diff --git a/mod/openid.php b/mod/openid.php deleted file mode 100644 index fc7336a54..000000000 --- a/mod/openid.php +++ /dev/null @@ -1,82 +0,0 @@ -internalRedirect(); - } - - Logger::log('mod_openid ' . print_r($_REQUEST,true), Logger::DATA); - - if (!empty($_GET['openid_mode']) && !empty($_SESSION['openid'])) { - - $openid = new LightOpenID($a->getHostName()); - - if ($openid->validate()) { - $authid = $openid->data['openid_identity']; - - if (empty($authid)) { - Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL); - $a->internalRedirect(); - } - - // NOTE: we search both for normalised and non-normalised form of $authid - // because the normalization step was removed from setting - // mod/settings.php in 8367cad so it might have left mixed - // records in the user table - // - $condition = ['blocked' => false, 'account_expired' => false, 'account_removed' => false, 'verified' => true, - 'openid' => [$authid, Strings::normaliseOpenID($authid)]]; - $user = DBA::selectFirst('user', [], $condition); - if (DBA::isResult($user)) { - - // successful OpenID login - - unset($_SESSION['openid']); - - /** @var Authentication $authentication */ - $authentication = BaseObject::getClass(Authentication::class); - $authentication->setForUser($a, $user, true, true); - - // just in case there was no return url set - // and we fell through - - $a->internalRedirect(); - } - - // Successful OpenID login - but we can't match it to an existing account. - unset($_SESSION['register']); - Session::set('openid_attributes', $openid->getAttributes()); - Session::set('openid_identity', $authid); - - // Detect the server URL - $open_id_obj = new LightOpenID($a->getHostName()); - $open_id_obj->identity = $authid; - Session::set('openid_server', $open_id_obj->discover($open_id_obj->identity)); - - if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) { - notice(L10n::t('Account not found. Please login to your existing account to add the OpenID to it.')); - } else { - notice(L10n::t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.')); - } - - $a->internalRedirect('login'); - } - } - notice(L10n::t('Login failed.') . EOL); - $a->internalRedirect(); - // NOTREACHED -} diff --git a/src/Module/Security/OpenID.php b/src/Module/Security/OpenID.php new file mode 100644 index 000000000..f33c5e54d --- /dev/null +++ b/src/Module/Security/OpenID.php @@ -0,0 +1,108 @@ +get('system', 'no_openid')) { + $baseUrl->redirect(); + } + } + + public static function content(array $parameters = []) + { + /** @var LoggerInterface $logger */ + $logger = self::getClass(LoggerInterface::class); + + $logger->debug('mod_openid.', ['request' => $_REQUEST]); + + /** @var ISession $session */ + $session = self::getClass(ISession::class); + + if (!empty($_GET['openid_mode']) && !empty($session->get('openid'))) { + + /** @var BaseURL $baseUrl */ + $baseUrl = self::getClass(BaseURL::class); + + $openid = new LightOpenID($baseUrl->getHostname()); + + /** @var L10n $l10n */ + $l10n = self::getClass(L10n::class); + + if ($openid->validate()) { + $authId = $openid->data['openid_identity']; + + if (empty($authId)) { + $logger->info($l10n->t('OpenID protocol error. No ID returned')); + $baseUrl->redirect(); + } + + // NOTE: we search both for normalised and non-normalised form of $authid + // because the normalization step was removed from setting + // mod/settings.php in 8367cad so it might have left mixed + // records in the user table + // + $condition = ['blocked' => false, 'account_expired' => false, 'account_removed' => false, 'verified' => true, + 'openid' => [$authId, Strings::normaliseOpenID($authId)]]; + + $dba = self::getClass(Database::class); + + $user = $dba->selectFirst('user', [], $condition); + if ($dba->isResult($user)) { + + // successful OpenID login + $session->remove('openid'); + + /** @var Authentication $auth */ + $auth = self::getClass(Authentication::class); + $auth->setForUser(self::getApp(), $user, true, true); + + // just in case there was no return url set + // and we fell through + $baseUrl->redirect(); + } + + // Successful OpenID login - but we can't match it to an existing account. + $session->remove('register'); + $session->set('openid_attributes', $openid->getAttributes()); + $session->set('openid_identity', $authId); + + // Detect the server URL + $open_id_obj = new LightOpenID($baseUrl->getHostName()); + $open_id_obj->identity = $authId; + $session->set('openid_server', $open_id_obj->discover($open_id_obj->identity)); + + $config = self::getClass(Configuration::class); + + if (intval($config->get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED) { + notice($l10n->t('Account not found. Please login to your existing account to add the OpenID to it.')); + } else { + notice($l10n->t('Account not found. Please register a new account or login to your existing account to add the OpenID to it.')); + } + + $baseUrl->redirect('login'); + } + } + } +} diff --git a/static/routes.config.php b/static/routes.config.php index d23b09216..15e7383a4 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -178,9 +178,10 @@ return [ '/h2b' => [Module\Oembed::class, [R::GET]], '/{hash}' => [Module\Oembed::class, [R::GET]], ], - '/outbox/{owner}' => [Module\Outbox::class, [R::GET]], - '/owa' => [Module\Owa::class, [R::GET]], - '/opensearch' => [Module\OpenSearch::class, [R::GET]], + '/outbox/{owner}' => [Module\Outbox::class, [R::GET]], + '/owa' => [Module\Owa::class, [R::GET]], + '/openid' => [Module\Security\OpenID::class, [R::GET]], + '/opensearch' => [Module\OpenSearch::class, [R::GET]], '/photo' => [ '/{name}' => [Module\Photo::class, [R::GET]],