diff --git a/mod/openid.php b/mod/openid.php
index 2bb7f4954..1f63a12de 100644
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -24,7 +24,7 @@ function openid_content(App $a) {
$openid = new LightOpenID($a->getHostName());
if ($openid->validate()) {
- $authid = $openid->identity;
+ $authid = $openid->data['openid_identity'];
if (empty($authid)) {
Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL);
@@ -54,55 +54,22 @@ function openid_content(App $a) {
}
// Successful OpenID login - but we can't match it to an existing account.
- // New registration?
+ unset($_SESSION['register']);
+ Session::set('openid_attributes', $openid->getAttributes());
+ Session::set('openid_identity', $authid);
+
+ // Detect the server URL
+ $open_id_obj = new LightOpenID($a->getHostName());
+ $open_id_obj->identity = $authid;
+ Session::set('openid_server', $open_id_obj->discover($open_id_obj->identity));
if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) {
- notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL);
- $a->internalRedirect();
+ notice(L10n::t('Account not found. Please login to your existing account to add the OpenID to it.') . EOL);
+ } else {
+ notice(L10n::t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.') . EOL);
}
- unset($_SESSION['register']);
- $args = '';
- $attr = $openid->getAttributes();
- if (is_array($attr) && count($attr)) {
- foreach ($attr as $k => $v) {
- if ($k === 'namePerson/friendly') {
- $nick = Strings::escapeTags(trim($v));
- }
- if ($k === 'namePerson/first') {
- $first = Strings::escapeTags(trim($v));
- }
- if ($k === 'namePerson') {
- $args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
- }
- if ($k === 'contact/email') {
- $args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
- }
- if ($k === 'media/image/aspect11') {
- $photosq = bin2hex(trim($v));
- }
- if ($k === 'media/image/default') {
- $photo = bin2hex(trim($v));
- }
- }
- }
- if (!empty($nick)) {
- $args .= '&nickname=' . urlencode($nick);
- } elseif (!empty($first)) {
- $args .= '&nickname=' . urlencode($first);
- }
-
- if (!empty($photosq)) {
- $args .= '&photo=' . urlencode($photosq);
- } elseif (!empty($photo)) {
- $args .= '&photo=' . urlencode($photo);
- }
-
- $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid)));
-
- $a->internalRedirect('register?' . $args);
-
- // NOTREACHED
+ $a->internalRedirect('login');
}
}
notice(L10n::t('Login failed.') . EOL);
diff --git a/mod/settings.php b/mod/settings.php
index b5011881c..74dc8936d 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -426,7 +426,6 @@ function settings_post(App $a)
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : '');
$defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : '');
- $openid = (!empty($_POST['openid_url']) ? Strings::escapeTags(trim($_POST['openid_url'])) : '');
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
$def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0);
@@ -438,6 +437,8 @@ function settings_post(App $a)
$expire_photos = (!empty($_POST['expire_photos'])? intval($_POST['expire_photos']) : 0);
$expire_network_only = (!empty($_POST['expire_network_only'])? intval($_POST['expire_network_only']) : 0);
+ $delete_openid = ((!empty($_POST['delete_openid']) && (intval($_POST['delete_openid']) == 1)) ? 1: 0);
+
$allow_location = ((!empty($_POST['allow_location']) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
$publish = ((!empty($_POST['profile_in_directory']) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
$net_publish = ((!empty($_POST['profile_in_netdirectory']) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0);
@@ -538,21 +539,6 @@ function settings_post(App $a)
$str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
- $openidserver = $a->user['openidserver'];
- //$openid = Strings::normaliseOpenID($openid);
-
- // If openid has changed or if there's an openid but no openidserver, try and discover it.
- if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) {
- if (Network::isUrlValid($openid)) {
- Logger::log('updating openidserver');
- $open_id_obj = new LightOpenID($a->getHostName());
- $open_id_obj->identity = $openid;
- $openidserver = $open_id_obj->discover($open_id_obj->identity);
- } else {
- $openidserver = '';
- }
- }
-
PConfig::set(local_user(), 'expire', 'items', $expire_items);
PConfig::set(local_user(), 'expire', 'notes', $expire_notes);
PConfig::set(local_user(), 'expire', 'starred', $expire_starred);
@@ -576,41 +562,17 @@ function settings_post(App $a)
}
}
+ $fields = ['username' => $username, 'email' => $email, 'timezone' => $timezone,
+ 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny,
+ 'notify-flags' => $notify, 'page-flags' => $notify, 'account-type' => $account_type, 'default-location' => $defloc,
+ 'allow_location' => $allow_location, 'maxreq' => $maxreq, 'expire' => $expire, 'def_gid' => $def_gid, 'blockwall' => $blockwall,
+ 'hidewall' => $hide_wall, 'blocktags' => $blocktags, 'unkmail' => $unkmail, 'cntunkmail' => $cntunkmail, 'language' => $language];
- $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s',
- `openid` = '%s', `timezone` = '%s',
- `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s',
- `notify-flags` = %d, `page-flags` = %d, `account-type` = %d, `default-location` = '%s',
- `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s',
- `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d,
- `unkmail` = %d, `cntunkmail` = %d, `language` = '%s'
- WHERE `uid` = %d",
- DBA::escape($username),
- DBA::escape($email),
- DBA::escape($openid),
- DBA::escape($timezone),
- DBA::escape($str_contact_allow),
- DBA::escape($str_group_allow),
- DBA::escape($str_contact_deny),
- DBA::escape($str_group_deny),
- intval($notify),
- intval($page_flags),
- intval($account_type),
- DBA::escape($defloc),
- intval($allow_location),
- intval($maxreq),
- intval($expire),
- DBA::escape($openidserver),
- intval($def_gid),
- intval($blockwall),
- intval($hidewall),
- intval($blocktags),
- intval($unkmail),
- intval($cntunkmail),
- DBA::escape($language),
- intval(local_user())
- );
- if (DBA::isResult($r)) {
+ if ($delete_openid) {
+ $fields['openid'] = '';
+ $fields['openidserver'] = '';
+ }
+ if (DBA::update('user', $fields, ['uid' => local_user()])) {
info(L10n::t('Settings updated.') . EOL);
}
@@ -1075,7 +1037,7 @@ function settings_content(App $a)
if ($noid) {
$openid_field = false;
} else {
- $openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "", "url"];
+ $openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "readonly", "url"];
}
$opt_tpl = Renderer::getMarkupTemplate("field_yesno.tpl");
@@ -1185,6 +1147,7 @@ function settings_content(App $a)
'$password4'=> ['mpassword', L10n::t('Password:'), '', L10n::t('Your current password to confirm the changes')],
'$oid_enable' => (!Config::get('system', 'no_openid')),
'$openid' => $openid_field,
+ '$delete_openid' => ['delete_openid', L10n::t('Delete OpenID URL'), false, ''],
'$h_basic' => L10n::t('Basic Settings'),
'$username' => ['username', L10n::t('Full Name:'), $username, ''],
diff --git a/src/Model/User.php b/src/Model/User.php
index 499c55330..b4da6d256 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -622,6 +622,7 @@ class User
}
}
+ /// @todo Check if this part is really needed. We should have fetched all this data in advance
if (empty($username) || empty($email) || empty($nickname)) {
if ($openid_url) {
if (!Network::isUrlValid($openid_url)) {
diff --git a/src/Module/Login.php b/src/Module/Login.php
index b67f48fb9..895da7bdb 100644
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -43,6 +43,9 @@ class Login extends BaseModule
public static function post()
{
+ $openid_identity = Session::get('openid_identity');
+ $openid_server = Session::get('openid_server');
+
$return_path = Session::get('return_path');
session_unset();
Session::set('return_path', $return_path);
@@ -62,7 +65,9 @@ class Login extends BaseModule
self::passwordAuthentication(
trim($_POST['username']),
trim($_POST['password']),
- !empty($_POST['remember'])
+ !empty($_POST['remember']),
+ $openid_identity,
+ $openid_server
);
}
}
@@ -91,9 +96,10 @@ class Login extends BaseModule
try {
$openid = new LightOpenID($a->getHostName());
$openid->identity = $openid_url;
- $_SESSION['openid'] = $openid_url;
- $_SESSION['remember'] = $remember;
+ Session::set('openid', $openid_url);
+ Session::set('remember', $remember);
$openid->returnUrl = $a->getBaseURL(true) . '/openid';
+ $openid->optional = ['namePerson/friendly', 'contact/email', 'namePerson', 'namePerson/first', 'media/image/aspect11', 'media/image/default'];
System::externalRedirect($openid->authUrl());
} catch (Exception $e) {
notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '
' . L10n::t('The error message was:') . ' ' . $e->getMessage());
@@ -103,12 +109,14 @@ class Login extends BaseModule
/**
* Attempts to authenticate using login/password
*
- * @param string $username User name
- * @param string $password Clear password
- * @param bool $remember Whether to set the session remember flag
+ * @param string $username User name
+ * @param string $password Clear password
+ * @param bool $remember Whether to set the session remember flag
+ * @param string $openid_identity OpenID identity
+ * @param string $openid_server OpenID URL
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
- private static function passwordAuthentication($username, $password, $remember)
+ private static function passwordAuthentication($username, $password, $remember, $openid_identity, $openid_server)
{
$record = null;
@@ -156,6 +164,10 @@ class Login extends BaseModule
Session::set('remember', $remember);
Session::set('last_login_date', DateTimeFormat::utcNow());
+ if (!empty($openid_identity) || !empty($openid_server)) {
+ DBA::update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]);
+ }
+
Session::setAuthenticatedForUser($a, $record, true, true);
$return_path = Session::get('return_path', '');
@@ -286,16 +298,23 @@ class Login extends BaseModule
{
$a = self::getApp();
$o = '';
+
+ $noid = Config::get('system', 'no_openid');
+
+ if ($noid) {
+ Session::remove('openid_identity');
+ Session::remove('openid_attributes');
+ }
+
$reg = false;
if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) {
$reg = [
'title' => L10n::t('Create a New Account'),
- 'desc' => L10n::t('Register')
+ 'desc' => L10n::t('Register'),
+ 'url' => self::getRegisterURL()
];
}
- $noid = Config::get('system', 'no_openid');
-
if (is_null($return_path)) {
$return_path = $a->query_string;
}
@@ -314,6 +333,18 @@ class Login extends BaseModule
$_SESSION['return_path'] = $return_path;
}
+ if (!empty(Session::get('openid_identity'))) {
+ $openid_title = L10n::t('Your OpenID: ');
+ $openid_readonly = true;
+ $identity = Session::get('openid_identity');
+ $username_desc = L10n::t('Please enter your username and password to add the OpenID to your existing account.');
+ } else {
+ $openid_title = L10n::t('Or login using OpenID: ');
+ $openid_readonly = false;
+ $identity = '';
+ $username_desc = '';
+ }
+
$o .= Renderer::replaceMacros(
$tpl,
[
@@ -321,12 +352,12 @@ class Login extends BaseModule
'$logout' => L10n::t('Logout'),
'$login' => L10n::t('Login'),
- '$lname' => ['username', L10n::t('Nickname or Email: '), '', ''],
+ '$lname' => ['username', L10n::t('Nickname or Email: '), '', $username_desc],
'$lpassword' => ['password', L10n::t('Password: '), '', ''],
'$lremember' => ['remember', L10n::t('Remember me'), 0, ''],
'$openid' => !$noid,
- '$lopenid' => ['openid_url', L10n::t('Or login using OpenID: '), '', ''],
+ '$lopenid' => ['openid_url', $openid_title, $identity, '', $openid_readonly],
'$hiddens' => $hiddens,
@@ -347,4 +378,56 @@ class Login extends BaseModule
return $o;
}
+
+ /**
+ * Get the URL to the register page and add OpenID parameters to it
+ */
+ private static function getRegisterURL()
+ {
+ if (empty(Session::get('openid_identity'))) {
+ return 'register';
+ }
+
+ $args = '';
+ $attr = Session::get('openid_attributes') ?? [];
+
+ if (is_array($attr) && count($attr)) {
+ foreach ($attr as $k => $v) {
+ if ($k === 'namePerson/friendly') {
+ $nick = Strings::escapeTags(trim($v));
+ }
+ if ($k === 'namePerson/first') {
+ $first = Strings::escapeTags(trim($v));
+ }
+ if ($k === 'namePerson') {
+ $args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
+ }
+ if ($k === 'contact/email') {
+ $args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
+ }
+ if ($k === 'media/image/aspect11') {
+ $photosq = bin2hex(trim($v));
+ }
+ if ($k === 'media/image/default') {
+ $photo = bin2hex(trim($v));
+ }
+ }
+ }
+
+ if (!empty($nick)) {
+ $args .= '&nickname=' . urlencode($nick);
+ } elseif (!empty($first)) {
+ $args .= '&nickname=' . urlencode($first);
+ }
+
+ if (!empty($photosq)) {
+ $args .= '&photo=' . urlencode($photosq);
+ } elseif (!empty($photo)) {
+ $args .= '&photo=' . urlencode($photo);
+ }
+
+ $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim(Session::get('openid_identity'))));
+
+ return 'register?' . $args;
+ }
}
diff --git a/view/templates/field_openid.tpl b/view/templates/field_openid.tpl
index 5faa8c7e9..3c7d02bb8 100644
--- a/view/templates/field_openid.tpl
+++ b/view/templates/field_openid.tpl
@@ -1,7 +1,7 @@