* Allows users to add additional OAuth2 locations for their account.
* Issue #266
*/
require_login();
// POST overrides GET
$oauth2 = require_post("oauth2", require_get("oauth2", false));
$messages = array();
$errors = array();
try {
if ($oauth2) {
$user = \Users\User::getInstance(db());
$args = array("oauth2" => $oauth2);
$url = absolute_url(url_for('oauth2_add', $args));
$provider = Users\OAuth2Providers::createProvider($oauth2, $url);
try {
\Users\UserOAuth2::addIdentity(db(), $user, $provider);
$messages[] = t("Added OAuth2 identity ':identity' to your account.", array(':identity' => htmlspecialchars($provider->getKey())));
// redirect
$destination = url_for('user#user_openid');
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect($destination);
} catch (\Users\UserSignupException $e) {
$errors[] = $e->getMessage();
}
}
} catch (Exception $e) {
if (!$e instanceof EscapedException) {
$e = new EscapedException(htmlspecialchars($e->getMessage()), (int) $e->getCode(), $e);
}
$errors[] = $e->getMessage();
* Allows users to delete OAuth2 locations from their account.
*/
require_login();
$messages = array();
$errors = array();
$uid = require_post("uid");
$provider = require_post("provider");
// make sure we aren't deleting our last identity
$q = db()->prepare("SELECT COUNT(*) AS c FROM user_oauth2_identities WHERE user_id=?");
$q->execute(array(user_id()));
$count = $q->fetch();
// or we have an OpenID identity
$q = db()->prepare("SELECT * FROM user_openid_identities WHERE user_id=? LIMIT 1");
$q->execute(array(user_id()));
$openid = $q->fetch();
// or we have a password hash
$q = db()->prepare("SELECT * FROM user_passwords WHERE user_id=?");
$q->execute(array(user_id()));
$password_hash = $q->fetch();
if ($count['c'] <= 1 && !$password_hash && !$openid) {
$errors[] = t("Cannot remove that OAuth2 identity; at least one identity must be defined.");
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_openid'));
}
$user = \Users\User::getInstance(db());
\Users\UserOAuth2::removeIdentity(db(), $user, $provider, $uid);
$messages[] = t("Removed OAuth2 identity ':identity'.", array(':identity' => $provider));
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_openid'));
/**
* @throws UserSignupException if the user could not be signed up, with a reason
* @throws UserAlreadyExistsException if the identity already exists in the database
*/
static function addIdentity(\Db\Connection $db, User $user, OAuth2Providers $provider)
{
if (!$user) {
throw new \InvalidArgumentException("No user provided.");
}
$identity = UserOAuth2::auth($provider->getProvider());
if (!$identity) {
throw new UserSignupException("Could not login with OAuth2.");
}
$uid = $identity->uid;
if (!$uid) {
throw new UserSignupException("No UID found.");
}
// does such an identity already exist?
$q = $db->prepare("SELECT * FROM user_oauth2_identities WHERE provider=? AND uid=? LIMIT 1");
$q->execute(array($provider->getKey(), $uid));
if ($q->fetch()) {
throw new UserAlreadyExistsException("That OAuth2 identity is already in use.");
}
// create a new identity
$q = $db->prepare("INSERT INTO user_oauth2_identities SET user_id=?, provider=?, uid=?");
$q->execute(array($user->getId(), $provider->getKey(), $uid));
return true;
}
