cant remove last openid, public xrds includes immediate

Added a check to make sure the user doesn't remove their last OpenID
if they don't also have a password.

Also, put the finishimmediate URL in the publicxrds so that e.g.
Yahoo! doesn't get snippy.

darcs-hash:20080619153231-5ed1f-a5d784ff39b53afdfb0584689188dd78bdb90c41.gz

actions/openidsettings.php

@@ -70,38 +70,55 @@ class OpenidsettingsAction extends SettingsAction {
 		$oid = new User_openid();
 		$oid->user_id = $user->id;
 
-		if ($oid->find()) {
+		$cnt = $oid->find();
 
-			common_element('h2', NULL, _t('OpenID'));
+		if ($cnt > 0) {
-			common_element('p', NULL,
-						   _t('You can remove an OpenID from your account '.
-							  'by clicking the button marked "Delete" next to it.'));
-			$idx = 0;
 			
-			while ($oid->fetch()) {
+			common_element('h2', NULL, _t('Remove OpenID'));
-				common_element_start('form', array('method' => 'POST',
+			
-												   'id' => 'openiddelete' . $idx,
+			if ($cnt == 1 && !$user->password) {
-												   'action' =>
+
-												   common_local_url('openidsettings')));
+				common_element('p', NULL,
+							   _t('Removing your only OpenID would make it impossible to log in! ' .
+								  'If you need to remove it, add another OpenID first.'));
 				common_element_start('p');
 				common_element('a', array('href' => $oid->canonical),
 							   $oid->display);
-				common_element('input', array('type' => 'hidden',
-											  'id' => 'openid_url'.$idx,
-											  'name' => 'openid_url',
-											  'value' => $oid->canonical));
-				common_element('input', array('type' => 'submit',
-											  'id' => 'remove'.$idx,
-											  'name' => 'remove',
-											  'class' => 'submit',
-											  'value' => _t('Remove')));
 				common_element_end('p');
-				common_element_end('form');
-				$idx++;
-			}
-		}
 				
-		common_show_footer();
+			} else {
+			
+				common_element('h2', NULL, _t('Remove OpenID'));
+				common_element('p', NULL,
+							   _t('You can remove an OpenID from your account '.
+								  'by clicking the button marked "Remove".'));
+				$idx = 0;
+				
+				while ($oid->fetch()) {
+					common_element_start('form', array('method' => 'POST',
+													   'id' => 'openiddelete' . $idx,
+												   'action' =>
+													   common_local_url('openidsettings')));
+					common_element_start('p');
+					common_element('a', array('href' => $oid->canonical),
+								   $oid->display);
+					common_element('input', array('type' => 'hidden',
+												  'id' => 'openid_url'.$idx,
+												  'name' => 'openid_url',
+												  'value' => $oid->canonical));
+					common_element('input', array('type' => 'submit',
+												  'id' => 'remove'.$idx,
+												  'name' => 'remove',
+												  'class' => 'submit',
+												  'value' => _t('Remove')));
+					common_element_end('p');
+					common_element_end('form');
+					$idx++;
+				}
+			}
+			
+			common_show_footer();
+		}
 	}
 	
 	function handle_post() {

actions/publicxrds.php

@@ -40,11 +40,10 @@ class PublicxrdsAction extends Action {
 
 		common_element('Type', NULL, 'xri://$xrds*simple');
 
-		$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
+		foreach (array('finishopenidlogin', 'finishaddopenid', 'finishimmediate') as $finish) {
-							common_local_url('finishopenidlogin'));
+			$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
-		
+								common_local_url($finish));
-		$this->show_service(Auth_OpenID_RP_RETURN_TO_URL_TYPE,
+		}
-							common_local_url('finishaddopenid'));
 		
 		common_element_end('XRD');