<?php
/**
 * Handler for remote subscription
 *
 * PHP version 5
 *
 * @category Action
 * @package  StatusNet
 * @author   Evan Prodromou <evan@status.net>
 * @author   Robin Millette <millette@status.net>
 * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
 * @link     http://status.net/
 *
 * StatusNet - the distributed open-source microblogging tool
 * Copyright (C) 2008-2011 StatusNet, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 **/

if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }

require_once dirname(__FILE__) . '/../lib/omb.php';
require_once dirname(__FILE__) . '/../extlib/libomb/service_consumer.php';
require_once dirname(__FILE__) . '/../extlib/libomb/profile.php';

/**
 * Handler for remote subscription
 *
 * @category Action
 * @package  StatusNet
 * @author   Evan Prodromou <evan@status.net>
 * @author   Robin Millette <millette@status.net>
 * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
 * @link     http://status.net/
 */
class RemotesubscribeAction extends Action
{
    var $nickname;
    var $profile_url;
    var $err;

    function prepare($args)
    {
        parent::prepare($args);

        if (common_logged_in()) {
            // TRANS: Client error displayed when using remote subscribe for a local entity.
            $this->clientError(_('You can use the local subscription!'));
            return false;
        }

        $this->nickname    = $this->trimmed('nickname');
        $this->profile_url = $this->trimmed('profile_url');

        return true;
    }

    function handle($args)
    {
        parent::handle($args);

        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            /* Use a session token for CSRF protection. */
            $token = $this->trimmed('token');
            if (!$token || $token != common_session_token()) {
                // TRANS: Client error displayed when the session token does not match or is not given.
                $this->showForm(_('There was a problem with your session token. '.
                                  'Try again, please.'));
                return;
            }
            $this->remoteSubscription();
        } else {
            $this->showForm();
        }
    }

    function showForm($err=null)
    {
        $this->err = $err;
        $this->showPage();
    }

    function showPageNotice()
    {
        if ($this->err) {
            $this->element('div', 'error', $this->err);
        } else {
            // TRANS: Page notice for remote subscribe. This message contains Markdown links.
            // TRANS: Ensure to keep the correct markup of [link description](link).
            $inst = _('To subscribe, you can [login](%%action.login%%),' .
                      ' or [register](%%action.register%%) a new ' .
                      ' account. If you already have an account ' .
                      ' on a [compatible microblogging site](%%doc.openmublog%%), ' .
                      ' enter your profile URL below.');
            $output = common_markup_to_html($inst);
            $this->elementStart('div', 'instructions');
            $this->raw($output);
            $this->elementEnd('div');
        }
    }

    function title()
    {
        // TRANS: Page title for Remote subscribe.
        return _('Remote subscribe');
    }

    function showContent()
    {
        /* The id 'remotesubscribe' conflicts with the
           button on profile page. */
        $this->elementStart('form', array('id' => 'form_remote_subscribe',
                                          'method' => 'post',
                                          'class' => 'form_settings',
                                          'action' => common_local_url('remotesubscribe')));
        $this->elementStart('fieldset');
        // TRANS: Field legend on page for remote subscribe.
        $this->element('legend', _('Subscribe to a remote user'));
        $this->hidden('token', common_session_token());

        $this->elementStart('ul', 'form_data');
        $this->elementStart('li');
        // TRANS: Field label on page for remote subscribe.
        $this->input('nickname', _('User nickname'), $this->nickname,
                     // TRANS: Field title on page for remote subscribe.
                     _('Nickname of the user you want to follow.'));
        $this->elementEnd('li');
        $this->elementStart('li');
        // TRANS: Field label on page for remote subscribe.
        $this->input('profile_url', _('Profile URL'), $this->profile_url,
                     // TRANS: Field title on page for remote subscribe.
                     _('URL of your profile on another compatible microblogging service.'));
        $this->elementEnd('li');
        $this->elementEnd('ul');
        // TRANS: Button text on page for remote subscribe.
        $this->submit('submit', _m('BUTTON','Subscribe'));
        $this->elementEnd('fieldset');
        $this->elementEnd('form');
    }

    function remoteSubscription()
    {
        if (!$this->nickname) {
            // TRANS: Form validation error on page for remote subscribe when no user was provided.
            $this->showForm(_('No such user.'));
            return;
        }

        $user = User::staticGet('nickname', $this->nickname);

        $this->profile_url = $this->trimmed('profile_url');

        if (!$this->profile_url) {
            // TRANS: Form validation error on page for remote subscribe when no user profile was found.
            $this->showForm(_('No such user.'));
            return;
        }

        if (!common_valid_http_url($this->profile_url)) {
            // TRANS: Form validation error on page for remote subscribe when an invalid profile URL was provided.
            $this->showForm(_('Invalid profile URL (bad format).'));
            return;
        }

        try {
            $service = new OMB_Service_Consumer($this->profile_url,
                                                common_root_url(),
                                                omb_oauth_datastore());
        } catch (OMB_InvalidYadisException $e) {
            // TRANS: Form validation error on page for remote subscribe when no the provided profile URL
            // TRANS: does not contain expected data.
            $this->showForm(_('Not a valid profile URL (no YADIS document or ' .
                              'invalid XRDS defined).'));
            return;
        }

        if ($service->getServiceURI(OAUTH_ENDPOINT_REQUEST) ==
            common_local_url('requesttoken') ||
            User::staticGet('uri', $service->getRemoteUserURI())) {
            // TRANS: Form validation error on page for remote subscribe.
            $this->showForm(_('That is a local profile! Login to subscribe.'));
            return;
        }

        try {
            $service->requestToken();
        } catch (OMB_RemoteServiceException $e) {
            // TRANS: Form validation error on page for remote subscribe when the remote service is not providing a request token.
            $this->showForm(_('Could not get a request token.'));
            return;
        }

        /* Create an OMB_Profile from $user. */
        $profile = $user->getProfile();
        if (!$profile) {
            common_log_db_error($user, 'SELECT', __FILE__);
            // TRANS: Error message displayed when referring to a user without a profile.
            $this->serverError(_('User has no profile.'));
            return;
        }

        $target_url = $service->requestAuthorization(
                                   profile_to_omb_profile($user->uri, $profile),
                                   common_local_url('finishremotesubscribe'));

        common_ensure_session();

        $_SESSION['oauth_authorization_request'] = serialize($service);

        /* Redirect to the remote service for authorization. */
        common_redirect($target_url, 303);
    }
}