
server_url BLOB,
handle VARCHAR(255),
secret BLOB,
issued INTEGER,
lifetime INTEGER,
assoc_type VARCHAR(64),
PRIMARY KEY (server_url(255), handle)
);
create table oid_nonces (
server_url VARCHAR(2047),
timestamp INTEGER,
salt CHAR(40),
UNIQUE (server_url(255), timestamp, salt)
);

233
doc/roadmap Normal file
View File

@ -0,0 +1,233 @@
Roadmap
-------
This is a roadmap of tasks for different versions of the
[Laconica](http://laconi.ca/) software. It's meant to help answer the
question, "Is Laconica ever going to have such-and-such a feature?" or
"When will Laconica do such-and-such?"
Release 0.1
-----------
This was an internal milestone release, mostly for developing the core
functionality.
+ login
+ register
+ settings
+ upload avatar
+ change password
+ settings menu
+ disallow login if user is logged in
+ disallow register if user is logged in
+ common_current_user()
+ common_logged_in()
+ session variable for login
+ post notice
+ logout
+ subscribe
+ unsubscribe
+ subscribe links on profile
+ header menu
+ footer menu
+ disallow direct to PHP files
+ common_local_url()
+ configuration for DB_DataObject
+ date formatting
+ new notice redirects to notice page
+ date in shown notice links to notice page
+ common_redirect()
+ configuration system ($config)
Release 0.2
-----------
Another internal milestone. Bumped up from cruddy caveman HTML to a
borrowed design from [OSWD](http://www.oswd.org/), added a lot of RSS
generation, and more careful form validation.
+ design from Open Source Web Designs
+ add H1 to each page
+ add H2 for each page section
+ default to public stream
+ default avatar
+ default HTML type
+ set Content-Type
+ show current values in profile settings
+ save profile URL in profilesettings
+ save profile URL on registration
+ require valid nicknames
+ reject empty notices
+ validate registration form results
+ validate profilesettings form results
+ validate newnotice form results
+ remove validation code from classes
+ use only canonical usernames
+ fix layout of textarea
+ make notices into "big links"
+ RSS 1.0 feeds of a user's notices
+ RSS 1.0 feeds of a user's notices + friends
+ RSS 1.0 dump of a user's notices
+ RSS 1.0 feed of all public notices
+ deal with PHP quotes escaping
+ source link in footer menu
+ public stream link in top menu
+ dump, fix, undump database
Release 0.3
-----------
First public release (theoretically). Added distributed subscriptions,
"fancy" URLs, and a new graphic design for stoi.ca.
+ YADIS document link on showstream
+ YADIS document
+ subscribe remote
+ add subscriber remote
+ server side of user authorization
+ server side of request token
+ server side of access token
+ OAuth store
+ log of consumers who ask for access
+ receive remote notice
+ send remote notice
+ receive remote profile update
+ send remote profile update
+ subscribe form for not-logged-in users on showstream
+ pretty URLs
+ doc action
+ about doc
+ help doc
+ privacy doc
+ source doc
+ roadmap doc
+ add a way to stick variables into documents
+ FOAF document for user
+ license in RSS feeds
+ TOS checkbox on register
+ registration instructions
+ login instructions
+ profile settings instructions
+ avatar instructions
+ password change instructions
+ fix spacing on notices
+ fix spacing in profile
+ add a next page link to showstream
+ add a next page link to public
+ add a next page link to all
+ @ messages
+ Automatically linkify URLs in notices
+ themes
+ theme per site
+ only local notices in public stream
+ only local notices in public RSS
+ graphic refresh on all
+ graphic refresh on avatar
+ graphic refresh on doc
+ graphic refresh on login
+ graphic refresh on newnotice
+ graphic refresh on password
+ graphic refresh on profilesettings
+ graphic refresh on public
+ graphic refresh on register
+ graphic refresh on remotesubscribe
+ graphic refresh on shownotice
+ graphic refresh on showstream
+ graphic refresh on subscribed
+ graphic refresh on subscriptions
+ graphic refresh on userauthorization
+ correct use of views menu in settings
+ correct use of views menu in streams
+ content negotiation for content type
Release 0.4
-----------
- contact doc
- FAQ doc
- update default theme to use new, more semantic, HTML
- INSTALL file
- limit entry in textarea to 140 chars
+ AGPL notification
- Check licenses of all libraries for compatibility
- jQuery for as much as possible
- forward notices to Jabber
- receive notices from Jabber
- forward notices to other IM
- forward notices to mobile phone
- receive notices from other IM
- receive notices from mobile phone
- microid for profile page
- format times per user
- timezone preferences in Profile settings
+ email notification on subscriptions
- content negotiation for interface language
- user preference for interface language
- gettext
- tinyurl-ification of URLs
- set Last-Modified
- XML sitemap generation
- email confirmation for registration
- email options
- change cookie handling for anon users to be more cache-friendly
- content negotiation for encoding
- If-Modified-Since support
- Vary
+ site logo
- check license compatibility for remote subscribe
- optional FOAF URL in openmicroblogging exchange
- subscribe/unsubscribe on subscriptions page
- subscribe/unsubscribe on subscribed page
Release 0.5
-----------
- content negotiation for charset (iconv?)
- license per notice
- use only canonical email addresses
- allow mixed-case usernames
- allow non-latin usernames
- store canonical username for comparison and fetch
- theme per profile
- email newsletter
- RDF dump of entire site
- delete a notice
- plugins and hooks and other extensibility
- RDFa for stream pages
- RDFa for subscriber pages
- RDFa for subscribed pages
- # tags
- L: location
- hreviews
- stay logged in between sessions
- use RSS as a subscription
- license per attachment
Release 0.6
-----------
- URL notices
- image notices
- video notices
- audio notices
- machine tags
Release 1.0
-----------
- OAuth for third-party tools (desktop, other sites)
- Twitter-compatible API
- Pownce-compatible API
- include twitter subscriptions (push and pull)
- include Pownce subscriptions (push and pull)
- privacy
- Wrap DB_DataObject with memcached caching layer
- login throttle to prevent brute-force attacks
- form token in login to prevent XSS
Post-1.0
--------
- Atom Publishing Protocol
- "Universal" public feed
- global registry (LDAP at openmicroblogging.net, maybe?)