From aca701bef8896a1d6b829f51deecd44d933e517f Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 24 Oct 2019 20:23:26 +0000 Subject: [PATCH] Changed OpenID registration --- mod/openid.php | 59 +++------- mod/settings.php | 65 +++-------- src/Model/User.php | 1 + src/Module/Login.php | 107 ++++++++++++++++-- view/templates/field_openid.tpl | 2 +- view/templates/login.tpl | 2 +- view/theme/frio/templates/field_openid.tpl | 2 +- view/theme/frio/templates/login.tpl | 2 +- .../frio/templates/settings/settings.tpl | 1 + 9 files changed, 128 insertions(+), 113 deletions(-) diff --git a/mod/openid.php b/mod/openid.php index 2bb7f49543..1f63a12de1 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -24,7 +24,7 @@ function openid_content(App $a) { $openid = new LightOpenID($a->getHostName()); if ($openid->validate()) { - $authid = $openid->identity; + $authid = $openid->data['openid_identity']; if (empty($authid)) { Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL); @@ -54,55 +54,22 @@ function openid_content(App $a) { } // Successful OpenID login - but we can't match it to an existing account. - // New registration? + unset($_SESSION['register']); + Session::set('openid_attributes', $openid->getAttributes()); + Session::set('openid_identity', $authid); + + // Detect the server URL + $open_id_obj = new LightOpenID($a->getHostName()); + $open_id_obj->identity = $authid; + Session::set('openid_server', $open_id_obj->discover($open_id_obj->identity)); if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) { - notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL); - $a->internalRedirect(); + notice(L10n::t('Account not found. Please login to your existing account to add the OpenID to it.') . EOL); + } else { + notice(L10n::t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.') . EOL); } - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if (is_array($attr) && count($attr)) { - foreach ($attr as $k => $v) { - if ($k === 'namePerson/friendly') { - $nick = Strings::escapeTags(trim($v)); - } - if ($k === 'namePerson/first') { - $first = Strings::escapeTags(trim($v)); - } - if ($k === 'namePerson') { - $args .= '&username=' . urlencode(Strings::escapeTags(trim($v))); - } - if ($k === 'contact/email') { - $args .= '&email=' . urlencode(Strings::escapeTags(trim($v))); - } - if ($k === 'media/image/aspect11') { - $photosq = bin2hex(trim($v)); - } - if ($k === 'media/image/default') { - $photo = bin2hex(trim($v)); - } - } - } - if (!empty($nick)) { - $args .= '&nickname=' . urlencode($nick); - } elseif (!empty($first)) { - $args .= '&nickname=' . urlencode($first); - } - - if (!empty($photosq)) { - $args .= '&photo=' . urlencode($photosq); - } elseif (!empty($photo)) { - $args .= '&photo=' . urlencode($photo); - } - - $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid))); - - $a->internalRedirect('register?' . $args); - - // NOTREACHED + $a->internalRedirect('login'); } } notice(L10n::t('Login failed.') . EOL); diff --git a/mod/settings.php b/mod/settings.php index b5011881cb..74dc8936dd 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -426,7 +426,6 @@ function settings_post(App $a) $language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); $defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : ''); - $openid = (!empty($_POST['openid_url']) ? Strings::escapeTags(trim($_POST['openid_url'])) : ''); $maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0); $expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0); $def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0); @@ -438,6 +437,8 @@ function settings_post(App $a) $expire_photos = (!empty($_POST['expire_photos'])? intval($_POST['expire_photos']) : 0); $expire_network_only = (!empty($_POST['expire_network_only'])? intval($_POST['expire_network_only']) : 0); + $delete_openid = ((!empty($_POST['delete_openid']) && (intval($_POST['delete_openid']) == 1)) ? 1: 0); + $allow_location = ((!empty($_POST['allow_location']) && (intval($_POST['allow_location']) == 1)) ? 1: 0); $publish = ((!empty($_POST['profile_in_directory']) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); $net_publish = ((!empty($_POST['profile_in_netdirectory']) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0); @@ -538,21 +539,6 @@ function settings_post(App $a) $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : ''; $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; - $openidserver = $a->user['openidserver']; - //$openid = Strings::normaliseOpenID($openid); - - // If openid has changed or if there's an openid but no openidserver, try and discover it. - if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) { - if (Network::isUrlValid($openid)) { - Logger::log('updating openidserver'); - $open_id_obj = new LightOpenID($a->getHostName()); - $open_id_obj->identity = $openid; - $openidserver = $open_id_obj->discover($open_id_obj->identity); - } else { - $openidserver = ''; - } - } - PConfig::set(local_user(), 'expire', 'items', $expire_items); PConfig::set(local_user(), 'expire', 'notes', $expire_notes); PConfig::set(local_user(), 'expire', 'starred', $expire_starred); @@ -576,41 +562,17 @@ function settings_post(App $a) } } + $fields = ['username' => $username, 'email' => $email, 'timezone' => $timezone, + 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny, + 'notify-flags' => $notify, 'page-flags' => $notify, 'account-type' => $account_type, 'default-location' => $defloc, + 'allow_location' => $allow_location, 'maxreq' => $maxreq, 'expire' => $expire, 'def_gid' => $def_gid, 'blockwall' => $blockwall, + 'hidewall' => $hide_wall, 'blocktags' => $blocktags, 'unkmail' => $unkmail, 'cntunkmail' => $cntunkmail, 'language' => $language]; - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', - `openid` = '%s', `timezone` = '%s', - `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', - `notify-flags` = %d, `page-flags` = %d, `account-type` = %d, `default-location` = '%s', - `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', - `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, - `unkmail` = %d, `cntunkmail` = %d, `language` = '%s' - WHERE `uid` = %d", - DBA::escape($username), - DBA::escape($email), - DBA::escape($openid), - DBA::escape($timezone), - DBA::escape($str_contact_allow), - DBA::escape($str_group_allow), - DBA::escape($str_contact_deny), - DBA::escape($str_group_deny), - intval($notify), - intval($page_flags), - intval($account_type), - DBA::escape($defloc), - intval($allow_location), - intval($maxreq), - intval($expire), - DBA::escape($openidserver), - intval($def_gid), - intval($blockwall), - intval($hidewall), - intval($blocktags), - intval($unkmail), - intval($cntunkmail), - DBA::escape($language), - intval(local_user()) - ); - if (DBA::isResult($r)) { + if ($delete_openid) { + $fields['openid'] = ''; + $fields['openidserver'] = ''; + } + if (DBA::update('user', $fields, ['uid' => local_user()])) { info(L10n::t('Settings updated.') . EOL); } @@ -1075,7 +1037,7 @@ function settings_content(App $a) if ($noid) { $openid_field = false; } else { - $openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "", "url"]; + $openid_field = ['openid_url', L10n::t('OpenID:'), $openid, L10n::t("\x28Optional\x29 Allow this OpenID to login to this account."), "", "readonly", "url"]; } $opt_tpl = Renderer::getMarkupTemplate("field_yesno.tpl"); @@ -1185,6 +1147,7 @@ function settings_content(App $a) '$password4'=> ['mpassword', L10n::t('Password:'), '', L10n::t('Your current password to confirm the changes')], '$oid_enable' => (!Config::get('system', 'no_openid')), '$openid' => $openid_field, + '$delete_openid' => ['delete_openid', L10n::t('Delete OpenID URL'), false, ''], '$h_basic' => L10n::t('Basic Settings'), '$username' => ['username', L10n::t('Full Name:'), $username, ''], diff --git a/src/Model/User.php b/src/Model/User.php index 499c55330b..b4da6d2568 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -622,6 +622,7 @@ class User } } + /// @todo Check if this part is really needed. We should have fetched all this data in advance if (empty($username) || empty($email) || empty($nickname)) { if ($openid_url) { if (!Network::isUrlValid($openid_url)) { diff --git a/src/Module/Login.php b/src/Module/Login.php index b67f48fb95..895da7bdbf 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -43,6 +43,9 @@ class Login extends BaseModule public static function post() { + $openid_identity = Session::get('openid_identity'); + $openid_server = Session::get('openid_server'); + $return_path = Session::get('return_path'); session_unset(); Session::set('return_path', $return_path); @@ -62,7 +65,9 @@ class Login extends BaseModule self::passwordAuthentication( trim($_POST['username']), trim($_POST['password']), - !empty($_POST['remember']) + !empty($_POST['remember']), + $openid_identity, + $openid_server ); } } @@ -91,9 +96,10 @@ class Login extends BaseModule try { $openid = new LightOpenID($a->getHostName()); $openid->identity = $openid_url; - $_SESSION['openid'] = $openid_url; - $_SESSION['remember'] = $remember; + Session::set('openid', $openid_url); + Session::set('remember', $remember); $openid->returnUrl = $a->getBaseURL(true) . '/openid'; + $openid->optional = ['namePerson/friendly', 'contact/email', 'namePerson', 'namePerson/first', 'media/image/aspect11', 'media/image/default']; System::externalRedirect($openid->authUrl()); } catch (Exception $e) { notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); @@ -103,12 +109,14 @@ class Login extends BaseModule /** * Attempts to authenticate using login/password * - * @param string $username User name - * @param string $password Clear password - * @param bool $remember Whether to set the session remember flag + * @param string $username User name + * @param string $password Clear password + * @param bool $remember Whether to set the session remember flag + * @param string $openid_identity OpenID identity + * @param string $openid_server OpenID URL * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ - private static function passwordAuthentication($username, $password, $remember) + private static function passwordAuthentication($username, $password, $remember, $openid_identity, $openid_server) { $record = null; @@ -156,6 +164,10 @@ class Login extends BaseModule Session::set('remember', $remember); Session::set('last_login_date', DateTimeFormat::utcNow()); + if (!empty($openid_identity) || !empty($openid_server)) { + DBA::update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]); + } + Session::setAuthenticatedForUser($a, $record, true, true); $return_path = Session::get('return_path', ''); @@ -286,16 +298,23 @@ class Login extends BaseModule { $a = self::getApp(); $o = ''; + + $noid = Config::get('system', 'no_openid'); + + if ($noid) { + Session::remove('openid_identity'); + Session::remove('openid_attributes'); + } + $reg = false; if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) { $reg = [ 'title' => L10n::t('Create a New Account'), - 'desc' => L10n::t('Register') + 'desc' => L10n::t('Register'), + 'url' => self::getRegisterURL() ]; } - $noid = Config::get('system', 'no_openid'); - if (is_null($return_path)) { $return_path = $a->query_string; } @@ -314,6 +333,18 @@ class Login extends BaseModule $_SESSION['return_path'] = $return_path; } + if (!empty(Session::get('openid_identity'))) { + $openid_title = L10n::t('Your OpenID: '); + $openid_readonly = true; + $identity = Session::get('openid_identity'); + $username_desc = L10n::t('Please enter your username and password to add the OpenID to your existing account.'); + } else { + $openid_title = L10n::t('Or login using OpenID: '); + $openid_readonly = false; + $identity = ''; + $username_desc = ''; + } + $o .= Renderer::replaceMacros( $tpl, [ @@ -321,12 +352,12 @@ class Login extends BaseModule '$logout' => L10n::t('Logout'), '$login' => L10n::t('Login'), - '$lname' => ['username', L10n::t('Nickname or Email: '), '', ''], + '$lname' => ['username', L10n::t('Nickname or Email: '), '', $username_desc], '$lpassword' => ['password', L10n::t('Password: '), '', ''], '$lremember' => ['remember', L10n::t('Remember me'), 0, ''], '$openid' => !$noid, - '$lopenid' => ['openid_url', L10n::t('Or login using OpenID: '), '', ''], + '$lopenid' => ['openid_url', $openid_title, $identity, '', $openid_readonly], '$hiddens' => $hiddens, @@ -347,4 +378,56 @@ class Login extends BaseModule return $o; } + + /** + * Get the URL to the register page and add OpenID parameters to it + */ + private static function getRegisterURL() + { + if (empty(Session::get('openid_identity'))) { + return 'register'; + } + + $args = ''; + $attr = Session::get('openid_attributes') ?? []; + + if (is_array($attr) && count($attr)) { + foreach ($attr as $k => $v) { + if ($k === 'namePerson/friendly') { + $nick = Strings::escapeTags(trim($v)); + } + if ($k === 'namePerson/first') { + $first = Strings::escapeTags(trim($v)); + } + if ($k === 'namePerson') { + $args .= '&username=' . urlencode(Strings::escapeTags(trim($v))); + } + if ($k === 'contact/email') { + $args .= '&email=' . urlencode(Strings::escapeTags(trim($v))); + } + if ($k === 'media/image/aspect11') { + $photosq = bin2hex(trim($v)); + } + if ($k === 'media/image/default') { + $photo = bin2hex(trim($v)); + } + } + } + + if (!empty($nick)) { + $args .= '&nickname=' . urlencode($nick); + } elseif (!empty($first)) { + $args .= '&nickname=' . urlencode($first); + } + + if (!empty($photosq)) { + $args .= '&photo=' . urlencode($photosq); + } elseif (!empty($photo)) { + $args .= '&photo=' . urlencode($photo); + } + + $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim(Session::get('openid_identity')))); + + return 'register?' . $args; + } } diff --git a/view/templates/field_openid.tpl b/view/templates/field_openid.tpl index 5faa8c7e96..3c7d02bb8e 100644 --- a/view/templates/field_openid.tpl +++ b/view/templates/field_openid.tpl @@ -1,7 +1,7 @@
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/templates/login.tpl b/view/templates/login.tpl index 19db6afc7c..733c218164 100644 --- a/view/templates/login.tpl +++ b/view/templates/login.tpl @@ -36,7 +36,7 @@ {{if $register}} {{/if}} diff --git a/view/theme/frio/templates/field_openid.tpl b/view/theme/frio/templates/field_openid.tpl index b05270de31..bae9cb4fc4 100644 --- a/view/theme/frio/templates/field_openid.tpl +++ b/view/theme/frio/templates/field_openid.tpl @@ -1,7 +1,7 @@
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/theme/frio/templates/login.tpl b/view/theme/frio/templates/login.tpl index ebbdeee410..09df08bd0a 100644 --- a/view/theme/frio/templates/login.tpl +++ b/view/theme/frio/templates/login.tpl @@ -40,7 +40,7 @@ {{if $register}} {{/if}} diff --git a/view/theme/frio/templates/settings/settings.tpl b/view/theme/frio/templates/settings/settings.tpl index 81db6a0af8..700c2c06c4 100644 --- a/view/theme/frio/templates/settings/settings.tpl +++ b/view/theme/frio/templates/settings/settings.tpl @@ -26,6 +26,7 @@ {{if $oid_enable}} {{include file="field_input.tpl" field=$openid}} + {{include file="field_checkbox.tpl" field=$delete_openid}} {{/if}}