From bcc06d05e8b0ec4ac9d91ac65e6905d02c4b43cc Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Wed, 20 Oct 2010 15:59:27 -0700 Subject: [PATCH] Initial OpenID+OAuth thingy. --- actions/apioauthauthorize.php | 39 +++++++++------ plugins/OpenID/OpenIDPlugin.php | 87 +++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 16 deletions(-) diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 0e61cdf2c9..b603dce4a1 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -157,9 +157,13 @@ class ApiOauthAuthorizeAction extends Action // XXX Force credentials check? - // XXX OpenID + // @fixme this should probably use a unified login form handler + $user = null; + if (Event::handle('StartOAuthLoginCheck', array($this, &$user))) { + $user = common_check_user($this->nickname, $this->password); + } + Event::handle('EndOAuthLoginCheck', array($this, &$user)); - $user = common_check_user($this->nickname, $this->password); if (empty($user)) { // TRANS: Form validation error given when an invalid username and/or password was passed to the OAuth API. $this->showForm(_("Invalid nickname / password!")); @@ -344,21 +348,24 @@ class ApiOauthAuthorizeAction extends Action $this->elementEnd('ul'); if (!common_logged_in()) { - $this->elementStart('fieldset'); - // TRANS: Fieldset legend. - $this->element('legend', null, _m('LEGEND','Account')); - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - // TRANS: Field label on OAuth API authorisation form. - $this->input('nickname', _('Nickname')); - $this->elementEnd('li'); - $this->elementStart('li'); - // TRANS: Field label on OAuth API authorisation form. - $this->password('password', _('Password')); - $this->elementEnd('li'); - $this->elementEnd('ul'); + if (Event::handle('StartOAuthLoginForm', array($this))) { + $this->elementStart('fieldset'); + // TRANS: Fieldset legend. + $this->element('legend', null, _m('LEGEND','Account')); + $this->elementStart('ul', 'form_data'); + $this->elementStart('li'); + // TRANS: Field label on OAuth API authorisation form. + $this->input('nickname', _('Nickname')); + $this->elementEnd('li'); + $this->elementStart('li'); + // TRANS: Field label on OAuth API authorisation form. + $this->password('password', _('Password')); + $this->elementEnd('li'); + $this->elementEnd('ul'); - $this->elementEnd('fieldset'); + $this->elementEnd('fieldset'); + } + Event::handle('EndOAuthLoginForm', array($this)); } $this->element('input', array('id' => 'cancel_submit', diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index a033a50109..0fa50139d7 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -654,4 +654,91 @@ class OpenIDPlugin extends Plugin _m('Use OpenID to login to the site.')); return true; } + + function onStartOAuthLoginForm($action) + { + if (common_config('site', 'openidonly')) { + // Cancel the regular password login form, we won't need it. + $this->showOAuthLoginForm($action); + return false; + } else { + // Leave the regular password login form in place. + // We'll add an OpenID link at bottom...? + return true; + } + } + + /** + * @fixme merge with common code for main OpenID login form + * @param HTMLOutputter $action + */ + protected function showOAuthLoginForm($action) + { + $action->elementStart('ul', 'form_data'); + $action->elementStart('li'); + $provider = common_config('openid', 'trusted_provider'); + $appendUsername = common_config('openid', 'append_username'); + if ($provider) { + $action->element('label', array(), _m('OpenID provider')); + $action->element('span', array(), $provider); + if ($appendUsername) { + $action->element('input', array('id' => 'openid_username', + 'name' => 'openid_username', + 'style' => 'float: none')); + } + $action->element('p', 'form_guide', + ($appendUsername ? _m('Enter your username.') . ' ' : '') . + _m('You will be sent to the provider\'s site for authentication.')); + $action->hidden('openid_url', $provider); + } else { + // TRANS: OpenID plugin logon form field label. + $action->input('openid_url', _m('OpenID URL'), + '', + // TRANS: OpenID plugin logon form field instructions. + _m('Your OpenID URL')); + } + $action->elementEnd('li'); + $action->elementEnd('ul'); + } + + /** + * Handle a POST user credential check in apioauthauthorization. + * If given an OpenID URL, we'll pass us over to the regular things + * and then redirect back here on completion. + * + * @fixme merge with common code for main OpenID login form + * @param HTMLOutputter $action + */ + function onStartOAuthLoginCheck($action, &$user) + { + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $openid_url = $provider; + if (common_config('openid', 'append_username')) { + $openid_url .= $action->trimmed('openid_username'); + } + } else { + $openid_url = $action->trimmed('openid_url'); + } + + if ($openid_url) { + require_once dirname(__FILE__) . '/openid.php'; + oid_assert_allowed($openid_url); + + $returnto = common_local_url('ApiOauthAuthorize', array(), + array('oauth_token' => $action->arg('oauth_token'))); + common_set_returnto($returnto); + + // This will redirect if functional... + $result = oid_authenticate($openid_url, + 'finishopenidlogin'); + if (is_string($result)) { # error message + throw new ServerException($result); + } else { + exit(0); + } + } + + return true; + } }