Let OpenID match against aliases (fix fancyurl stuff etc.)

This commit is contained in:
Mikael Nordfeldth 2016-02-23 14:15:08 +01:00
parent b59dacb806
commit e16f7d04a8

View File

@ -63,8 +63,7 @@ class OpenidserverAction extends Action
$request = $this->oserver->decodeRequest(); $request = $this->oserver->decodeRequest();
if (in_array($request->mode, array('checkid_immediate', if (in_array($request->mode, array('checkid_immediate',
'checkid_setup'))) { 'checkid_setup'))) {
$user = common_current_user(); if (!$this->scoped instanceof Profile) {
if(!$user){
if($request->immediate){ if($request->immediate){
//cannot prompt the user to login in immediate mode, so answer false //cannot prompt the user to login in immediate mode, so answer false
$response = $this->generateDenyResponse($request); $response = $this->generateDenyResponse($request);
@ -77,9 +76,9 @@ class OpenidserverAction extends Action
common_set_returnto($_SERVER['REQUEST_URI']); common_set_returnto($_SERVER['REQUEST_URI']);
common_redirect(common_local_url('login'), 303); common_redirect(common_local_url('login'), 303);
} }
}else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){ } elseif (in_array($request->identity, $this->scoped->getAliases()) || $request->idSelect()) {
$user_openid_trustroot = User_openid_trustroot::pkeyGet( $user_openid_trustroot = User_openid_trustroot::pkeyGet(
array('user_id'=>$user->id, 'trustroot'=>$request->trust_root)); array('user_id'=>$this->scoped->getID(), 'trustroot'=>$request->trust_root));
if(empty($user_openid_trustroot)){ if(empty($user_openid_trustroot)){
if($request->immediate){ if($request->immediate){
//cannot prompt the user to trust this trust root in immediate mode, so answer false //cannot prompt the user to trust this trust root in immediate mode, so answer false
@ -87,7 +86,7 @@ class OpenidserverAction extends Action
}else{ }else{
common_ensure_session(); common_ensure_session();
$_SESSION['openid_trust_root'] = $request->trust_root; $_SESSION['openid_trust_root'] = $request->trust_root;
$allowResponse = $this->generateAllowResponse($request, $user); $allowResponse = $this->generateAllowResponse($request, $this->scoped);
$this->oserver->encodeResponse($allowResponse); //sign the response $this->oserver->encodeResponse($allowResponse); //sign the response
$denyResponse = $this->generateDenyResponse($request); $denyResponse = $this->generateDenyResponse($request);
$this->oserver->encodeResponse($denyResponse); //sign the response $this->oserver->encodeResponse($denyResponse); //sign the response
@ -101,12 +100,11 @@ class OpenidserverAction extends Action
// were POSTed here. // were POSTed here.
common_redirect(common_local_url('openidtrust'), 303); common_redirect(common_local_url('openidtrust'), 303);
} }
}else{ } else {
//user has previously authorized this trust root //user has previously authorized this trust root
$response = $this->generateAllowResponse($request, $user); $response = $this->generateAllowResponse($request, $this->scoped);
//$response = $request->answer(true, null, common_profile_url($user->nickname));
} }
} else if ($request->immediate) { } elseif ($request->immediate) {
$response = $this->generateDenyResponse($request); $response = $this->generateDenyResponse($request);
} else { } else {
//invalid //invalid
@ -137,14 +135,14 @@ class OpenidserverAction extends Action
} }
} }
function generateAllowResponse($request, $user){ function generateAllowResponse($request, Profile $profile){
$response = $request->answer(true, null, common_profile_url($user->nickname)); $response = $request->answer(true, null, $profile->getUrl());
$user = $profile->getUser();
$profile = $user->getProfile();
$sreg_data = array( $sreg_data = array(
'fullname' => $profile->fullname, 'fullname' => $profile->getFullname(),
'nickname' => $user->nickname, 'nickname' => $profile->getNickname(),
'email' => $user->email, 'email' => $user->email, // FIXME: Should we make the email optional?
'language' => $user->language, 'language' => $user->language,
'timezone' => $user->timezone); 'timezone' => $user->timezone);
$sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);