forked from GNUsocial/gnu-social
		
	Allow re-authentication with OpenID
"Rememberme" logins aren't allowed to make changes to an account (since cookie-stealing is too easy). Users have to re-authenticate. Previously, it was impossible to do so without having a username and password; this change lets you do it with OpenID, too.
This commit is contained in:
		| @@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action | ||||
|     function handle($args) | ||||
|     { | ||||
|         parent::handle($args); | ||||
|         if (common_logged_in()) { | ||||
|         if (common_is_real_login()) { | ||||
|             $this->clientError(_('Already logged in.')); | ||||
|         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { | ||||
|             $token = $this->trimmed('token'); | ||||
|   | ||||
| @@ -26,7 +26,7 @@ class OpenidloginAction extends Action | ||||
|     function handle($args) | ||||
|     { | ||||
|         parent::handle($args); | ||||
|         if (common_logged_in()) { | ||||
|         if (common_is_real_login()) { | ||||
|             $this->clientError(_('Already logged in.')); | ||||
|         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { | ||||
|             $openid_url = $this->trimmed('openid_url'); | ||||
| @@ -59,8 +59,17 @@ class OpenidloginAction extends Action | ||||
|  | ||||
|     function getInstructions() | ||||
|     { | ||||
|         if (common_logged_in() && !common_is_real_login() && | ||||
|             common_get_returnto()) { | ||||
|             // rememberme logins have to reauthenticate before | ||||
|             // changing any profile settings (cookie-stealing protection) | ||||
|             return _('For security reasons, please re-login with your ' . | ||||
|                      '[OpenID](%%doc.openid%%) ' . | ||||
|                      'before changing your settings.'); | ||||
|         } else { | ||||
|             return _('Login with an [OpenID](%%doc.openid%%) account.'); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     function showPageNotice() | ||||
|     { | ||||
|   | ||||
| @@ -630,4 +630,15 @@ class User extends Memcached_DataObject | ||||
|  | ||||
|         return $profile; | ||||
|     } | ||||
|  | ||||
|     function hasOpenID() | ||||
|     { | ||||
|         $oid = new User_openid(); | ||||
|  | ||||
|         $oid->user_id = $this->id; | ||||
|  | ||||
|         $cnt = $oid->find(); | ||||
|  | ||||
|         return ($cnt > 0); | ||||
|     } | ||||
| } | ||||
|   | ||||
| @@ -76,7 +76,12 @@ class SettingsAction extends Action | ||||
|             // change important settings or see private info, and | ||||
|             // _all_ our settings are important | ||||
|             common_set_returnto($this->selfUrl()); | ||||
|             $user = common_current_user(); | ||||
|             if ($user->hasOpenID()) { | ||||
|                 common_redirect(common_local_url('openidlogin')); | ||||
|             } else { | ||||
|                 common_redirect(common_local_url('login')); | ||||
|             } | ||||
|         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { | ||||
|             $this->handlePost(); | ||||
|         } else { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user