Merge pull request #7769 from annando/issue-3229

Changed OpenID registration
This commit is contained in:
Hypolite Petovan 2019-10-29 10:32:02 -04:00 committed by GitHub
commit d6ff89d7b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 129 additions and 113 deletions

View file

@ -24,7 +24,7 @@ function openid_content(App $a) {
$openid = new LightOpenID($a->getHostName()); $openid = new LightOpenID($a->getHostName());
if ($openid->validate()) { if ($openid->validate()) {
$authid = $openid->identity; $authid = $openid->data['openid_identity'];
if (empty($authid)) { if (empty($authid)) {
Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL); Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL);
@ -54,55 +54,22 @@ function openid_content(App $a) {
} }
// Successful OpenID login - but we can't match it to an existing account. // Successful OpenID login - but we can't match it to an existing account.
// New registration? unset($_SESSION['register']);
Session::set('openid_attributes', $openid->getAttributes());
Session::set('openid_identity', $authid);
// Detect the server URL
$open_id_obj = new LightOpenID($a->getHostName());
$open_id_obj->identity = $authid;
Session::set('openid_server', $open_id_obj->discover($open_id_obj->identity));
if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) { if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) {
notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL); notice(L10n::t('Account not found. Please login to your existing account to add the OpenID to it.'));
$a->internalRedirect(); } else {
notice(L10n::t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.'));
} }
unset($_SESSION['register']); $a->internalRedirect('login');
$args = '';
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = Strings::escapeTags(trim($v));
}
if ($k === 'namePerson/first') {
$first = Strings::escapeTags(trim($v));
}
if ($k === 'namePerson') {
$args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
}
if ($k === 'contact/email') {
$args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
}
if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v));
}
if ($k === 'media/image/default') {
$photo = bin2hex(trim($v));
}
}
}
if (!empty($nick)) {
$args .= '&nickname=' . urlencode($nick);
} elseif (!empty($first)) {
$args .= '&nickname=' . urlencode($first);
}
if (!empty($photosq)) {
$args .= '&photo=' . urlencode($photosq);
} elseif (!empty($photo)) {
$args .= '&photo=' . urlencode($photo);
}
$args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid)));
$a->internalRedirect('register?' . $args);
// NOTREACHED
} }
} }
notice(L10n::t('Login failed.') . EOL); notice(L10n::t('Login failed.') . EOL);

View file

@ -428,7 +428,6 @@ function settings_post(App $a)
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); $language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : '');
$defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : ''); $defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : '');
$openid = (!empty($_POST['openid_url']) ? Strings::escapeTags(trim($_POST['openid_url'])) : '');
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0); $maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0); $expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
$def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0); $def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0);
@ -440,6 +439,8 @@ function settings_post(App $a)
$expire_photos = (!empty($_POST['expire_photos'])? intval($_POST['expire_photos']) : 0); $expire_photos = (!empty($_POST['expire_photos'])? intval($_POST['expire_photos']) : 0);
$expire_network_only = (!empty($_POST['expire_network_only'])? intval($_POST['expire_network_only']) : 0); $expire_network_only = (!empty($_POST['expire_network_only'])? intval($_POST['expire_network_only']) : 0);
$delete_openid = ((!empty($_POST['delete_openid']) && (intval($_POST['delete_openid']) == 1)) ? 1: 0);
$allow_location = ((!empty($_POST['allow_location']) && (intval($_POST['allow_location']) == 1)) ? 1: 0); $allow_location = ((!empty($_POST['allow_location']) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
$publish = ((!empty($_POST['profile_in_directory']) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); $publish = ((!empty($_POST['profile_in_directory']) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
$net_publish = ((!empty($_POST['profile_in_netdirectory']) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0); $net_publish = ((!empty($_POST['profile_in_netdirectory']) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0);
@ -543,21 +544,6 @@ function settings_post(App $a)
$str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->toString($_POST['group_deny']) : ''; $str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->toString($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->toString($_POST['contact_deny']) : ''; $str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->toString($_POST['contact_deny']) : '';
$openidserver = $a->user['openidserver'];
//$openid = Strings::normaliseOpenID($openid);
// If openid has changed or if there's an openid but no openidserver, try and discover it.
if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) {
if (Network::isUrlValid($openid)) {
Logger::log('updating openidserver');
$open_id_obj = new LightOpenID($a->getHostName());
$open_id_obj->identity = $openid;
$openidserver = $open_id_obj->discover($open_id_obj->identity);
} else {
$openidserver = '';
}
}
PConfig::set(local_user(), 'expire', 'items', $expire_items); PConfig::set(local_user(), 'expire', 'items', $expire_items);
PConfig::set(local_user(), 'expire', 'notes', $expire_notes); PConfig::set(local_user(), 'expire', 'notes', $expire_notes);
PConfig::set(local_user(), 'expire', 'starred', $expire_starred); PConfig::set(local_user(), 'expire', 'starred', $expire_starred);
@ -581,41 +567,18 @@ function settings_post(App $a)
} }
} }
$fields = ['username' => $username, 'email' => $email, 'timezone' => $timezone,
'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny,
'notify-flags' => $notify, 'page-flags' => $notify, 'account-type' => $account_type, 'default-location' => $defloc,
'allow_location' => $allow_location, 'maxreq' => $maxreq, 'expire' => $expire, 'def_gid' => $def_gid, 'blockwall' => $blockwall,
'hidewall' => $hide_wall, 'blocktags' => $blocktags, 'unkmail' => $unkmail, 'cntunkmail' => $cntunkmail, 'language' => $language];
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', if ($delete_openid) {
`openid` = '%s', `timezone` = '%s', $fields['openid'] = '';
`allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', $fields['openidserver'] = '';
`notify-flags` = %d, `page-flags` = %d, `account-type` = %d, `default-location` = '%s', }
`allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s',
`def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, if (DBA::update('user', $fields, ['uid' => local_user()])) {
`unkmail` = %d, `cntunkmail` = %d, `language` = '%s'
WHERE `uid` = %d",
DBA::escape($username),
DBA::escape($email),
DBA::escape($openid),
DBA::escape($timezone),
DBA::escape($str_contact_allow),
DBA::escape($str_group_allow),
DBA::escape($str_contact_deny),
DBA::escape($str_group_deny),
intval($notify),
intval($page_flags),
intval($account_type),
DBA::escape($defloc),
intval($allow_location),
intval($maxreq),
intval($expire),
DBA::escape($openidserver),
intval($def_gid),
intval($blockwall),
intval($hidewall),
intval($blocktags),
intval($unkmail),
intval($cntunkmail),
DBA::escape($language),
intval(local_user())
);
if (DBA::isResult($r)) {
info(L10n::t('Settings updated.') . EOL); info(L10n::t('Settings updated.') . EOL);
} }
@ -1080,7 +1043,7 @@ function settings_content(App $a)
if ($noid) { if ($noid) {
$openid_field = false; $openid_field = false;
} else { } else {
$openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "", "url"]; $openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "readonly", "url"];
} }
$opt_tpl = Renderer::getMarkupTemplate("field_yesno.tpl"); $opt_tpl = Renderer::getMarkupTemplate("field_yesno.tpl");
@ -1190,6 +1153,7 @@ function settings_content(App $a)
'$password4'=> ['mpassword', L10n::t('Password:'), '', L10n::t('Your current password to confirm the changes')], '$password4'=> ['mpassword', L10n::t('Password:'), '', L10n::t('Your current password to confirm the changes')],
'$oid_enable' => (!Config::get('system', 'no_openid')), '$oid_enable' => (!Config::get('system', 'no_openid')),
'$openid' => $openid_field, '$openid' => $openid_field,
'$delete_openid' => ['delete_openid', L10n::t('Delete OpenID URL'), false, ''],
'$h_basic' => L10n::t('Basic Settings'), '$h_basic' => L10n::t('Basic Settings'),
'$username' => ['username', L10n::t('Full Name:'), $username, ''], '$username' => ['username', L10n::t('Full Name:'), $username, ''],

View file

@ -622,6 +622,7 @@ class User
} }
} }
/// @todo Check if this part is really needed. We should have fetched all this data in advance
if (empty($username) || empty($email) || empty($nickname)) { if (empty($username) || empty($email) || empty($nickname)) {
if ($openid_url) { if ($openid_url) {
if (!Network::isUrlValid($openid_url)) { if (!Network::isUrlValid($openid_url)) {

View file

@ -43,6 +43,9 @@ class Login extends BaseModule
public static function post() public static function post()
{ {
$openid_identity = Session::get('openid_identity');
$openid_server = Session::get('openid_server');
$return_path = Session::get('return_path'); $return_path = Session::get('return_path');
session_unset(); session_unset();
Session::set('return_path', $return_path); Session::set('return_path', $return_path);
@ -62,7 +65,9 @@ class Login extends BaseModule
self::passwordAuthentication( self::passwordAuthentication(
trim($_POST['username']), trim($_POST['username']),
trim($_POST['password']), trim($_POST['password']),
!empty($_POST['remember']) !empty($_POST['remember']),
$openid_identity,
$openid_server
); );
} }
} }
@ -91,9 +96,10 @@ class Login extends BaseModule
try { try {
$openid = new LightOpenID($a->getHostName()); $openid = new LightOpenID($a->getHostName());
$openid->identity = $openid_url; $openid->identity = $openid_url;
$_SESSION['openid'] = $openid_url; Session::set('openid', $openid_url);
$_SESSION['remember'] = $remember; Session::set('remember', $remember);
$openid->returnUrl = $a->getBaseURL(true) . '/openid'; $openid->returnUrl = $a->getBaseURL(true) . '/openid';
$openid->optional = ['namePerson/friendly', 'contact/email', 'namePerson', 'namePerson/first', 'media/image/aspect11', 'media/image/default'];
System::externalRedirect($openid->authUrl()); System::externalRedirect($openid->authUrl());
} catch (Exception $e) { } catch (Exception $e) {
notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br /><br >' . L10n::t('The error message was:') . ' ' . $e->getMessage()); notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br /><br >' . L10n::t('The error message was:') . ' ' . $e->getMessage());
@ -103,12 +109,14 @@ class Login extends BaseModule
/** /**
* Attempts to authenticate using login/password * Attempts to authenticate using login/password
* *
* @param string $username User name * @param string $username User name
* @param string $password Clear password * @param string $password Clear password
* @param bool $remember Whether to set the session remember flag * @param bool $remember Whether to set the session remember flag
* @param string $openid_identity OpenID identity
* @param string $openid_server OpenID URL
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/ */
private static function passwordAuthentication($username, $password, $remember) private static function passwordAuthentication($username, $password, $remember, $openid_identity, $openid_server)
{ {
$record = null; $record = null;
@ -156,6 +164,10 @@ class Login extends BaseModule
Session::set('remember', $remember); Session::set('remember', $remember);
Session::set('last_login_date', DateTimeFormat::utcNow()); Session::set('last_login_date', DateTimeFormat::utcNow());
if (!empty($openid_identity) || !empty($openid_server)) {
DBA::update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]);
}
Session::setAuthenticatedForUser($a, $record, true, true); Session::setAuthenticatedForUser($a, $record, true, true);
$return_path = Session::get('return_path', ''); $return_path = Session::get('return_path', '');
@ -286,16 +298,23 @@ class Login extends BaseModule
{ {
$a = self::getApp(); $a = self::getApp();
$o = ''; $o = '';
$noid = Config::get('system', 'no_openid');
if ($noid) {
Session::remove('openid_identity');
Session::remove('openid_attributes');
}
$reg = false; $reg = false;
if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) { if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) {
$reg = [ $reg = [
'title' => L10n::t('Create a New Account'), 'title' => L10n::t('Create a New Account'),
'desc' => L10n::t('Register') 'desc' => L10n::t('Register'),
'url' => self::getRegisterURL()
]; ];
} }
$noid = Config::get('system', 'no_openid');
if (is_null($return_path)) { if (is_null($return_path)) {
$return_path = $a->query_string; $return_path = $a->query_string;
} }
@ -314,6 +333,18 @@ class Login extends BaseModule
$_SESSION['return_path'] = $return_path; $_SESSION['return_path'] = $return_path;
} }
if (!empty(Session::get('openid_identity'))) {
$openid_title = L10n::t('Your OpenID: ');
$openid_readonly = true;
$identity = Session::get('openid_identity');
$username_desc = L10n::t('Please enter your username and password to add the OpenID to your existing account.');
} else {
$openid_title = L10n::t('Or login using OpenID: ');
$openid_readonly = false;
$identity = '';
$username_desc = '';
}
$o .= Renderer::replaceMacros( $o .= Renderer::replaceMacros(
$tpl, $tpl,
[ [
@ -321,12 +352,12 @@ class Login extends BaseModule
'$logout' => L10n::t('Logout'), '$logout' => L10n::t('Logout'),
'$login' => L10n::t('Login'), '$login' => L10n::t('Login'),
'$lname' => ['username', L10n::t('Nickname or Email: '), '', ''], '$lname' => ['username', L10n::t('Nickname or Email: '), '', $username_desc],
'$lpassword' => ['password', L10n::t('Password: '), '', ''], '$lpassword' => ['password', L10n::t('Password: '), '', ''],
'$lremember' => ['remember', L10n::t('Remember me'), 0, ''], '$lremember' => ['remember', L10n::t('Remember me'), 0, ''],
'$openid' => !$noid, '$openid' => !$noid,
'$lopenid' => ['openid_url', L10n::t('Or login using OpenID: '), '', ''], '$lopenid' => ['openid_url', $openid_title, $identity, '', $openid_readonly],
'$hiddens' => $hiddens, '$hiddens' => $hiddens,
@ -347,4 +378,56 @@ class Login extends BaseModule
return $o; return $o;
} }
/**
* Get the URL to the register page and add OpenID parameters to it
*/
private static function getRegisterURL()
{
if (empty(Session::get('openid_identity'))) {
return 'register';
}
$args = [];
$attr = Session::get('openid_attributes', []);
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = Strings::escapeTags(trim($v));
}
if ($k === 'namePerson/first') {
$first = Strings::escapeTags(trim($v));
}
if ($k === 'namePerson') {
$args['username'] = Strings::escapeTags(trim($v));
}
if ($k === 'contact/email') {
$args['email'] = Strings::escapeTags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v));
}
if ($k === 'media/image/default') {
$photo = bin2hex(trim($v));
}
}
}
if (!empty($nick)) {
$args['nickname'] = $nick;
} elseif (!empty($first)) {
$args['nickname'] = $first;
}
if (!empty($photosq)) {
$args['photo'] = $photosq;
} elseif (!empty($photo)) {
$args['photo'] = $photo;
}
$args['openid_url'] = Strings::escapeTags(trim(Session::get('openid_identity')));
return 'register?' . http_build_query($args);
}
} }

View file

@ -1,7 +1,7 @@
<div class='field input openid' id='wrapper_{{$field.0}}'> <div class='field input openid' id='wrapper_{{$field.0}}'>
<label for='id_{{$field.0}}'>{{$field.1}}</label> <label for='id_{{$field.0}}'>{{$field.1}}</label>
<input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2 nofilter}}" aria-describedby='{{$field.0}}_tip'> <input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby='{{$field.0}}_tip'>
{{if $field.3}} {{if $field.3}}
<span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span> <span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span>
{{/if}} {{/if}}

View file

@ -36,7 +36,7 @@
{{if $register}} {{if $register}}
<div id="login-extra-links"> <div id="login-extra-links">
<h3 id="login-head" class="sr-only">{{$register.title}}</h3> <h3 id="login-head" class="sr-only">{{$register.title}}</h3>
<a href="register" title="{{$register.title}}" id="register-link">{{$register.desc}}</a> <a href="{{$register.url}}" title="{{$register.title}}" id="register-link">{{$register.desc}}</a>
</div> </div>
{{/if}} {{/if}}

View file

@ -1,7 +1,7 @@
<div id="id_{{$field.0}}_wrapper" class="form-group field input openid"> <div id="id_{{$field.0}}_wrapper" class="form-group field input openid">
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}</label> <label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}</label>
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" aria-describedby="{{$field.0}}_tip"> <input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby="{{$field.0}}_tip">
{{if $field.3}} {{if $field.3}}
<span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span> <span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span>
{{/if}} {{/if}}

View file

@ -40,7 +40,7 @@
{{if $register}} {{if $register}}
<div id="login-extra-links"> <div id="login-extra-links">
<h3 id="login-head" class="sr-only">{{$register.title}}</h3> <h3 id="login-head" class="sr-only">{{$register.title}}</h3>
<a href="register" title="{{$register.title}}" id="register-link" class="btn btn-default">{{$register.desc}}</a> <a href="{{$register.url}}" title="{{$register.title}}" id="register-link" class="btn btn-default">{{$register.desc}}</a>
</div> </div>
{{/if}} {{/if}}

View file

@ -26,6 +26,7 @@
{{if $oid_enable}} {{if $oid_enable}}
{{include file="field_input.tpl" field=$openid}} {{include file="field_input.tpl" field=$openid}}
{{include file="field_checkbox.tpl" field=$delete_openid}}
{{/if}} {{/if}}
<div class="form-group pull-right settings-submit-wrapper" > <div class="form-group pull-right settings-submit-wrapper" >