cant remove last openid, public xrds includes immediate

Added a check to make sure the user doesn't remove their last OpenID if they don't also have a password. Also, put the finishimmediate URL in the publicxrds so that e.g. Yahoo! doesn't get snippy. darcs-hash:20080619153231-5ed1f-a5d784ff39b53afdfb0584689188dd78bdb90c41.gz
2008-06-19 11:32:31 -04:00 · 2008-06-19 11:32:31 -04:00 · fa90195c4d
parent 26c7d5f04e
commit fa90195c4d
2 changed files with 47 additions and 31 deletions
--- a/actions/openidsettings.php
+++ b/actions/openidsettings.php
@ -69,41 +69,58 @@ class OpenidsettingsAction extends SettingsAction {

 		$oid = new User_openid();
 		$oid->user_id = $user->id;
-		
-		if ($oid->find()) {
+
+		$cnt = $oid->find();
+
+		if ($cnt > 0) {
 			
-			common_element('h2', NULL, _t('OpenID'));
-			common_element('p', NULL,
-						   _t('You can remove an OpenID from your account '.
-							  'by clicking the button marked "Delete" next to it.'));
-			$idx = 0;
+			common_element('h2', NULL, _t('Remove OpenID'));
 			
-			while ($oid->fetch()) {
-				common_element_start('form', array('method' => 'POST',
-												   'id' => 'openiddelete' . $idx,
-												   'action' =>
-												   common_local_url('openidsettings')));
+			if ($cnt == 1 && !$user->password) {
+
+				common_element('p', NULL,
+							   _t('Removing your only OpenID would make it impossible to log in! ' .
+								  'If you need to remove it, add another OpenID first.'));
 				common_element_start('p');
 				common_element('a', array('href' => $oid->canonical),
 							   $oid->display);
-				common_element('input', array('type' => 'hidden',
-											  'id' => 'openid_url'.$idx,
-											  'name' => 'openid_url',
-											  'value' => $oid->canonical));
-				common_element('input', array('type' => 'submit',
-											  'id' => 'remove'.$idx,
-											  'name' => 'remove',
-											  'class' => 'submit',
-											  'value' => _t('Remove')));
 				common_element_end('p');
-				common_element_end('form');
-				$idx++;
+				
+			} else {
+			
+				common_element('h2', NULL, _t('Remove OpenID'));
+				common_element('p', NULL,
+							   _t('You can remove an OpenID from your account '.
+								  'by clicking the button marked "Remove".'));
+				$idx = 0;
+				
+				while ($oid->fetch()) {
+					common_element_start('form', array('method' => 'POST',
+													   'id' => 'openiddelete' . $idx,
+												   'action' =>
+													   common_local_url('openidsettings')));
+					common_element_start('p');
+					common_element('a', array('href' => $oid->canonical),
+								   $oid->display);
+					common_element('input', array('type' => 'hidden',
+												  'id' => 'openid_url'.$idx,
+												  'name' => 'openid_url',
+												  'value' => $oid->canonical));
+					common_element('input', array('type' => 'submit',
+												  'id' => 'remove'.$idx,
+												  'name' => 'remove',
+												  'class' => 'submit',
+												  'value' => _t('Remove')));
+					common_element_end('p');
+					common_element_end('form');
+					$idx++;
+				}
 			}
+			
+			common_show_footer();
 		}
-		
-		common_show_footer();
 	}
-
+	
 	function handle_post() {
 		if ($this->arg('add')) {
 			$result = oid_authenticate($this->trimmed('openid_url'), 'finishaddopenid');
--- a/actions/publicxrds.php
+++ b/actions/publicxrds.php
@ -40,11 +40,10 @@ class PublicxrdsAction extends Action {

 		common_element('Type', NULL, 'xri://$xrds*simple');

-		$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
-							common_local_url('finishopenidlogin'));
-		
-		$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
-							common_local_url('finishaddopenid'));
+		foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) {
+			$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
+								common_local_url($finish));
+		}
 		
 		common_element_end('XRD');