From c02a01914ab67c2bc25850034a75ee1046fd6870 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Tue, 17 Jun 2008 09:35:01 -0400
Subject: [PATCH] start openid rp integration

darcs-hash:20080617133501-84dde-adec156ac58b84cce41ae0e9bde58cf7637e6c42.gz
---
 actions/openidlogin.php |  57 ++++++++++
 classes/Avatar.php      |   6 +-
 classes/Profile.php     |  12 +--
 classes/User_openid.php |  23 ++++
 classes/stoica.ini      |  10 ++
 db/laconica.sql         |  30 +++++-
 doc/roadmap             | 233 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 361 insertions(+), 10 deletions(-)
 create mode 100644 actions/openidlogin.php
 create mode 100644 classes/User_openid.php
 create mode 100644 doc/roadmap

diff --git a/actions/openidlogin.php b/actions/openidlogin.php
new file mode 100644
index 0000000000..0a5182a61b
--- /dev/null
+++ b/actions/openidlogin.php
@@ -0,0 +1,57 @@
+<?php
+/*
+ * Laconica - a distributed open-source microblogging tool
+ * Copyright (C) 2008, Controlez-Vous, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+if (!defined('LACONICA')) { exit(1); }
+
+class OpenidloginAction extends Action {
+	
+	function handle($args) {
+		parent::handle($args);
+		if (common_logged_in()) {
+			common_user_error(_t('Already logged in.'));
+		} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+			$this->start_openid_login();
+		} else {
+			$this->show_form();
+		}
+	}
+
+	function show_form($error=NULL) {
+		common_show_header(_t('OpenID Login'));
+		if ($error) {
+			common_element('div', array('class' => 'error'), $error);
+		} else {
+			common_element('div', 'instructions', 
+						   _t('Login with an OpenID account.'));
+		}
+		common_element_start('form', array('method' => 'POST',
+										   'id' => 'openidlogin',
+										   'action' => common_local_url('openidlogin')));
+		common_input('openid_url', _t('OpenID URL'));
+		common_submit('submit', _t('Login'));
+		common_element_end('form');
+		common_show_footer();
+	}
+	
+	function check_login() {
+		# XXX: form token in $_SESSION to prevent XSS
+		# XXX: login throttle
+		$openid_url = $this->trimmed('openid_url');
+	}
+}
diff --git a/classes/Avatar.php b/classes/Avatar.php
index 24dca038ee..1807770534 100644
--- a/classes/Avatar.php
+++ b/classes/Avatar.php
@@ -4,18 +4,18 @@
  */
 require_once 'DB/DataObject.php';
 
-class Avatar extends DB_DataObject
+class Avatar extends DB_DataObject 
 {
     ###START_AUTOCODE
     /* the code below is auto generated do not remove the above tag */
 
     public $__table = 'avatar';                          // table name
     public $profile_id;                      // int(4)  primary_key not_null
-    public $original;                        // tinyint(1)
+    public $original;                        // tinyint(1)  
     public $width;                           // int(4)  primary_key not_null
     public $height;                          // int(4)  primary_key not_null
     public $mediatype;                       // varchar(32)   not_null
-    public $filename;                        // varchar(255)
+    public $filename;                        // varchar(255)  
     public $url;                             // varchar(255)  unique_key
     public $created;                         // datetime()   not_null
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
diff --git a/classes/Profile.php b/classes/Profile.php
index 5a45d43979..000590a98f 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -24,7 +24,7 @@ if (!defined('LACONICA')) { exit(1); }
  */
 require_once 'DB/DataObject.php';
 
-class Profile extends DB_DataObject
+class Profile extends DB_DataObject 
 {
     ###START_AUTOCODE
     /* the code below is auto generated do not remove the above tag */
@@ -32,11 +32,11 @@ class Profile extends DB_DataObject
     public $__table = 'profile';                         // table name
     public $id;                              // int(4)  primary_key not_null
     public $nickname;                        // varchar(64)   not_null
-    public $fullname;                        // varchar(255)
-    public $profileurl;                      // varchar(255)
-    public $homepage;                        // varchar(255)
-    public $bio;                             // varchar(140)
-    public $location;                        // varchar(255)
+    public $fullname;                        // varchar(255)  
+    public $profileurl;                      // varchar(255)  
+    public $homepage;                        // varchar(255)  
+    public $bio;                             // varchar(140)  
+    public $location;                        // varchar(255)  
     public $created;                         // datetime()   not_null
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
diff --git a/classes/User_openid.php b/classes/User_openid.php
new file mode 100644
index 0000000000..9811879ece
--- /dev/null
+++ b/classes/User_openid.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Table Definition for user_openid
+ */
+require_once 'DB/DataObject.php';
+
+class User_openid extends DB_DataObject 
+{
+    ###START_AUTOCODE
+    /* the code below is auto generated do not remove the above tag */
+
+    public $__table = 'user_openid';                     // table name
+    public $url;                             // varchar(255)  primary_key not_null
+    public $user_id;                         // int(4)  unique_key not_null
+    public $created;                         // datetime()   not_null
+    public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
+
+    /* Static get */
+    function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('User_openid',$k,$v); }
+
+    /* the code above is auto generated do not remove the tag below */
+    ###END_AUTOCODE
+}
diff --git a/classes/stoica.ini b/classes/stoica.ini
index 38ecfe84b5..0f7675e06e 100644
--- a/classes/stoica.ini
+++ b/classes/stoica.ini
@@ -115,3 +115,13 @@ id = K
 nickname = U
 email = U
 uri = U
+
+[user_openid]
+url = 130
+user_id = 129
+created = 142
+modified = 384
+
+[user_openid__keys]
+url = K
+user_id = U
diff --git a/db/laconica.sql b/db/laconica.sql
index 97f56bd151..973d4f914a 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -112,4 +112,32 @@ create table nonce (
     
     constraint primary key (consumer_key, tok, nonce),
     constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
-);
\ No newline at end of file
+);
+
+/* One-to-many relationship of user to openid_url */
+
+create table user_openid (
+    url varchar(255) primary key comment 'OpenID URL',
+    user_id integer not null unique key comment 'user owning this URL' references user (id),
+    created datetime not null comment 'date this record was created',
+    modified timestamp comment 'date this record was modified'
+);
+
+/* These are used by JanRain OpenID library */
+
+create table oid_associations (
+    server_url BLOB,
+    handle VARCHAR(255),
+    secret BLOB,
+    issued INTEGER,
+    lifetime INTEGER,
+    assoc_type VARCHAR(64),
+    PRIMARY KEY (server_url(255), handle)
+);
+
+create table oid_nonces (
+    server_url VARCHAR(2047),
+    timestamp INTEGER,
+    salt CHAR(40),
+    UNIQUE (server_url(255), timestamp, salt)
+);
diff --git a/doc/roadmap b/doc/roadmap
new file mode 100644
index 0000000000..65f2750f05
--- /dev/null
+++ b/doc/roadmap
@@ -0,0 +1,233 @@
+Roadmap
+-------
+
+This is a roadmap of tasks for different versions of the
+[Laconica](http://laconi.ca/) software. It's meant to help answer the
+question, "Is Laconica ever going to have such-and-such a feature?" or
+"When will Laconica do such-and-such?"
+
+Release 0.1
+-----------
+
+This was an internal milestone release, mostly for developing the core
+functionality.
+
++ login
++ register
++ settings
++ upload avatar
++ change password
++ settings menu
++ disallow login if user is logged in
++ disallow register if user is logged in
++ common_current_user()
++ common_logged_in()
++ session variable for login
++ post notice
++ logout
++ subscribe
++ unsubscribe
++ subscribe links on profile
++ header menu
++ footer menu
++ disallow direct to PHP files
++ common_local_url()
++ configuration for DB_DataObject
++ date formatting
++ new notice redirects to notice page
++ date in shown notice links to notice page
++ common_redirect()
++ configuration system ($config)
+
+Release 0.2
+-----------
+
+Another internal milestone. Bumped up from cruddy caveman HTML to a
+borrowed design from [OSWD](http://www.oswd.org/), added a lot of RSS
+generation, and more careful form validation.
+
++ design from Open Source Web Designs
++ add H1 to each page
++ add H2 for each page section
++ default to public stream
++ default avatar
++ default HTML type
++ set Content-Type
++ show current values in profile settings
++ save profile URL in profilesettings
++ save profile URL on registration
++ require valid nicknames
++ reject empty notices
++ validate registration form results
++ validate profilesettings form results
++ validate newnotice form results
++ remove validation code from classes
++ use only canonical usernames
++ fix layout of textarea
++ make notices into "big links"
++ RSS 1.0 feeds of a user's notices
++ RSS 1.0 feeds of a user's notices + friends
++ RSS 1.0 dump of a user's notices
++ RSS 1.0 feed of all public notices
++ deal with PHP quotes escaping
++ source link in footer menu
++ public stream link in top menu
++ dump, fix, undump database
+
+Release 0.3
+-----------
+
+First public release (theoretically). Added distributed subscriptions,
+"fancy" URLs, and a new graphic design for stoi.ca.
+
++ YADIS document link on showstream
++ YADIS document
++ subscribe remote
++ add subscriber remote
++ server side of user authorization
++ server side of request token
++ server side of access token
++ OAuth store
++ log of consumers who ask for access
++ receive remote notice
++ send remote notice
++ receive remote profile update
++ send remote profile update
++ subscribe form for not-logged-in users on showstream
++ pretty URLs
++ doc action
++ about doc
++ help doc
++ privacy doc
++ source doc
++ roadmap doc
++ add a way to stick variables into documents
++ FOAF document for user
++ license in RSS feeds
++ TOS checkbox on register
++ registration instructions
++ login instructions
++ profile settings instructions
++ avatar instructions
++ password change instructions
++ fix spacing on notices
++ fix spacing in profile
++ add a next page link to showstream
++ add a next page link to public
++ add a next page link to all
++ @ messages
++ Automatically linkify URLs in notices
++ themes
++ theme per site
++ only local notices in public stream
++ only local notices in public RSS
++ graphic refresh on all
++ graphic refresh on avatar
++ graphic refresh on doc
++ graphic refresh on login
++ graphic refresh on newnotice
++ graphic refresh on password
++ graphic refresh on profilesettings
++ graphic refresh on public
++ graphic refresh on register
++ graphic refresh on remotesubscribe
++ graphic refresh on shownotice
++ graphic refresh on showstream
++ graphic refresh on subscribed
++ graphic refresh on subscriptions
++ graphic refresh on userauthorization
++ correct use of views menu in settings
++ correct use of views menu in streams
++ content negotiation for content type
+
+Release 0.4
+-----------
+
+- contact doc
+- FAQ doc
+- update default theme to use new, more semantic, HTML
+- INSTALL file
+- limit entry in textarea to 140 chars
++ AGPL notification
+- Check licenses of all libraries for compatibility
+- jQuery for as much as possible
+- forward notices to Jabber
+- receive notices from Jabber
+- forward notices to other IM
+- forward notices to mobile phone
+- receive notices from other IM
+- receive notices from mobile phone
+- microid for profile page
+- format times per user
+- timezone preferences in Profile settings
++ email notification on subscriptions
+- content negotiation for interface language
+- user preference for interface language
+- gettext
+- tinyurl-ification of URLs
+- set Last-Modified
+- XML sitemap generation
+- email confirmation for registration
+- email options
+- change cookie handling for anon users to be more cache-friendly
+- content negotiation for encoding
+- If-Modified-Since support
+- Vary
++ site logo
+- check license compatibility for remote subscribe
+- optional FOAF URL in openmicroblogging exchange
+- subscribe/unsubscribe on subscriptions page
+- subscribe/unsubscribe on subscribed page
+
+Release 0.5
+-----------
+
+- content negotiation for charset (iconv?)
+- license per notice
+- use only canonical email addresses
+- allow mixed-case usernames
+- allow non-latin usernames
+- store canonical username for comparison and fetch
+- theme per profile
+- email newsletter
+- RDF dump of entire site
+- delete a notice
+- plugins and hooks and other extensibility
+- RDFa for stream pages
+- RDFa for subscriber pages
+- RDFa for subscribed pages
+- # tags
+- L: location
+- hreviews
+- stay logged in between sessions
+- use RSS as a subscription
+- license per attachment
+
+Release 0.6
+-----------
+
+- URL notices
+- image notices
+- video notices
+- audio notices
+- machine tags
+
+Release 1.0
+-----------
+
+- OAuth for third-party tools (desktop, other sites)
+- Twitter-compatible API
+- Pownce-compatible API
+- include twitter subscriptions (push and pull)
+- include Pownce subscriptions (push and pull)
+- privacy
+- Wrap DB_DataObject with memcached caching layer
+- login throttle to prevent brute-force attacks
+- form token in login to prevent XSS
+
+Post-1.0
+--------
+
+- Atom Publishing Protocol
+- "Universal" public feed
+- global registry (LDAP at openmicroblogging.net, maybe?)
\ No newline at end of file