mirror of
https://github.com/friendica/friendica
synced 2024-11-09 23:02:54 +00:00
Changed OpenID registration
This commit is contained in:
parent
2edccf9341
commit
aca701bef8
9 changed files with 128 additions and 113 deletions
|
@ -24,7 +24,7 @@ function openid_content(App $a) {
|
|||
$openid = new LightOpenID($a->getHostName());
|
||||
|
||||
if ($openid->validate()) {
|
||||
$authid = $openid->identity;
|
||||
$authid = $openid->data['openid_identity'];
|
||||
|
||||
if (empty($authid)) {
|
||||
Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL);
|
||||
|
@ -54,55 +54,22 @@ function openid_content(App $a) {
|
|||
}
|
||||
|
||||
// Successful OpenID login - but we can't match it to an existing account.
|
||||
// New registration?
|
||||
unset($_SESSION['register']);
|
||||
Session::set('openid_attributes', $openid->getAttributes());
|
||||
Session::set('openid_identity', $authid);
|
||||
|
||||
// Detect the server URL
|
||||
$open_id_obj = new LightOpenID($a->getHostName());
|
||||
$open_id_obj->identity = $authid;
|
||||
Session::set('openid_server', $open_id_obj->discover($open_id_obj->identity));
|
||||
|
||||
if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) {
|
||||
notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL);
|
||||
$a->internalRedirect();
|
||||
notice(L10n::t('Account not found. Please login to your existing account to add the OpenID to it.') . EOL);
|
||||
} else {
|
||||
notice(L10n::t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.') . EOL);
|
||||
}
|
||||
|
||||
unset($_SESSION['register']);
|
||||
$args = '';
|
||||
$attr = $openid->getAttributes();
|
||||
if (is_array($attr) && count($attr)) {
|
||||
foreach ($attr as $k => $v) {
|
||||
if ($k === 'namePerson/friendly') {
|
||||
$nick = Strings::escapeTags(trim($v));
|
||||
}
|
||||
if ($k === 'namePerson/first') {
|
||||
$first = Strings::escapeTags(trim($v));
|
||||
}
|
||||
if ($k === 'namePerson') {
|
||||
$args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
|
||||
}
|
||||
if ($k === 'contact/email') {
|
||||
$args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
|
||||
}
|
||||
if ($k === 'media/image/aspect11') {
|
||||
$photosq = bin2hex(trim($v));
|
||||
}
|
||||
if ($k === 'media/image/default') {
|
||||
$photo = bin2hex(trim($v));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($nick)) {
|
||||
$args .= '&nickname=' . urlencode($nick);
|
||||
} elseif (!empty($first)) {
|
||||
$args .= '&nickname=' . urlencode($first);
|
||||
}
|
||||
|
||||
if (!empty($photosq)) {
|
||||
$args .= '&photo=' . urlencode($photosq);
|
||||
} elseif (!empty($photo)) {
|
||||
$args .= '&photo=' . urlencode($photo);
|
||||
}
|
||||
|
||||
$args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid)));
|
||||
|
||||
$a->internalRedirect('register?' . $args);
|
||||
|
||||
// NOTREACHED
|
||||
$a->internalRedirect('login');
|
||||
}
|
||||
}
|
||||
notice(L10n::t('Login failed.') . EOL);
|
||||
|
|
|
@ -426,7 +426,6 @@ function settings_post(App $a)
|
|||
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : '');
|
||||
|
||||
$defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : '');
|
||||
$openid = (!empty($_POST['openid_url']) ? Strings::escapeTags(trim($_POST['openid_url'])) : '');
|
||||
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
|
||||
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
|
||||
$def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0);
|
||||
|
@ -438,6 +437,8 @@ function settings_post(App $a)
|
|||
$expire_photos = (!empty($_POST['expire_photos'])? intval($_POST['expire_photos']) : 0);
|
||||
$expire_network_only = (!empty($_POST['expire_network_only'])? intval($_POST['expire_network_only']) : 0);
|
||||
|
||||
$delete_openid = ((!empty($_POST['delete_openid']) && (intval($_POST['delete_openid']) == 1)) ? 1: 0);
|
||||
|
||||
$allow_location = ((!empty($_POST['allow_location']) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
|
||||
$publish = ((!empty($_POST['profile_in_directory']) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
|
||||
$net_publish = ((!empty($_POST['profile_in_netdirectory']) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0);
|
||||
|
@ -538,21 +539,6 @@ function settings_post(App $a)
|
|||
$str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : '';
|
||||
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
|
||||
|
||||
$openidserver = $a->user['openidserver'];
|
||||
//$openid = Strings::normaliseOpenID($openid);
|
||||
|
||||
// If openid has changed or if there's an openid but no openidserver, try and discover it.
|
||||
if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) {
|
||||
if (Network::isUrlValid($openid)) {
|
||||
Logger::log('updating openidserver');
|
||||
$open_id_obj = new LightOpenID($a->getHostName());
|
||||
$open_id_obj->identity = $openid;
|
||||
$openidserver = $open_id_obj->discover($open_id_obj->identity);
|
||||
} else {
|
||||
$openidserver = '';
|
||||
}
|
||||
}
|
||||
|
||||
PConfig::set(local_user(), 'expire', 'items', $expire_items);
|
||||
PConfig::set(local_user(), 'expire', 'notes', $expire_notes);
|
||||
PConfig::set(local_user(), 'expire', 'starred', $expire_starred);
|
||||
|
@ -576,41 +562,17 @@ function settings_post(App $a)
|
|||
}
|
||||
}
|
||||
|
||||
$fields = ['username' => $username, 'email' => $email, 'timezone' => $timezone,
|
||||
'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny,
|
||||
'notify-flags' => $notify, 'page-flags' => $notify, 'account-type' => $account_type, 'default-location' => $defloc,
|
||||
'allow_location' => $allow_location, 'maxreq' => $maxreq, 'expire' => $expire, 'def_gid' => $def_gid, 'blockwall' => $blockwall,
|
||||
'hidewall' => $hide_wall, 'blocktags' => $blocktags, 'unkmail' => $unkmail, 'cntunkmail' => $cntunkmail, 'language' => $language];
|
||||
|
||||
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s',
|
||||
`openid` = '%s', `timezone` = '%s',
|
||||
`allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s',
|
||||
`notify-flags` = %d, `page-flags` = %d, `account-type` = %d, `default-location` = '%s',
|
||||
`allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s',
|
||||
`def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d,
|
||||
`unkmail` = %d, `cntunkmail` = %d, `language` = '%s'
|
||||
WHERE `uid` = %d",
|
||||
DBA::escape($username),
|
||||
DBA::escape($email),
|
||||
DBA::escape($openid),
|
||||
DBA::escape($timezone),
|
||||
DBA::escape($str_contact_allow),
|
||||
DBA::escape($str_group_allow),
|
||||
DBA::escape($str_contact_deny),
|
||||
DBA::escape($str_group_deny),
|
||||
intval($notify),
|
||||
intval($page_flags),
|
||||
intval($account_type),
|
||||
DBA::escape($defloc),
|
||||
intval($allow_location),
|
||||
intval($maxreq),
|
||||
intval($expire),
|
||||
DBA::escape($openidserver),
|
||||
intval($def_gid),
|
||||
intval($blockwall),
|
||||
intval($hidewall),
|
||||
intval($blocktags),
|
||||
intval($unkmail),
|
||||
intval($cntunkmail),
|
||||
DBA::escape($language),
|
||||
intval(local_user())
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
if ($delete_openid) {
|
||||
$fields['openid'] = '';
|
||||
$fields['openidserver'] = '';
|
||||
}
|
||||
if (DBA::update('user', $fields, ['uid' => local_user()])) {
|
||||
info(L10n::t('Settings updated.') . EOL);
|
||||
}
|
||||
|
||||
|
@ -1075,7 +1037,7 @@ function settings_content(App $a)
|
|||
if ($noid) {
|
||||
$openid_field = false;
|
||||
} else {
|
||||
$openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "", "url"];
|
||||
$openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "readonly", "url"];
|
||||
}
|
||||
|
||||
$opt_tpl = Renderer::getMarkupTemplate("field_yesno.tpl");
|
||||
|
@ -1185,6 +1147,7 @@ function settings_content(App $a)
|
|||
'$password4'=> ['mpassword', L10n::t('Password:'), '', L10n::t('Your current password to confirm the changes')],
|
||||
'$oid_enable' => (!Config::get('system', 'no_openid')),
|
||||
'$openid' => $openid_field,
|
||||
'$delete_openid' => ['delete_openid', L10n::t('Delete OpenID URL'), false, ''],
|
||||
|
||||
'$h_basic' => L10n::t('Basic Settings'),
|
||||
'$username' => ['username', L10n::t('Full Name:'), $username, ''],
|
||||
|
|
|
@ -622,6 +622,7 @@ class User
|
|||
}
|
||||
}
|
||||
|
||||
/// @todo Check if this part is really needed. We should have fetched all this data in advance
|
||||
if (empty($username) || empty($email) || empty($nickname)) {
|
||||
if ($openid_url) {
|
||||
if (!Network::isUrlValid($openid_url)) {
|
||||
|
|
|
@ -43,6 +43,9 @@ class Login extends BaseModule
|
|||
|
||||
public static function post()
|
||||
{
|
||||
$openid_identity = Session::get('openid_identity');
|
||||
$openid_server = Session::get('openid_server');
|
||||
|
||||
$return_path = Session::get('return_path');
|
||||
session_unset();
|
||||
Session::set('return_path', $return_path);
|
||||
|
@ -62,7 +65,9 @@ class Login extends BaseModule
|
|||
self::passwordAuthentication(
|
||||
trim($_POST['username']),
|
||||
trim($_POST['password']),
|
||||
!empty($_POST['remember'])
|
||||
!empty($_POST['remember']),
|
||||
$openid_identity,
|
||||
$openid_server
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -91,9 +96,10 @@ class Login extends BaseModule
|
|||
try {
|
||||
$openid = new LightOpenID($a->getHostName());
|
||||
$openid->identity = $openid_url;
|
||||
$_SESSION['openid'] = $openid_url;
|
||||
$_SESSION['remember'] = $remember;
|
||||
Session::set('openid', $openid_url);
|
||||
Session::set('remember', $remember);
|
||||
$openid->returnUrl = $a->getBaseURL(true) . '/openid';
|
||||
$openid->optional = ['namePerson/friendly', 'contact/email', 'namePerson', 'namePerson/first', 'media/image/aspect11', 'media/image/default'];
|
||||
System::externalRedirect($openid->authUrl());
|
||||
} catch (Exception $e) {
|
||||
notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br /><br >' . L10n::t('The error message was:') . ' ' . $e->getMessage());
|
||||
|
@ -103,12 +109,14 @@ class Login extends BaseModule
|
|||
/**
|
||||
* Attempts to authenticate using login/password
|
||||
*
|
||||
* @param string $username User name
|
||||
* @param string $password Clear password
|
||||
* @param bool $remember Whether to set the session remember flag
|
||||
* @param string $username User name
|
||||
* @param string $password Clear password
|
||||
* @param bool $remember Whether to set the session remember flag
|
||||
* @param string $openid_identity OpenID identity
|
||||
* @param string $openid_server OpenID URL
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
private static function passwordAuthentication($username, $password, $remember)
|
||||
private static function passwordAuthentication($username, $password, $remember, $openid_identity, $openid_server)
|
||||
{
|
||||
$record = null;
|
||||
|
||||
|
@ -156,6 +164,10 @@ class Login extends BaseModule
|
|||
Session::set('remember', $remember);
|
||||
Session::set('last_login_date', DateTimeFormat::utcNow());
|
||||
|
||||
if (!empty($openid_identity) || !empty($openid_server)) {
|
||||
DBA::update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]);
|
||||
}
|
||||
|
||||
Session::setAuthenticatedForUser($a, $record, true, true);
|
||||
|
||||
$return_path = Session::get('return_path', '');
|
||||
|
@ -286,16 +298,23 @@ class Login extends BaseModule
|
|||
{
|
||||
$a = self::getApp();
|
||||
$o = '';
|
||||
|
||||
$noid = Config::get('system', 'no_openid');
|
||||
|
||||
if ($noid) {
|
||||
Session::remove('openid_identity');
|
||||
Session::remove('openid_attributes');
|
||||
}
|
||||
|
||||
$reg = false;
|
||||
if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) {
|
||||
$reg = [
|
||||
'title' => L10n::t('Create a New Account'),
|
||||
'desc' => L10n::t('Register')
|
||||
'desc' => L10n::t('Register'),
|
||||
'url' => self::getRegisterURL()
|
||||
];
|
||||
}
|
||||
|
||||
$noid = Config::get('system', 'no_openid');
|
||||
|
||||
if (is_null($return_path)) {
|
||||
$return_path = $a->query_string;
|
||||
}
|
||||
|
@ -314,6 +333,18 @@ class Login extends BaseModule
|
|||
$_SESSION['return_path'] = $return_path;
|
||||
}
|
||||
|
||||
if (!empty(Session::get('openid_identity'))) {
|
||||
$openid_title = L10n::t('Your OpenID: ');
|
||||
$openid_readonly = true;
|
||||
$identity = Session::get('openid_identity');
|
||||
$username_desc = L10n::t('Please enter your username and password to add the OpenID to your existing account.');
|
||||
} else {
|
||||
$openid_title = L10n::t('Or login using OpenID: ');
|
||||
$openid_readonly = false;
|
||||
$identity = '';
|
||||
$username_desc = '';
|
||||
}
|
||||
|
||||
$o .= Renderer::replaceMacros(
|
||||
$tpl,
|
||||
[
|
||||
|
@ -321,12 +352,12 @@ class Login extends BaseModule
|
|||
'$logout' => L10n::t('Logout'),
|
||||
'$login' => L10n::t('Login'),
|
||||
|
||||
'$lname' => ['username', L10n::t('Nickname or Email: '), '', ''],
|
||||
'$lname' => ['username', L10n::t('Nickname or Email: '), '', $username_desc],
|
||||
'$lpassword' => ['password', L10n::t('Password: '), '', ''],
|
||||
'$lremember' => ['remember', L10n::t('Remember me'), 0, ''],
|
||||
|
||||
'$openid' => !$noid,
|
||||
'$lopenid' => ['openid_url', L10n::t('Or login using OpenID: '), '', ''],
|
||||
'$lopenid' => ['openid_url', $openid_title, $identity, '', $openid_readonly],
|
||||
|
||||
'$hiddens' => $hiddens,
|
||||
|
||||
|
@ -347,4 +378,56 @@ class Login extends BaseModule
|
|||
|
||||
return $o;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the URL to the register page and add OpenID parameters to it
|
||||
*/
|
||||
private static function getRegisterURL()
|
||||
{
|
||||
if (empty(Session::get('openid_identity'))) {
|
||||
return 'register';
|
||||
}
|
||||
|
||||
$args = '';
|
||||
$attr = Session::get('openid_attributes') ?? [];
|
||||
|
||||
if (is_array($attr) && count($attr)) {
|
||||
foreach ($attr as $k => $v) {
|
||||
if ($k === 'namePerson/friendly') {
|
||||
$nick = Strings::escapeTags(trim($v));
|
||||
}
|
||||
if ($k === 'namePerson/first') {
|
||||
$first = Strings::escapeTags(trim($v));
|
||||
}
|
||||
if ($k === 'namePerson') {
|
||||
$args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
|
||||
}
|
||||
if ($k === 'contact/email') {
|
||||
$args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
|
||||
}
|
||||
if ($k === 'media/image/aspect11') {
|
||||
$photosq = bin2hex(trim($v));
|
||||
}
|
||||
if ($k === 'media/image/default') {
|
||||
$photo = bin2hex(trim($v));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($nick)) {
|
||||
$args .= '&nickname=' . urlencode($nick);
|
||||
} elseif (!empty($first)) {
|
||||
$args .= '&nickname=' . urlencode($first);
|
||||
}
|
||||
|
||||
if (!empty($photosq)) {
|
||||
$args .= '&photo=' . urlencode($photosq);
|
||||
} elseif (!empty($photo)) {
|
||||
$args .= '&photo=' . urlencode($photo);
|
||||
}
|
||||
|
||||
$args .= '&openid_url=' . urlencode(Strings::escapeTags(trim(Session::get('openid_identity'))));
|
||||
|
||||
return 'register?' . $args;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
<div class='field input openid' id='wrapper_{{$field.0}}'>
|
||||
<label for='id_{{$field.0}}'>{{$field.1}}</label>
|
||||
<input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2 nofilter}}" aria-describedby='{{$field.0}}_tip'>
|
||||
<input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby='{{$field.0}}_tip'>
|
||||
{{if $field.3}}
|
||||
<span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
{{if $register}}
|
||||
<div id="login-extra-links">
|
||||
<h3 id="login-head" class="sr-only">{{$register.title}}</h3>
|
||||
<a href="register" title="{{$register.title}}" id="register-link">{{$register.desc}}</a>
|
||||
<a href="{{$register.url}}" title="{{$register.title}}" id="register-link">{{$register.desc}}</a>
|
||||
</div>
|
||||
{{/if}}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
<div id="id_{{$field.0}}_wrapper" class="form-group field input openid">
|
||||
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}</label>
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" aria-describedby="{{$field.0}}_tip">
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
{{if $field.3}}
|
||||
<span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
{{if $register}}
|
||||
<div id="login-extra-links">
|
||||
<h3 id="login-head" class="sr-only">{{$register.title}}</h3>
|
||||
<a href="register" title="{{$register.title}}" id="register-link" class="btn btn-default">{{$register.desc}}</a>
|
||||
<a href="{{$register.url}}" title="{{$register.title}}" id="register-link" class="btn btn-default">{{$register.desc}}</a>
|
||||
</div>
|
||||
{{/if}}
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
|
||||
{{if $oid_enable}}
|
||||
{{include file="field_input.tpl" field=$openid}}
|
||||
{{include file="field_checkbox.tpl" field=$delete_openid}}
|
||||
{{/if}}
|
||||
|
||||
<div class="form-group pull-right settings-submit-wrapper" >
|
||||
|
|
Loading…
Reference in a new issue