Merge branch 'testing' into 0.9.x
Conflicts: plugins/OpenID/openidlogin.php
This commit is contained in:
commit
7005ef6661
@ -95,7 +95,9 @@ class FoafAction extends Action
|
||||
// Would be nice to tell if they were a Person or not (e.g. a #person usertag?)
|
||||
$this->elementStart('Agent', array('rdf:about' =>
|
||||
$this->user->uri));
|
||||
$this->element('mbox_sha1sum', null, sha1('mailto:' . $this->user->email));
|
||||
if ($this->user->email) {
|
||||
$this->element('mbox_sha1sum', null, sha1('mailto:' . $this->user->email));
|
||||
}
|
||||
if ($this->profile->fullname) {
|
||||
$this->element('name', null, $this->profile->fullname);
|
||||
}
|
||||
|
@ -62,6 +62,28 @@ class LoginAction extends Action
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepare page to run
|
||||
*
|
||||
*
|
||||
* @param $args
|
||||
* @return string title
|
||||
*/
|
||||
|
||||
function prepare($args)
|
||||
{
|
||||
parent::prepare($args);
|
||||
|
||||
// @todo this check should really be in index.php for all sensitive actions
|
||||
$ssl = common_config('site', 'ssl');
|
||||
if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
|
||||
common_redirect(common_local_url('login'));
|
||||
// exit
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle input, produce output
|
||||
*
|
||||
|
@ -74,6 +74,13 @@ class RegisterAction extends Action
|
||||
parent::prepare($args);
|
||||
$this->code = $this->trimmed('code');
|
||||
|
||||
// @todo this check should really be in index.php for all sensitive actions
|
||||
$ssl = common_config('site', 'ssl');
|
||||
if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
|
||||
common_redirect(common_local_url('register'));
|
||||
// exit
|
||||
}
|
||||
|
||||
if (empty($this->code)) {
|
||||
common_ensure_session();
|
||||
if (array_key_exists('invitecode', $_SESSION)) {
|
||||
|
20
lib/mail.php
20
lib/mail.php
@ -224,9 +224,6 @@ function mail_subscribe_notify_profile($listenee, $other)
|
||||
if ($other->hasRight(Right::EMAILONSUBSCRIBE) &&
|
||||
$listenee->email && $listenee->emailnotifysub) {
|
||||
|
||||
// use the recipient's localization
|
||||
common_init_locale($listenee->language);
|
||||
|
||||
$profile = $listenee->getProfile();
|
||||
|
||||
$name = $profile->getBestName();
|
||||
@ -236,6 +233,9 @@ function mail_subscribe_notify_profile($listenee, $other)
|
||||
|
||||
$recipients = $listenee->email;
|
||||
|
||||
// use the recipient's localization
|
||||
common_switch_locale($listenee->language);
|
||||
|
||||
$headers = _mail_prepare_headers('subscribe', $listenee->nickname, $other->nickname);
|
||||
$headers['From'] = mail_notify_from();
|
||||
$headers['To'] = $name . ' <' . $listenee->email . '>';
|
||||
@ -271,7 +271,7 @@ function mail_subscribe_notify_profile($listenee, $other)
|
||||
common_local_url('emailsettings'));
|
||||
|
||||
// reset localization
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
mail_send($recipients, $headers, $body);
|
||||
}
|
||||
}
|
||||
@ -473,7 +473,7 @@ function mail_confirm_sms($code, $nickname, $address)
|
||||
|
||||
function mail_notify_nudge($from, $to)
|
||||
{
|
||||
common_init_locale($to->language);
|
||||
common_switch_locale($to->language);
|
||||
// TRANS: Subject for 'nudge' notification email
|
||||
$subject = sprintf(_('You\'ve been nudged by %s'), $from->nickname);
|
||||
|
||||
@ -491,7 +491,7 @@ function mail_notify_nudge($from, $to)
|
||||
$from->nickname,
|
||||
common_local_url('all', array('nickname' => $to->nickname)),
|
||||
common_config('site', 'name'));
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
|
||||
$headers = _mail_prepare_headers('nudge', $to->nickname, $from->nickname);
|
||||
|
||||
@ -525,7 +525,7 @@ function mail_notify_message($message, $from=null, $to=null)
|
||||
return true;
|
||||
}
|
||||
|
||||
common_init_locale($to->language);
|
||||
common_switch_locale($to->language);
|
||||
// TRANS: Subject for direct-message notification email
|
||||
$subject = sprintf(_('New private message from %s'), $from->nickname);
|
||||
|
||||
@ -549,7 +549,7 @@ function mail_notify_message($message, $from=null, $to=null)
|
||||
|
||||
$headers = _mail_prepare_headers('message', $to->nickname, $from->nickname);
|
||||
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
return mail_to_user($to, $subject, $body, $headers);
|
||||
}
|
||||
|
||||
@ -577,7 +577,7 @@ function mail_notify_fave($other, $user, $notice)
|
||||
|
||||
$bestname = $profile->getBestName();
|
||||
|
||||
common_init_locale($other->language);
|
||||
common_switch_locale($other->language);
|
||||
|
||||
// TRANS: Subject for favorite notification email
|
||||
$subject = sprintf(_('%s (@%s) added your notice as a favorite'), $bestname, $user->nickname);
|
||||
@ -605,7 +605,7 @@ function mail_notify_fave($other, $user, $notice)
|
||||
|
||||
$headers = _mail_prepare_headers('fave', $other->nickname, $user->nickname);
|
||||
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
mail_to_user($other, $subject, $body, $headers);
|
||||
}
|
||||
|
||||
|
17
lib/util.php
17
lib/util.php
@ -34,6 +34,14 @@ function common_user_error($msg, $code=400)
|
||||
$err->showPage();
|
||||
}
|
||||
|
||||
/**
|
||||
* This should only be used at setup; processes switching languages
|
||||
* to send text to other users should use common_switch_locale().
|
||||
*
|
||||
* @param string $language Locale language code (optional; empty uses
|
||||
* current user's preference or site default)
|
||||
* @return mixed success
|
||||
*/
|
||||
function common_init_locale($language=null)
|
||||
{
|
||||
if(!$language) {
|
||||
@ -50,6 +58,15 @@ function common_init_locale($language=null)
|
||||
return $ok;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize locale and charset settings and gettext with our message catalog,
|
||||
* using the current user's language preference or the site default.
|
||||
*
|
||||
* This should generally only be run at framework initialization; code switching
|
||||
* languages at runtime should call common_switch_language().
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
function common_init_language()
|
||||
{
|
||||
mb_internal_encoding('UTF-8');
|
||||
|
@ -4915,7 +4915,7 @@ msgstr "Primary site navigation"
|
||||
#: lib/action.php:432
|
||||
msgctxt "TOOLTIP"
|
||||
msgid "Personal profile and friends timeline"
|
||||
msgstr "ersonal profile and friends timeline"
|
||||
msgstr "Personal profile and friends timeline"
|
||||
|
||||
#. TRANS: Main menu option when logged in for access to personal profile and friends timeline
|
||||
#: lib/action.php:435
|
||||
|
@ -272,12 +272,12 @@ function remove_facebook_app($flink)
|
||||
|
||||
function mail_facebook_app_removed($user)
|
||||
{
|
||||
common_init_locale($user->language);
|
||||
|
||||
$profile = $user->getProfile();
|
||||
|
||||
$site_name = common_config('site', 'name');
|
||||
|
||||
common_switch_locale($user->language);
|
||||
|
||||
$subject = sprintf(
|
||||
_m('Your %1$s Facebook application access has been disabled.',
|
||||
$site_name));
|
||||
@ -291,7 +291,7 @@ function mail_facebook_app_removed($user)
|
||||
"re-installing the %2\$s Facebook application.\n\nRegards,\n\n%2\$s"),
|
||||
$user->nickname, $site_name);
|
||||
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
return mail_to_user($user, $subject, $body);
|
||||
|
||||
}
|
||||
|
@ -257,7 +257,7 @@ class OStatusPlugin extends Plugin
|
||||
$matches = array();
|
||||
|
||||
// Webfinger matches: @user@example.com
|
||||
if (preg_match_all('!(?:^|\s+)@((?:\w+\.)*\w+@(?:\w+\.)*\w+(?:\w+\-\w+)*\.\w+)!',
|
||||
if (preg_match_all('!(?:^|\s+)@((?:\w+\.)*\w+@(?:\w+\-?\w+\.)*\w+(?:\w+\-\w+)*\.\w+)!',
|
||||
$text,
|
||||
$wmatches,
|
||||
PREG_OFFSET_CAPTURE)) {
|
||||
|
@ -30,6 +30,7 @@ class DiscoveryHints {
|
||||
case Discovery::PROFILEPAGE:
|
||||
$hints['profileurl'] = $link['href'];
|
||||
break;
|
||||
case Salmon::NS_MENTIONS:
|
||||
case Salmon::NS_REPLIES:
|
||||
$hints['salmon'] = $link['href'];
|
||||
break;
|
||||
|
@ -20,7 +20,7 @@
|
||||
* @category Plugin
|
||||
* @package StatusNet
|
||||
* @author Evan Prodromou <evan@status.net>
|
||||
* @copyright 2009 StatusNet, Inc.
|
||||
* @copyright 2009-2010 StatusNet, Inc.
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
@ -45,7 +45,19 @@ if (!defined('STATUSNET')) {
|
||||
|
||||
class OpenIDPlugin extends Plugin
|
||||
{
|
||||
public $openidOnly = false;
|
||||
// Plugin parameter: set true to disallow non-OpenID logins
|
||||
// If set, overrides the setting in database or $config['site']['openidonly']
|
||||
public $openidOnly = null;
|
||||
|
||||
function initialize()
|
||||
{
|
||||
parent::initialize();
|
||||
if ($this->openidOnly !== null) {
|
||||
global $config;
|
||||
$config['site']['openidonly'] = (bool)$this->openidOnly;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Add OpenID-related paths to the router table
|
||||
@ -67,6 +79,7 @@ class OpenIDPlugin extends Plugin
|
||||
$m->connect('index.php?action=finishaddopenid',
|
||||
array('action' => 'finishaddopenid'));
|
||||
$m->connect('main/openidserver', array('action' => 'openidserver'));
|
||||
$m->connect('admin/openid', array('action' => 'openidadminpanel'));
|
||||
|
||||
return true;
|
||||
}
|
||||
@ -84,7 +97,7 @@ class OpenIDPlugin extends Plugin
|
||||
|
||||
function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
|
||||
{
|
||||
if ($this->openidOnly) {
|
||||
if (common_config('site', 'openidonly')) {
|
||||
static $block = array('main/login',
|
||||
'main/register',
|
||||
'main/recoverpassword',
|
||||
@ -108,7 +121,7 @@ class OpenIDPlugin extends Plugin
|
||||
|
||||
function onArgsInitialize($args)
|
||||
{
|
||||
if ($this->openidOnly) {
|
||||
if (common_config('site', 'openidonly')) {
|
||||
if (array_key_exists('action', $args)) {
|
||||
$action = trim($args['action']);
|
||||
if (in_array($action, array('login', 'register'))) {
|
||||
@ -199,7 +212,7 @@ class OpenIDPlugin extends Plugin
|
||||
|
||||
function onStartPrimaryNav($action)
|
||||
{
|
||||
if ($this->openidOnly && !common_logged_in()) {
|
||||
if (common_config('site', 'openidonly') && !common_logged_in()) {
|
||||
// TRANS: Tooltip for main menu option "Login"
|
||||
$tooltip = _m('TOOLTIP', 'Login to the site');
|
||||
$action->menuItem(common_local_url('openidlogin'),
|
||||
@ -241,7 +254,7 @@ class OpenIDPlugin extends Plugin
|
||||
|
||||
function onStartLoginGroupNav(&$action)
|
||||
{
|
||||
if ($this->openidOnly) {
|
||||
if (common_config('site', 'openidonly')) {
|
||||
$this->showOpenIDLoginTab($action);
|
||||
// Even though we replace this code, we
|
||||
// DON'T run the End* hook, to keep others from
|
||||
@ -299,7 +312,7 @@ class OpenIDPlugin extends Plugin
|
||||
*/
|
||||
|
||||
function onStartAccountSettingsPasswordMenuItem($menu, &$unused) {
|
||||
if ($this->openidOnly) {
|
||||
if (common_config('site', 'openidonly')) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
@ -349,13 +362,19 @@ class OpenIDPlugin extends Plugin
|
||||
case 'OpenidsettingsAction':
|
||||
case 'OpenidserverAction':
|
||||
case 'OpenidtrustAction':
|
||||
require_once INSTALLDIR.'/plugins/OpenID/' . strtolower(mb_substr($cls, 0, -6)) . '.php';
|
||||
case 'OpenidadminpanelAction':
|
||||
require_once dirname(__FILE__) . '/' . strtolower(mb_substr($cls, 0, -6)) . '.php';
|
||||
return false;
|
||||
case 'User_openid':
|
||||
require_once INSTALLDIR.'/plugins/OpenID/User_openid.php';
|
||||
require_once dirname(__FILE__) . '/User_openid.php';
|
||||
return false;
|
||||
case 'User_openid_trustroot':
|
||||
require_once INSTALLDIR.'/plugins/OpenID/User_openid_trustroot.php';
|
||||
require_once dirname(__FILE__) . '/User_openid_trustroot.php';
|
||||
return false;
|
||||
case 'Auth_OpenID_TeamsExtension':
|
||||
case 'Auth_OpenID_TeamsRequest':
|
||||
case 'Auth_OpenID_TeamsResponse':
|
||||
require_once dirname(__FILE__) . '/extlib/teams-extension.php';
|
||||
return false;
|
||||
default:
|
||||
return true;
|
||||
@ -446,7 +465,7 @@ class OpenIDPlugin extends Plugin
|
||||
|
||||
function onRedirectToLogin($action, $user)
|
||||
{
|
||||
if ($this->openidOnly || (!empty($user) && User_openid::hasOpenID($user->id))) {
|
||||
if (common_config('site', 'openid_only') || (!empty($user) && User_openid::hasOpenID($user->id))) {
|
||||
common_redirect(common_local_url('openidlogin'), 303);
|
||||
return false;
|
||||
}
|
||||
@ -581,6 +600,32 @@ class OpenIDPlugin extends Plugin
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an OpenID tab to the admin panel
|
||||
*
|
||||
* @param Widget $nav Admin panel nav
|
||||
*
|
||||
* @return boolean hook value
|
||||
*/
|
||||
|
||||
function onEndAdminPanelNav($nav)
|
||||
{
|
||||
if (AdminPanelAction::canAdmin('openid')) {
|
||||
|
||||
$action_name = $nav->action->trimmed('action');
|
||||
|
||||
$nav->out->menuItem(
|
||||
common_local_url('openidadminpanel'),
|
||||
_m('OpenID'),
|
||||
_m('OpenID configuration'),
|
||||
$action_name == 'openidadminpanel',
|
||||
'nav_openid_admin_panel'
|
||||
);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add our version information to output
|
||||
*
|
||||
|
6
plugins/OpenID/extlib/README
Normal file
6
plugins/OpenID/extlib/README
Normal file
@ -0,0 +1,6 @@
|
||||
team-extension.php
|
||||
Support for Launchpad's OpenID Teams extension
|
||||
Maintainer: Canonical
|
||||
Source: https://code.edge.launchpad.net/wordpress-teams-integration
|
||||
r27 2010-04-27
|
||||
License: AGPLv3
|
175
plugins/OpenID/extlib/teams-extension.php
Normal file
175
plugins/OpenID/extlib/teams-extension.php
Normal file
@ -0,0 +1,175 @@
|
||||
<?php
|
||||
/*
|
||||
* Wordpress Teams plugin
|
||||
* Copyright (C) 2009-2010 Canonical Ltd.
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Provides an example OpenID extension to query user team/group membership
|
||||
*
|
||||
* This code is based on code supplied with the openid library for simple
|
||||
* registration data.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Require the Message implementation.
|
||||
*/
|
||||
require_once 'Auth/OpenID/Message.php';
|
||||
require_once 'Auth/OpenID/Extension.php';
|
||||
|
||||
/**
|
||||
* The team/group extension base class
|
||||
*/
|
||||
class Auth_OpenID_TeamsExtension extends Auth_OpenID_Extension {
|
||||
var $ns_uri = 'http://ns.launchpad.net/2007/openid-teams';
|
||||
var $ns_alias = 'lp';
|
||||
var $request_field = 'query_membership';
|
||||
var $response_field = 'is_member';
|
||||
|
||||
/**
|
||||
* Get the string arguments that should be added to an OpenID
|
||||
* message for this extension.
|
||||
*/
|
||||
function getExtensionArgs() {
|
||||
$args = array();
|
||||
|
||||
if ($this->_teams) {
|
||||
$args[$this->request_field] = implode(',', $this->_teams);
|
||||
}
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the arguments from this extension to the provided message.
|
||||
*
|
||||
* Returns the message with the extension arguments added.
|
||||
*/
|
||||
function toMessage(&$message) {
|
||||
if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) {
|
||||
if ($message->namespaces->getAlias($this->ns_uri) != $this->ns_alias) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
$message->updateArgs($this->ns_uri, $this->getExtensionArgs());
|
||||
return $message;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract the team/group namespace URI from the given OpenID message.
|
||||
* Handles OpenID 1 and 2.
|
||||
*
|
||||
* $message: The OpenID message from which to parse team/group data.
|
||||
* This may be a request or response message.
|
||||
*
|
||||
* Returns the sreg namespace URI for the supplied message.
|
||||
*
|
||||
* @access private
|
||||
*/
|
||||
function _getExtensionNS(&$message) {
|
||||
$alias = null;
|
||||
$found_ns_uri = null;
|
||||
|
||||
// See if there exists an alias for the namespace
|
||||
$alias = $message->namespaces->getAlias($this->ns_uri);
|
||||
|
||||
if ($alias !== null) {
|
||||
$found_ns_uri = $this->ns_uri;
|
||||
}
|
||||
|
||||
if ($alias === null) {
|
||||
// There is no alias for this extension, so try to add one.
|
||||
$found_ns_uri = Auth_OpenID_TYPE_1_0;
|
||||
|
||||
if ($message->namespaces->addAlias($this->ns_uri, $this->ns_alias) === null) {
|
||||
// An alias for the string 'lp' already exists, but
|
||||
// it's defined for something other than team/group membership
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
return $found_ns_uri;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The team/group extension request class
|
||||
*/
|
||||
class Auth_OpenID_TeamsRequest extends Auth_OpenID_TeamsExtension {
|
||||
function __init($teams) {
|
||||
if (!is_array($teams)) {
|
||||
if (!empty($teams)) {
|
||||
$teams = explode(',', $teams);
|
||||
} else {
|
||||
$teams = Array();
|
||||
}
|
||||
}
|
||||
|
||||
$this->_teams = $teams;
|
||||
}
|
||||
|
||||
function Auth_OpenID_TeamsRequest($teams) {
|
||||
$this->__init($teams);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The team/group extension response class
|
||||
*/
|
||||
class Auth_OpenID_TeamsResponse extends Auth_OpenID_TeamsExtension {
|
||||
var $_teams = array();
|
||||
|
||||
function __init(&$resp, $signed_only=true) {
|
||||
$this->ns_uri = $this->_getExtensionNS($resp->message);
|
||||
|
||||
if ($signed_only) {
|
||||
$args = $resp->getSignedNS($this->ns_uri);
|
||||
} else {
|
||||
$args = $resp->message->getArgs($this->ns_uri);
|
||||
}
|
||||
|
||||
if ($args === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// An OpenID 2.0 response will handle the namespaces
|
||||
if (in_array($this->response_field, array_keys($args)) && !empty($args[$this->response_field])) {
|
||||
$this->_teams = explode(',', $args[$this->response_field]);
|
||||
}
|
||||
|
||||
// Piggybacking on a 1.x request, however, won't so the field name will
|
||||
// be different
|
||||
elseif (in_array($this->ns_alias.'.'.$this->response_field, array_keys($args)) && !empty($args[$this->ns_alias.'.'.$this->response_field])) {
|
||||
$this->_teams = explode(',', $args[$this->ns_alias.'.'.$this->response_field]);
|
||||
}
|
||||
}
|
||||
|
||||
function Auth_OpenID_TeamsResponse(&$resp, $signed_only=true) {
|
||||
$this->__init($resp, $signed_only);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the array of teams the user is a member of
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function getTeams() {
|
||||
return $this->_teams;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
@ -106,6 +106,12 @@ class FinishaddopenidAction extends Action
|
||||
$sreg = $sreg_resp->contents();
|
||||
}
|
||||
|
||||
// Launchpad teams extension
|
||||
if (!oid_check_teams($response)) {
|
||||
$this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
|
||||
return;
|
||||
}
|
||||
|
||||
$cur = common_current_user();
|
||||
|
||||
$other = oid_get_user($canonical);
|
||||
|
@ -193,6 +193,12 @@ class FinishopenidloginAction extends Action
|
||||
$sreg = $sreg_resp->contents();
|
||||
}
|
||||
|
||||
// Launchpad teams extension
|
||||
if (!oid_check_teams($response)) {
|
||||
$this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
|
||||
return;
|
||||
}
|
||||
|
||||
$user = oid_get_user($canonical);
|
||||
|
||||
if ($user) {
|
||||
|
@ -168,6 +168,15 @@ function oid_authenticate($openid_url, $returnto, $immediate=false)
|
||||
$auth_request->addExtension($sreg_request);
|
||||
}
|
||||
|
||||
$requiredTeam = common_config('openid', 'required_team');
|
||||
if ($requiredTeam) {
|
||||
// LaunchPad OpenID extension
|
||||
$team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam));
|
||||
if ($team_request) {
|
||||
$auth_request->addExtension($team_request);
|
||||
}
|
||||
}
|
||||
|
||||
$trust_root = common_root_url(true);
|
||||
$process_url = common_local_url($returnto);
|
||||
|
||||
@ -298,6 +307,33 @@ function oid_assert_allowed($url)
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the teams available in the given OpenID response
|
||||
* Using Launchpad's OpenID teams extension
|
||||
*
|
||||
* @return boolean whether this user is acceptable
|
||||
*/
|
||||
function oid_check_teams($response)
|
||||
{
|
||||
$requiredTeam = common_config('openid', 'required_team');
|
||||
if ($requiredTeam) {
|
||||
$team_resp = new Auth_OpenID_TeamsResponse($response);
|
||||
if ($team_resp) {
|
||||
$teams = $team_resp->getTeams();
|
||||
} else {
|
||||
$teams = array();
|
||||
}
|
||||
|
||||
$match = in_array($requiredTeam, $teams);
|
||||
$is = $match ? 'is' : 'is not';
|
||||
common_log(LOG_DEBUG, "Remote user $is in required team $requiredTeam: [" . implode(', ', $teams) . "]");
|
||||
|
||||
return $match;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
class AutosubmitAction extends Action
|
||||
{
|
||||
var $form_html = null;
|
||||
|
270
plugins/OpenID/openidadminpanel.php
Normal file
270
plugins/OpenID/openidadminpanel.php
Normal file
@ -0,0 +1,270 @@
|
||||
<?php
|
||||
/**
|
||||
* StatusNet, the distributed open-source microblogging tool
|
||||
*
|
||||
* OpenID bridge administration panel
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* LICENCE: This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* @category Settings
|
||||
* @package StatusNet
|
||||
* @author Zach Copley <zach@status.net>
|
||||
* @copyright 2010 StatusNet, Inc.
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
if (!defined('STATUSNET')) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/**
|
||||
* Administer global OpenID settings
|
||||
*
|
||||
* @category Admin
|
||||
* @package StatusNet
|
||||
* @author Zach Copley <zach@status.net>
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
class OpenidadminpanelAction extends AdminPanelAction
|
||||
{
|
||||
/**
|
||||
* Returns the page title
|
||||
*
|
||||
* @return string page title
|
||||
*/
|
||||
|
||||
function title()
|
||||
{
|
||||
return _m('OpenID');
|
||||
}
|
||||
|
||||
/**
|
||||
* Instructions for using this form.
|
||||
*
|
||||
* @return string instructions
|
||||
*/
|
||||
|
||||
function getInstructions()
|
||||
{
|
||||
return _m('OpenID settings');
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the OpenID admin panel form
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function showForm()
|
||||
{
|
||||
$form = new OpenIDAdminPanelForm($this);
|
||||
$form->show();
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Save settings from the form
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function saveSettings()
|
||||
{
|
||||
static $settings = array(
|
||||
'openid' => array('trusted_provider', 'required_team')
|
||||
);
|
||||
|
||||
static $booleans = array(
|
||||
'site' => array('openidonly')
|
||||
);
|
||||
|
||||
$values = array();
|
||||
|
||||
foreach ($settings as $section => $parts) {
|
||||
foreach ($parts as $setting) {
|
||||
$values[$section][$setting]
|
||||
= $this->trimmed($setting);
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($booleans as $section => $parts) {
|
||||
foreach ($parts as $setting) {
|
||||
$values[$section][$setting]
|
||||
= ($this->boolean($setting)) ? 1 : 0;
|
||||
}
|
||||
}
|
||||
|
||||
// This throws an exception on validation errors
|
||||
|
||||
$this->validate($values);
|
||||
|
||||
// assert(all values are valid);
|
||||
|
||||
$config = new Config();
|
||||
|
||||
$config->query('BEGIN');
|
||||
|
||||
foreach ($settings as $section => $parts) {
|
||||
foreach ($parts as $setting) {
|
||||
Config::save($section, $setting, $values[$section][$setting]);
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($booleans as $section => $parts) {
|
||||
foreach ($parts as $setting) {
|
||||
Config::save($section, $setting, $values[$section][$setting]);
|
||||
}
|
||||
}
|
||||
|
||||
$config->query('COMMIT');
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
function validate(&$values)
|
||||
{
|
||||
// Validate consumer key and secret (can't be too long)
|
||||
|
||||
if (mb_strlen($values['openid']['trusted_provider']) > 255) {
|
||||
$this->clientError(
|
||||
_m("Invalid provider URL. Max length is 255 characters.")
|
||||
);
|
||||
}
|
||||
|
||||
if (mb_strlen($values['openid']['required_team']) > 255) {
|
||||
$this->clientError(
|
||||
_m("Invalid team name. Max length is 255 characters.")
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class OpenIDAdminPanelForm extends AdminForm
|
||||
{
|
||||
/**
|
||||
* ID of the form
|
||||
*
|
||||
* @return int ID of the form
|
||||
*/
|
||||
|
||||
function id()
|
||||
{
|
||||
return 'openidadminpanel';
|
||||
}
|
||||
|
||||
/**
|
||||
* class of the form
|
||||
*
|
||||
* @return string class of the form
|
||||
*/
|
||||
|
||||
function formClass()
|
||||
{
|
||||
return 'form_settings';
|
||||
}
|
||||
|
||||
/**
|
||||
* Action of the form
|
||||
*
|
||||
* @return string URL of the action
|
||||
*/
|
||||
|
||||
function action()
|
||||
{
|
||||
return common_local_url('openidadminpanel');
|
||||
}
|
||||
|
||||
/**
|
||||
* Data elements of the form
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @todo Some of the options could prevent users from logging in again.
|
||||
* Make sure that the acting administrator has a valid OpenID matching,
|
||||
* or more carefully warn folks.
|
||||
*/
|
||||
|
||||
function formData()
|
||||
{
|
||||
$this->out->elementStart(
|
||||
'fieldset',
|
||||
array('id' => 'settings_openid')
|
||||
);
|
||||
$this->out->element('legend', null, _m('Trusted provider'));
|
||||
$this->out->element('p', 'form_guide',
|
||||
_m('By default, users are allowed to authenticate with any OpenID provider. ' .
|
||||
'If you are using your own OpenID service for shared sign-in, ' .
|
||||
'you can restrict access to only your own users here.'));
|
||||
$this->out->elementStart('ul', 'form_data');
|
||||
|
||||
$this->li();
|
||||
$this->input(
|
||||
'trusted_provider',
|
||||
_m('Provider URL'),
|
||||
_m('All OpenID logins will be sent to this URL; other providers may not be used.'),
|
||||
'openid'
|
||||
);
|
||||
$this->unli();
|
||||
|
||||
$this->li();
|
||||
$this->input(
|
||||
'required_team',
|
||||
_m('Required team'),
|
||||
_m('Only allow logins from users in the given team (Launchpad extension).'),
|
||||
'openid'
|
||||
);
|
||||
$this->unli();
|
||||
|
||||
$this->out->elementEnd('ul');
|
||||
$this->out->elementEnd('fieldset');
|
||||
|
||||
$this->out->elementStart(
|
||||
'fieldset',
|
||||
array('id' => 'settings_openid-options')
|
||||
);
|
||||
$this->out->element('legend', null, _m('Options'));
|
||||
|
||||
$this->out->elementStart('ul', 'form_data');
|
||||
|
||||
$this->li();
|
||||
|
||||
$this->out->checkbox(
|
||||
'openidonly', _m('Enable OpenID-only mode'),
|
||||
(bool) $this->value('openidonly', 'site'),
|
||||
_m('Require all users to login via OpenID. WARNING: disables password authentication for all users!'),
|
||||
'true'
|
||||
);
|
||||
$this->unli();
|
||||
|
||||
$this->out->elementEnd('ul');
|
||||
|
||||
$this->out->elementEnd('fieldset');
|
||||
}
|
||||
|
||||
/**
|
||||
* Action elements
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function formActions()
|
||||
{
|
||||
$this->out->submit('submit', _('Save'), 'submit', null, _m('Save OpenID settings'));
|
||||
}
|
||||
}
|
@ -30,7 +30,12 @@ class OpenidloginAction extends Action
|
||||
// TRANS: Client error message trying to log on with OpenID while already logged on.
|
||||
$this->clientError(_m('Already logged in.'));
|
||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$openid_url = $this->trimmed('openid_url');
|
||||
$provider = common_config('openid', 'trusted_provider');
|
||||
if ($provider) {
|
||||
$openid_url = $provider;
|
||||
} else {
|
||||
$openid_url = $this->trimmed('openid_url');
|
||||
}
|
||||
|
||||
oid_assert_allowed($openid_url);
|
||||
|
||||
@ -124,11 +129,20 @@ class OpenidloginAction extends Action
|
||||
|
||||
$this->elementStart('ul', 'form_data');
|
||||
$this->elementStart('li');
|
||||
// TRANS: OpenID plugin logon form field label.
|
||||
$this->input('openid_url', _m('OpenID URL'),
|
||||
$this->openid_url,
|
||||
// TRANS: OpenID plugin logon form field instructions.
|
||||
_m('Your OpenID URL'));
|
||||
$provider = common_config('openid', 'trusted_provider');
|
||||
if ($provider) {
|
||||
$this->element('label', array(), _m('OpenID provider'));
|
||||
$this->element('span', array(), $provider);
|
||||
$this->element('p', 'form_guide',
|
||||
_m('You will be sent to the provider\'s site for authentication.'));
|
||||
$this->hidden('openid_url', $provider);
|
||||
} else {
|
||||
// TRANS: OpenID plugin logon form field label.
|
||||
$this->input('openid_url', _m('OpenID URL'),
|
||||
$this->openid_url,
|
||||
// TRANS: OpenID plugin logon form field instructions.
|
||||
_m('Your OpenID URL'));
|
||||
}
|
||||
$this->elementEnd('li');
|
||||
$this->elementStart('li', array('id' => 'settings_rememberme'));
|
||||
// TRANS: OpenID plugin logon form checkbox label for setting to put the OpenID information in a cookie.
|
||||
|
@ -90,34 +90,36 @@ class OpenidsettingsAction extends AccountSettingsAction
|
||||
{
|
||||
$user = common_current_user();
|
||||
|
||||
$this->elementStart('form', array('method' => 'post',
|
||||
'id' => 'form_settings_openid_add',
|
||||
'class' => 'form_settings',
|
||||
'action' =>
|
||||
common_local_url('openidsettings')));
|
||||
$this->elementStart('fieldset', array('id' => 'settings_openid_add'));
|
||||
$this->element('legend', null, _m('Add OpenID'));
|
||||
$this->hidden('token', common_session_token());
|
||||
$this->element('p', 'form_guide',
|
||||
_m('If you want to add an OpenID to your account, ' .
|
||||
'enter it in the box below and click "Add".'));
|
||||
$this->elementStart('ul', 'form_data');
|
||||
$this->elementStart('li');
|
||||
$this->element('label', array('for' => 'openid_url'),
|
||||
_m('OpenID URL'));
|
||||
$this->element('input', array('name' => 'openid_url',
|
||||
'type' => 'text',
|
||||
'id' => 'openid_url'));
|
||||
$this->elementEnd('li');
|
||||
$this->elementEnd('ul');
|
||||
$this->element('input', array('type' => 'submit',
|
||||
'id' => 'settings_openid_add_action-submit',
|
||||
'name' => 'add',
|
||||
'class' => 'submit',
|
||||
'value' => _m('Add')));
|
||||
$this->elementEnd('fieldset');
|
||||
$this->elementEnd('form');
|
||||
|
||||
if (!common_config('openid', 'trusted_provider')) {
|
||||
$this->elementStart('form', array('method' => 'post',
|
||||
'id' => 'form_settings_openid_add',
|
||||
'class' => 'form_settings',
|
||||
'action' =>
|
||||
common_local_url('openidsettings')));
|
||||
$this->elementStart('fieldset', array('id' => 'settings_openid_add'));
|
||||
|
||||
$this->element('legend', null, _m('Add OpenID'));
|
||||
$this->hidden('token', common_session_token());
|
||||
$this->element('p', 'form_guide',
|
||||
_m('If you want to add an OpenID to your account, ' .
|
||||
'enter it in the box below and click "Add".'));
|
||||
$this->elementStart('ul', 'form_data');
|
||||
$this->elementStart('li');
|
||||
$this->element('label', array('for' => 'openid_url'),
|
||||
_m('OpenID URL'));
|
||||
$this->element('input', array('name' => 'openid_url',
|
||||
'type' => 'text',
|
||||
'id' => 'openid_url'));
|
||||
$this->elementEnd('li');
|
||||
$this->elementEnd('ul');
|
||||
$this->element('input', array('type' => 'submit',
|
||||
'id' => 'settings_openid_add_action-submit',
|
||||
'name' => 'add',
|
||||
'class' => 'submit',
|
||||
'value' => _m('Add')));
|
||||
$this->elementEnd('fieldset');
|
||||
$this->elementEnd('form');
|
||||
}
|
||||
$oid = new User_openid();
|
||||
|
||||
$oid->user_id = $user->id;
|
||||
@ -234,10 +236,14 @@ class OpenidsettingsAction extends AccountSettingsAction
|
||||
}
|
||||
|
||||
if ($this->arg('add')) {
|
||||
$result = oid_authenticate($this->trimmed('openid_url'),
|
||||
'finishaddopenid');
|
||||
if (is_string($result)) { // error message
|
||||
$this->showForm($result);
|
||||
if (common_config('openid', 'trusted_provider')) {
|
||||
$this->showForm(_m("Can't add new providers."));
|
||||
} else {
|
||||
$result = oid_authenticate($this->trimmed('openid_url'),
|
||||
'finishaddopenid');
|
||||
if (is_string($result)) { // error message
|
||||
$this->showForm($result);
|
||||
}
|
||||
}
|
||||
} else if ($this->arg('remove')) {
|
||||
$this->removeOpenid();
|
||||
|
@ -1,6 +1,5 @@
|
||||
== TODO ==
|
||||
* i18n
|
||||
* Change in context URL to conversation (try not to construct the URL in JS)
|
||||
* Update mark behaviour (on notice send)
|
||||
* Pause, Send a notice ~ should not update counter
|
||||
* Pause ~ retain up to 50-100 most recent notices
|
||||
|
@ -250,14 +250,7 @@ class RealtimePlugin extends Plugin
|
||||
$arr['url'] = $notice->bestUrl();
|
||||
$arr['html'] = htmlspecialchars($notice->rendered);
|
||||
$arr['source'] = htmlspecialchars($arr['source']);
|
||||
|
||||
if (!empty($notice->reply_to)) {
|
||||
$reply_to = Notice::staticGet('id', $notice->reply_to);
|
||||
if (!empty($reply_to)) {
|
||||
$arr['in_reply_to_status_url'] = $reply_to->bestUrl();
|
||||
}
|
||||
$reply_to = null;
|
||||
}
|
||||
$arr['conversation_url'] = $this->getConversationUrl($notice);
|
||||
|
||||
$profile = $notice->getProfile();
|
||||
$arr['user']['profile_url'] = $profile->profileurl;
|
||||
@ -272,10 +265,7 @@ class RealtimePlugin extends Plugin
|
||||
$arr['retweeted_status']['source'] = htmlspecialchars($original->source);
|
||||
$originalProfile = $original->getProfile();
|
||||
$arr['retweeted_status']['user']['profile_url'] = $originalProfile->profileurl;
|
||||
if (!empty($original->reply_to)) {
|
||||
$originalReply = Notice::staticGet('id', $original->reply_to);
|
||||
$arr['retweeted_status']['in_reply_to_status_url'] = $originalReply->bestUrl();
|
||||
}
|
||||
$arr['retweeted_status']['conversation_url'] = $this->getConversationUrl($original);
|
||||
}
|
||||
$original = null;
|
||||
}
|
||||
@ -303,6 +293,34 @@ class RealtimePlugin extends Plugin
|
||||
return $tags;
|
||||
}
|
||||
|
||||
function getConversationUrl($notice)
|
||||
{
|
||||
$convurl = null;
|
||||
|
||||
if ($notice->hasConversation()) {
|
||||
$conv = Conversation::staticGet(
|
||||
'id',
|
||||
$notice->conversation
|
||||
);
|
||||
$convurl = $conv->uri;
|
||||
|
||||
if(empty($convurl)) {
|
||||
$msg = sprintf(
|
||||
"Couldn't find Conversation ID %d to make 'in context'"
|
||||
. "link for Notice ID %d",
|
||||
$notice->conversation,
|
||||
$notice->id
|
||||
);
|
||||
|
||||
common_log(LOG_WARNING, $msg);
|
||||
} else {
|
||||
$convurl .= '#notice-' . $notice->id;
|
||||
}
|
||||
}
|
||||
|
||||
return $convurl;
|
||||
}
|
||||
|
||||
function _getScripts()
|
||||
{
|
||||
return array('plugins/Realtime/realtimeupdate.js');
|
||||
|
@ -149,8 +149,8 @@ RealtimeUpdate = {
|
||||
"from "+
|
||||
"<span class=\"device\">"+source+"</span>"+ // may have a link
|
||||
"</span>";
|
||||
if (data['in_reply_to_status_id']) {
|
||||
ni = ni+" <a class=\"response\" href=\""+data['in_reply_to_status_url']+"\">in context</a>";
|
||||
if (data['conversation_url']) {
|
||||
ni = ni+" <a class=\"response\" href=\""+data['conversation_url']+"\">in context</a>";
|
||||
}
|
||||
|
||||
if (repeat) {
|
||||
|
@ -335,10 +335,10 @@ function remove_twitter_link($flink)
|
||||
|
||||
function mail_twitter_bridge_removed($user)
|
||||
{
|
||||
common_init_locale($user->language);
|
||||
|
||||
$profile = $user->getProfile();
|
||||
|
||||
common_switch_locale($user->language);
|
||||
|
||||
$subject = sprintf(_m('Your Twitter bridge has been disabled.'));
|
||||
|
||||
$site_name = common_config('site', 'name');
|
||||
@ -354,7 +354,7 @@ function mail_twitter_bridge_removed($user)
|
||||
common_local_url('twittersettings'),
|
||||
common_config('site', 'name'));
|
||||
|
||||
common_init_locale();
|
||||
common_switch_locale();
|
||||
return mail_to_user($user, $subject, $body);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user