2008-06-18 06:26:38 +01:00
< ? php
/*
* Laconica - a distributed open - source microblogging tool
* Copyright ( C ) 2008 , Controlez - Vous , Inc .
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < http :// www . gnu . org / licenses />.
*/
if ( ! defined ( 'LACONICA' )) { exit ( 1 ); }
require_once ( INSTALLDIR . '/lib/openid.php' );
2008-12-23 19:49:23 +00:00
class FinishopenidloginAction extends Action
{
2009-01-22 23:30:57 +00:00
var $error = null ;
var $username = null ;
var $message = null ;
2008-06-18 06:26:38 +01:00
2008-12-23 19:33:23 +00:00
function handle ( $args )
{
2008-12-23 19:19:07 +00:00
parent :: handle ( $args );
2009-02-05 16:46:17 +00:00
if ( common_is_real_login ()) {
2009-01-15 23:03:38 +00:00
$this -> clientError ( _ ( 'Already logged in.' ));
2008-12-23 19:19:07 +00:00
} else if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
$token = $this -> trimmed ( 'token' );
if ( ! $token || $token != common_session_token ()) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'There was a problem with your session token. Try again, please.' ));
2008-12-23 19:19:07 +00:00
return ;
}
if ( $this -> arg ( 'create' )) {
if ( ! $this -> boolean ( 'license' )) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'You can\'t register if you don\'t agree to the license.' ),
$this -> trimmed ( 'newname' ));
2008-12-23 19:19:07 +00:00
return ;
}
2009-01-22 23:30:57 +00:00
$this -> createNewUser ();
2008-12-23 19:19:07 +00:00
} else if ( $this -> arg ( 'connect' )) {
2009-01-22 23:30:57 +00:00
$this -> connectUser ();
2008-12-23 19:19:07 +00:00
} else {
common_debug ( print_r ( $this -> args , true ), __FILE__ );
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'Something weird happened.' ),
$this -> trimmed ( 'newname' ));
2008-12-23 19:19:07 +00:00
}
} else {
2009-01-22 23:30:57 +00:00
$this -> tryLogin ();
2008-12-23 19:19:07 +00:00
}
}
2009-01-22 23:30:57 +00:00
function showPageNotice ()
2008-12-23 19:33:23 +00:00
{
2009-01-22 23:30:57 +00:00
if ( $this -> error ) {
$this -> element ( 'div' , array ( 'class' => 'error' ), $this -> error );
2008-12-23 19:19:07 +00:00
} else {
global $config ;
2009-01-15 22:57:15 +00:00
$this -> element ( 'div' , 'instructions' ,
2008-12-23 19:19:07 +00:00
sprintf ( _ ( 'This is the first time you\'ve logged into %s so we must connect your OpenID to a local account. You can either create a new account, or connect with your existing account, if you have one.' ), $config [ 'site' ][ 'name' ]));
}
}
2009-01-22 23:30:57 +00:00
function title ()
2008-12-23 19:33:23 +00:00
{
2009-01-22 23:30:57 +00:00
return _ ( 'OpenID Account Setup' );
}
function showForm ( $error = null , $username = null )
{
$this -> error = $error ;
$this -> username = $username ;
$this -> showPage ();
}
function showContent ()
{
2009-02-18 04:22:56 +00:00
if ( ! empty ( $this -> message_text )) {
2009-01-22 23:30:57 +00:00
$this -> element ( 'p' , null , $this -> message );
return ;
}
2008-12-23 19:19:07 +00:00
2009-01-15 22:57:15 +00:00
$this -> elementStart ( 'form' , array ( 'method' => 'post' ,
2009-01-22 23:30:57 +00:00
'id' => 'account_connect' ,
'action' => common_local_url ( 'finishopenidlogin' )));
2009-01-15 22:57:15 +00:00
$this -> hidden ( 'token' , common_session_token ());
$this -> element ( 'h2' , null ,
2008-12-23 19:19:07 +00:00
_ ( 'Create new account' ));
2009-01-15 22:57:15 +00:00
$this -> element ( 'p' , null ,
2008-12-23 19:19:07 +00:00
_ ( 'Create a new user with this nickname.' ));
2009-01-15 22:57:15 +00:00
$this -> input ( 'newname' , _ ( 'New nickname' ),
2009-01-22 23:30:57 +00:00
( $this -> username ) ? $this -> username : '' ,
2008-12-23 19:19:07 +00:00
_ ( '1-64 lowercase letters or numbers, no punctuation or spaces' ));
2009-01-15 22:57:15 +00:00
$this -> elementStart ( 'p' );
$this -> element ( 'input' , array ( 'type' => 'checkbox' ,
2008-12-23 19:19:07 +00:00
'id' => 'license' ,
'name' => 'license' ,
'value' => 'true' ));
2009-01-15 22:57:15 +00:00
$this -> text ( _ ( 'My text and files are available under ' ));
2009-01-22 23:30:57 +00:00
$this -> element ( 'a' , array ( 'href' => common_config ( 'license' , 'url' )),
2008-12-23 19:19:07 +00:00
common_config ( 'license' , 'title' ));
2009-01-15 22:57:15 +00:00
$this -> text ( _ ( ' except this private data: password, email address, IM address, phone number.' ));
$this -> elementEnd ( 'p' );
$this -> submit ( 'create' , _ ( 'Create' ));
$this -> element ( 'h2' , null ,
2008-12-23 19:19:07 +00:00
_ ( 'Connect existing account' ));
2009-01-15 22:57:15 +00:00
$this -> element ( 'p' , null ,
2008-12-23 19:19:07 +00:00
_ ( 'If you already have an account, login with your username and password to connect it to your OpenID.' ));
2009-01-15 22:57:15 +00:00
$this -> input ( 'nickname' , _ ( 'Existing nickname' ));
$this -> password ( 'password' , _ ( 'Password' ));
$this -> submit ( 'connect' , _ ( 'Connect' ));
$this -> elementEnd ( 'form' );
2008-12-23 19:19:07 +00:00
}
2009-01-22 23:30:57 +00:00
function tryLogin ()
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
$consumer = oid_consumer ();
$response = $consumer -> complete ( common_local_url ( 'finishopenidlogin' ));
if ( $response -> status == Auth_OpenID_CANCEL ) {
$this -> message ( _ ( 'OpenID authentication cancelled.' ));
return ;
} else if ( $response -> status == Auth_OpenID_FAILURE ) {
// Authentication failed; display the error message.
$this -> message ( sprintf ( _ ( 'OpenID authentication failed: %s' ), $response -> message ));
} else if ( $response -> status == Auth_OpenID_SUCCESS ) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$display = $response -> getDisplayIdentifier ();
$canonical = ( $response -> endpoint -> canonicalID ) ?
$response -> endpoint -> canonicalID : $response -> getDisplayIdentifier ();
$sreg_resp = Auth_OpenID_SRegResponse :: fromSuccessResponse ( $response );
if ( $sreg_resp ) {
$sreg = $sreg_resp -> contents ();
}
$user = oid_get_user ( $canonical );
if ( $user ) {
oid_set_last ( $display );
# XXX: commented out at @edd's request until better
# control over how data flows from OpenID provider.
# oid_update_user($user, $sreg);
common_set_user ( $user );
common_real_login ( true );
if ( isset ( $_SESSION [ 'openid_rememberme' ]) && $_SESSION [ 'openid_rememberme' ]) {
common_rememberme ( $user );
}
2008-12-09 18:03:30 +00:00
unset ( $_SESSION [ 'openid_rememberme' ]);
2009-01-22 23:30:57 +00:00
$this -> goHome ( $user -> nickname );
2008-12-23 19:19:07 +00:00
} else {
2009-01-22 23:30:57 +00:00
$this -> saveValues ( $display , $canonical , $sreg );
$this -> showForm ( null , $this -> bestNewNickname ( $display , $sreg ));
2008-12-23 19:19:07 +00:00
}
}
}
2008-12-23 19:33:23 +00:00
function message ( $msg )
{
2009-01-22 23:30:57 +00:00
$this -> message_text = $msg ;
$this -> showPage ();
2008-12-23 19:19:07 +00:00
}
2009-01-22 23:30:57 +00:00
function saveValues ( $display , $canonical , $sreg )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
common_ensure_session ();
$_SESSION [ 'openid_display' ] = $display ;
$_SESSION [ 'openid_canonical' ] = $canonical ;
$_SESSION [ 'openid_sreg' ] = $sreg ;
}
2009-01-22 23:30:57 +00:00
function getSavedValues ()
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
return array ( $_SESSION [ 'openid_display' ],
$_SESSION [ 'openid_canonical' ],
$_SESSION [ 'openid_sreg' ]);
}
2009-01-22 23:30:57 +00:00
function createNewUser ()
2008-12-23 19:33:23 +00:00
{
2008-12-03 18:50:22 +00:00
# FIXME: save invite code before redirect, and check here
2008-12-23 19:19:07 +00:00
if ( common_config ( 'site' , 'closed' ) || common_config ( 'site' , 'inviteonly' )) {
2009-01-15 23:03:38 +00:00
$this -> clientError ( _ ( 'Registration not allowed.' ));
2008-12-03 18:50:22 +00:00
return ;
}
2008-12-23 19:19:07 +00:00
$nickname = $this -> trimmed ( 'newname' );
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
if ( ! Validate :: string ( $nickname , array ( 'min_length' => 1 ,
'max_length' => 64 ,
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER ))) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'Nickname must have only lowercase letters and numbers and no spaces.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-06-22 19:04:37 +01:00
2008-12-23 19:19:07 +00:00
if ( ! User :: allowed_nickname ( $nickname )) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'Nickname not allowed.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
if ( User :: staticGet ( 'nickname' , $nickname )) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'Nickname already in use. Try another one.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2009-01-22 23:30:57 +00:00
list ( $display , $canonical , $sreg ) = $this -> getSavedValues ();
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
if ( ! $display || ! $canonical ) {
2009-01-15 23:03:38 +00:00
$this -> serverError ( _ ( 'Stored OpenID not found.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
# Possible race condition... let's be paranoid
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
$other = oid_get_user ( $canonical );
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
if ( $other ) {
2009-01-15 23:03:38 +00:00
$this -> serverError ( _ ( 'Creating new account for OpenID that already has a user.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2009-02-18 04:22:56 +00:00
$location = '' ;
if ( ! empty ( $sreg [ 'country' ])) {
2008-12-23 19:19:07 +00:00
if ( $sreg [ 'postcode' ]) {
# XXX: use postcode to get city and region
# XXX: also, store postcode somewhere -- it's valuable!
$location = $sreg [ 'postcode' ] . ', ' . $sreg [ 'country' ];
} else {
$location = $sreg [ 'country' ];
}
}
2008-12-10 01:46:19 +00:00
2009-02-18 04:22:56 +00:00
if ( ! empty ( $sreg [ 'fullname' ]) && mb_strlen ( $sreg [ 'fullname' ]) <= 255 ) {
2008-12-23 19:19:07 +00:00
$fullname = $sreg [ 'fullname' ];
2009-02-18 04:22:56 +00:00
} else {
$fullname = '' ;
2008-12-23 19:19:07 +00:00
}
2008-12-10 01:46:19 +00:00
2009-02-18 04:22:56 +00:00
if ( ! empty ( $sreg [ 'email' ]) && Validate :: email ( $sreg [ 'email' ], true )) {
2008-12-23 19:19:07 +00:00
$email = $sreg [ 'email' ];
2009-02-18 04:22:56 +00:00
} else {
$email = '' ;
2008-12-23 19:19:07 +00:00
}
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
# XXX: add language
# XXX: add timezone
2008-12-10 01:46:19 +00:00
2008-12-23 19:19:07 +00:00
$user = User :: register ( array ( 'nickname' => $nickname ,
'email' => $email ,
'fullname' => $fullname ,
'location' => $location ));
2008-06-18 06:26:38 +01:00
2008-12-23 19:19:07 +00:00
$result = oid_link_user ( $user -> id , $canonical , $display );
2008-12-10 01:46:19 +00:00
2008-12-23 19:19:07 +00:00
oid_set_last ( $display );
common_set_user ( $user );
common_real_login ( true );
2008-12-09 18:03:30 +00:00
if ( isset ( $_SESSION [ 'openid_rememberme' ]) && $_SESSION [ 'openid_rememberme' ]) {
2008-12-23 19:19:07 +00:00
common_rememberme ( $user );
}
2008-12-09 18:03:30 +00:00
unset ( $_SESSION [ 'openid_rememberme' ]);
2008-12-23 19:19:07 +00:00
common_redirect ( common_local_url ( 'showstream' , array ( 'nickname' => $user -> nickname )));
}
2008-07-02 14:15:07 +01:00
2009-01-22 23:30:57 +00:00
function connectUser ()
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
$nickname = $this -> trimmed ( 'nickname' );
$password = $this -> trimmed ( 'password' );
2008-06-18 06:26:38 +01:00
2008-12-23 19:19:07 +00:00
if ( ! common_check_user ( $nickname , $password )) {
2009-01-22 23:30:57 +00:00
$this -> showForm ( _ ( 'Invalid username or password.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-06-18 06:26:38 +01:00
2008-12-23 19:19:07 +00:00
# They're legit!
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
$user = User :: staticGet ( 'nickname' , $nickname );
2008-06-18 06:26:38 +01:00
2009-01-22 23:30:57 +00:00
list ( $display , $canonical , $sreg ) = $this -> getSavedValues ();
2008-06-18 06:26:38 +01:00
2008-12-23 19:19:07 +00:00
if ( ! $display || ! $canonical ) {
2009-01-15 23:03:38 +00:00
$this -> serverError ( _ ( 'Stored OpenID not found.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
$result = oid_link_user ( $user -> id , $canonical , $display );
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
if ( ! $result ) {
2009-01-15 23:03:38 +00:00
$this -> serverError ( _ ( 'Error connecting user to OpenID.' ));
2008-12-23 19:19:07 +00:00
return ;
}
2008-07-02 14:15:07 +01:00
2008-12-23 19:19:07 +00:00
oid_update_user ( $user , $sreg );
oid_set_last ( $display );
common_set_user ( $user );
common_real_login ( true );
2008-12-09 18:03:30 +00:00
if ( isset ( $_SESSION [ 'openid_rememberme' ]) && $_SESSION [ 'openid_rememberme' ]) {
2008-12-23 19:19:07 +00:00
common_rememberme ( $user );
}
unset ( $_SESSION [ 'openid_rememberme' ]);
2009-01-22 23:30:57 +00:00
$this -> goHome ( $user -> nickname );
2008-12-23 19:19:07 +00:00
}
2009-01-22 23:30:57 +00:00
function goHome ( $nickname )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
$url = common_get_returnto ();
if ( $url ) {
# We don't have to return to it again
2008-12-23 19:21:29 +00:00
common_set_returnto ( null );
2008-12-23 19:19:07 +00:00
} else {
$url = common_local_url ( 'all' ,
array ( 'nickname' =>
$nickname ));
}
common_redirect ( $url );
}
2009-01-22 23:30:57 +00:00
function bestNewNickname ( $display , $sreg )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
# Try the passed-in nickname
2009-02-18 04:22:56 +00:00
if ( ! empty ( $sreg [ 'nickname' ])) {
2008-12-23 19:19:07 +00:00
$nickname = $this -> nicknamize ( $sreg [ 'nickname' ]);
2009-01-22 23:30:57 +00:00
if ( $this -> isNewNickname ( $nickname )) {
2008-12-23 19:19:07 +00:00
return $nickname ;
}
}
# Try the full name
2009-02-18 04:22:56 +00:00
if ( ! empty ( $sreg [ 'fullname' ])) {
2008-12-23 19:19:07 +00:00
$fullname = $this -> nicknamize ( $sreg [ 'fullname' ]);
2009-01-22 23:30:57 +00:00
if ( $this -> isNewNickname ( $fullname )) {
2008-12-23 19:19:07 +00:00
return $fullname ;
}
}
# Try the URL
2009-01-22 23:30:57 +00:00
$from_url = $this -> openidToNickname ( $display );
2008-12-23 19:19:07 +00:00
2009-01-22 23:30:57 +00:00
if ( $from_url && $this -> isNewNickname ( $from_url )) {
2008-12-23 19:19:07 +00:00
return $from_url ;
}
# XXX: others?
2008-12-23 19:21:29 +00:00
return null ;
2008-12-23 19:19:07 +00:00
}
2009-01-22 23:30:57 +00:00
function isNewNickname ( $str )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
if ( ! Validate :: string ( $str , array ( 'min_length' => 1 ,
'max_length' => 64 ,
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER ))) {
return false ;
}
2009-01-22 23:30:57 +00:00
if ( ! User :: allowed_nickname ( $str )) {
2008-12-23 19:19:07 +00:00
return false ;
}
if ( User :: staticGet ( 'nickname' , $str )) {
return false ;
}
return true ;
}
2009-01-22 23:30:57 +00:00
function openidToNickname ( $openid )
2008-12-23 19:33:23 +00:00
{
2008-06-18 06:26:38 +01:00
if ( Auth_Yadis_identifierScheme ( $openid ) == 'XRI' ) {
2009-01-22 23:30:57 +00:00
return $this -> xriToNickname ( $openid );
2008-12-23 19:19:07 +00:00
} else {
2009-01-22 23:30:57 +00:00
return $this -> urlToNickname ( $openid );
2008-12-23 19:19:07 +00:00
}
}
2008-06-18 06:26:38 +01:00
2008-12-23 19:19:07 +00:00
# We try to use an OpenID URL as a legal Laconica user name in this order
# 1. Plain hostname, like http://evanp.myopenid.com/
# 2. One element in path, like http://profile.typekey.com/EvanProdromou/
# or http://getopenid.com/evanprodromou
2008-06-18 06:26:38 +01:00
2009-01-22 23:30:57 +00:00
function urlToNickname ( $openid )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
static $bad = array ( 'query' , 'user' , 'password' , 'port' , 'fragment' );
$parts = parse_url ( $openid );
# If any of these parts exist, this won't work
foreach ( $bad as $badpart ) {
if ( array_key_exists ( $badpart , $parts )) {
2008-12-23 19:21:29 +00:00
return null ;
2008-12-23 19:19:07 +00:00
}
}
# We just have host and/or path
# If it's just a host...
if ( array_key_exists ( 'host' , $parts ) &&
( ! array_key_exists ( 'path' , $parts ) || strcmp ( $parts [ 'path' ], '/' ) == 0 ))
{
$hostparts = explode ( '.' , $parts [ 'host' ]);
# Try to catch common idiom of nickname.service.tld
if (( count ( $hostparts ) > 2 ) &&
( strlen ( $hostparts [ count ( $hostparts ) - 2 ]) > 3 ) && # try to skip .co.uk, .com.au
( strcmp ( $hostparts [ 0 ], 'www' ) != 0 ))
{
return $this -> nicknamize ( $hostparts [ 0 ]);
} else {
# Do the whole hostname
return $this -> nicknamize ( $parts [ 'host' ]);
}
} else {
if ( array_key_exists ( 'path' , $parts )) {
# Strip starting, ending slashes
$path = preg_replace ( '@/$@' , '' , $parts [ 'path' ]);
$path = preg_replace ( '@^/@' , '' , $path );
if ( strpos ( $path , '/' ) === false ) {
return $this -> nicknamize ( $path );
}
}
}
2008-12-23 19:21:29 +00:00
return null ;
2008-12-23 19:19:07 +00:00
}
2009-01-22 23:30:57 +00:00
function xriToNickname ( $xri )
2008-12-23 19:33:23 +00:00
{
2009-01-22 23:30:57 +00:00
$base = $this -> xriBase ( $xri );
2008-12-23 19:19:07 +00:00
if ( ! $base ) {
2008-12-23 19:21:29 +00:00
return null ;
2008-12-23 19:19:07 +00:00
} else {
# =evan.prodromou
# or @gratis*evan.prodromou
$parts = explode ( '*' , substr ( $base , 1 ));
return $this -> nicknamize ( array_pop ( $parts ));
}
}
2009-01-22 23:30:57 +00:00
function xriBase ( $xri )
2008-12-23 19:33:23 +00:00
{
2008-12-23 19:19:07 +00:00
if ( substr ( $xri , 0 , 6 ) == 'xri://' ) {
return substr ( $xri , 6 );
} else {
return $xri ;
}
}
# Given a string, try to make it work as a nickname
2008-12-23 19:33:23 +00:00
function nicknamize ( $str )
{
2008-12-23 19:19:07 +00:00
$str = preg_replace ( '/\W/' , '' , $str );
return strtolower ( $str );
}
2008-06-18 06:26:38 +01:00
}