/**
* Try to log in using OpenID
*
* Check the OpenID for validity; potentially store it.
*
* @return void
*/
function tryLogin()
{
$consumer = oid_consumer();
$response = $consumer->complete(common_local_url('finishaddopenid'));
if ($response->status == Auth_OpenID_CANCEL) {
$this->message(_m('OpenID authentication cancelled.'));
return;
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message));
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
$display = $response->getDisplayIdentifier();
$canonical = $response->endpoint && $response->endpoint->canonicalID ? $response->endpoint->canonicalID : $display;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
if ($sreg_resp) {
$sreg = $sreg_resp->contents();
}
$cur = common_current_user();
$other = oid_get_user($canonical);
if ($other) {
if ($other->id == $cur->id) {
$this->message(_m('You already have this OpenID!'));
} else {
$this->message(_m('Someone else already has this OpenID.'));
}
return;
}
// start a transaction
$cur->query('BEGIN');
$result = oid_link_user($cur->id, $canonical, $display);
if (!$result) {
$this->message(_m('Error connecting user.'));
return;
}
if ($sreg) {
if (!oid_update_user($cur, $sreg)) {
$this->message(_m('Error updating profile'));
return;
}
}
// success!
$cur->query('COMMIT');
oid_set_last($display);
common_redirect(common_local_url('openidsettings'), 303);
}
}
}
}
function tryLogin()
{
$consumer = oid_consumer();
$response = $consumer->complete(common_local_url('finishopenidlogin'));
if ($response->status == Auth_OpenID_CANCEL) {
// TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled.
$this->message(_m('OpenID authentication cancelled.'));
return;
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// TRANS: OpenID authentication failed; display the error message. %s is the error message.
$this->message(sprintf(_m('OpenID authentication failed: %s'), $response->message));
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$display = $response->getDisplayIdentifier();
$canonical = $response->endpoint->canonicalID ? $response->endpoint->canonicalID : $response->getDisplayIdentifier();
oid_assert_allowed($display);
oid_assert_allowed($canonical);
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
if ($sreg_resp) {
$sreg = $sreg_resp->contents();
}
// Launchpad teams extension
if (!oid_check_teams($response)) {
$this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
return;
}
$user = oid_get_user($canonical);
if ($user) {
oid_set_last($display);
# XXX: commented out at @edd's request until better
# control over how data flows from OpenID provider.
# oid_update_user($user, $sreg);
common_set_user($user);
common_real_login(true);
if (isset($_SESSION['openid_rememberme']) && $_SESSION['openid_rememberme']) {
common_rememberme($user);
}
unset($_SESSION['openid_rememberme']);
$this->goHome($user->nickname);
} else {
$this->saveValues($display, $canonical, $sreg);
$this->showForm(null, $this->bestNewNickname($display, $sreg));
}
}
}
}
}
function oid_authenticate($openid_url, $returnto, $immediate = false)
{
$consumer = oid_consumer();
if (!$consumer) {
// TRANS: OpenID plugin server error.
common_server_error(_m('Cannot instantiate OpenID consumer object.'));
return false;
}
common_ensure_session();
$auth_request = $consumer->begin($openid_url);
// Handle failure status return values.
if (!$auth_request) {
common_log(LOG_ERR, __METHOD__ . ": mystery fail contacting {$openid_url}");
// TRANS: OpenID plugin message. Given when an OpenID is not valid.
return _m('Not a valid OpenID.');
} else {
if (Auth_OpenID::isFailure($auth_request)) {
common_log(LOG_ERR, __METHOD__ . ": OpenID fail to {$openid_url}: {$auth_request->message}");
// TRANS: OpenID plugin server error. Given when the OpenID authentication request fails.
// TRANS: %s is the failure message.
return sprintf(_m('OpenID failure: %s'), $auth_request->message);
}
}
$sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone', 'postcode', 'country'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$requiredTeam = common_config('openid', 'required_team');
if ($requiredTeam) {
// LaunchPad OpenID extension
$team_request = new Auth_OpenID_TeamsRequest(array($requiredTeam));
if ($team_request) {
$auth_request->addExtension($team_request);
}
}
$trust_root = common_root_url(true);
$process_url = common_local_url($returnto);
// Net::OpenID::Server as used on LiveJournal appears to incorrectly
// reject POST requests for data submissions that OpenID 1.1 specs
// as GET, although 2.0 allows them:
// https://rt.cpan.org/Public/Bug/Display.html?id=42202
//
// Our OpenID libraries would have switched in the redirect automatically
// if it were detecting 1.1 compatibility mode, however the server is
// advertising itself as 2.0-compatible, so we got switched to the POST.
//
// Since the GET should always work anyway, we'll just take out the
// autosubmitter for now.
//
//if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $process_url, $immediate);
if (!$redirect_url) {
} else {
if (Auth_OpenID::isFailure($redirect_url)) {
// TRANS: OpenID plugin server error. Given when the OpenID authentication request cannot be redirected.
// TRANS: %s is the failure message.
return sprintf(_m('Could not redirect to server: %s'), $redirect_url->message);
} else {
common_redirect($redirect_url, 303);
}
}
/*
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($trust_root, $process_url,
$immediate, array('id' => $form_id));
# XXX: This is cheap, but things choke if we don't escape ampersands
# in the HTML attributes
$form_html = preg_replace('/&/', '&', $form_html);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
// TRANS: OpenID plugin server error if the form markup could not be generated.
// TRANS: %s is the failure message.
common_server_error(sprintf(_m('Could not create OpenID form: %s'), $form_html->message));
} else {
$action = new AutosubmitAction(); // see below
$action->form_html = $form_html;
$action->form_id = $form_id;
$action->prepare(array('action' => 'autosubmit'));
$action->handle(array('action' => 'autosubmit'));
}
}
*/
}
/**
* Try to log in using OpenID
*
* Check the OpenID for validity; potentially store it.
*
* @return void
*/
function tryLogin()
{
$consumer = oid_consumer();
$response = $consumer->complete(common_local_url('finishaddopenid'));
if ($response->status == Auth_OpenID_CANCEL) {
// TRANS: Status message in case the response from the OpenID provider is that the logon attempt was cancelled.
$this->message(_m('OpenID authentication cancelled.'));
return;
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// TRANS: OpenID authentication failed; display the error message.
// TRANS: %s is the error message.
$this->message(sprintf(_m('OpenID authentication failed: %s.'), $response->message));
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
$display = $response->getDisplayIdentifier();
$canonical = $response->endpoint && $response->endpoint->canonicalID ? $response->endpoint->canonicalID : $display;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
if ($sreg_resp) {
$sreg = $sreg_resp->contents();
}
// Launchpad teams extension
if (!oid_check_teams($response)) {
// TRANS: OpenID authentication error.
$this->message(_m('OpenID authentication aborted: You are not allowed to login to this site.'));
return;
}
$cur = common_current_user();
$other = oid_get_user($canonical);
if ($other) {
if ($other->id == $cur->id) {
// TRANS: Message in case a user tries to add an OpenID that is already connected to them.
$this->message(_m('You already have this OpenID!'));
} else {
// TRANS: Message in case a user tries to add an OpenID that is already used by another user.
$this->message(_m('Someone else already has this OpenID.'));
}
return;
}
// start a transaction
$cur->query('BEGIN');
$result = oid_link_user($cur->id, $canonical, $display);
if (!$result) {
// TRANS: Message in case the OpenID object cannot be connected to the user.
$this->message(_m('Error connecting user.'));
return;
}
if (Event::handle('StartOpenIDUpdateUser', array($cur, $canonical, &$sreg))) {
if ($sreg) {
if (!oid_update_user($cur, $sreg)) {
// TRANS: Message in case the user or the user profile cannot be saved in StatusNet.
$this->message(_m('Error updating profile.'));
return;
}
}
}
Event::handle('EndOpenIDUpdateUser', array($cur, $canonical, $sreg));
// success!
$cur->query('COMMIT');
oid_set_last($display);
common_redirect(common_local_url('openidsettings'), 303);
}
}
}
}
function oid_authenticate($openid_url, $returnto, $immediate = false)
{
$consumer = oid_consumer();
if (!$consumer) {
common_server_error(_m('Cannot instantiate OpenID consumer object.'));
return false;
}
common_ensure_session();
$auth_request = $consumer->begin($openid_url);
// Handle failure status return values.
if (!$auth_request) {
return _m('Not a valid OpenID.');
} else {
if (Auth_OpenID::isFailure($auth_request)) {
return sprintf(_m('OpenID failure: %s'), $auth_request->message);
}
}
$sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone', 'postcode', 'country'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$trust_root = common_root_url(true);
$process_url = common_local_url($returnto);
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $process_url, $immediate);
if (!$redirect_url) {
} else {
if (Auth_OpenID::isFailure($redirect_url)) {
return sprintf(_m('Could not redirect to server: %s'), $redirect_url->message);
} else {
common_redirect($redirect_url, 303);
}
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($trust_root, $process_url, $immediate, array('id' => $form_id));
# XXX: This is cheap, but things choke if we don't escape ampersands
# in the HTML attributes
$form_html = preg_replace('/&/', '&', $form_html);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
common_server_error(sprintf(_m('Could not create OpenID form: %s'), $form_html->message));
} else {
$action = new AutosubmitAction();
// see below
$action->form_html = $form_html;
$action->form_id = $form_id;
$action->prepare(array('action' => 'autosubmit'));
$action->handle(array('action' => 'autosubmit'));
}
}
}
