added some registration code for first time users

8 files changed, 279 insertions, 270 deletions

diff --git a/actions/openid_client/login.php b/actions/openid_client/login.php
new file mode 100644
index 000000000..5e7ad3ace
--- /dev/null
+++ b/actions/openid_client/login.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ *
+ */
+
+elgg_load_library('openid_consumer');
+
+$store = new Auth_OpenID_FileStore('/tmp');
+
+$consumer = new ElggOpenIDConsumer($store);
+$consumer->setProvider('google');
+$consumer->setReturnURL(elgg_get_site_url() . 'mod/openid_client/return.php');
+
+$html = $consumer->requestAuthentication();
+if ($html) {
+	echo $html;
+	exit;
+} else {
+	register_error('oops');
+}
diff --git a/actions/openid_client/register.php b/actions/openid_client/register.php
new file mode 100644
index 000000000..e847d2395
--- /dev/null
+++ b/actions/openid_client/register.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Register an OpenID user
+ */
+
+elgg_set_context('openid_client');
+
+$username = get_input('username');
+$name = get_input('name');
+$email = get_input('email');
+$openid_identifier = get_input('openid_identifier');
+
+$password = 'test';
+
+try {
+	$guid = register_user($username, $password, $name, $email, false);
+} catch (RegistrationException $e) {
+	register_error($e->getMessage());
+	forward(REFERER);
+}
+$user = get_entity($guid);
+
+$user->openid_identifier = $openid_identifier;
+elgg_set_user_validation_status($guid, true, 'openid');
+
+if (!elgg_trigger_plugin_hook('register', 'user', array('user' => $user), true)) {
+	$user->delete();
+	register_error(elgg_echo('registerbad'));
+	forward(REFERER);
+}
+
+login($user);
+system_message($message);
+forward();
diff --git a/lib/helpers.php b/lib/helpers.php
new file mode 100644
index 000000000..c7158235a
--- /dev/null
+++ b/lib/helpers.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * Helper functions for the OpenID client plugin
+ */
+
+/**
+ * Serves a page to the new user to determine account values
+ *
+ * This should only be called after validating the OpenID response.
+ *
+ * @param array $data Key value pairs extracted from the response
+ * @return bool
+ */
+function openid_client_registration_page_handler(array $data) {
+
+	if (!is_array($data)) {
+		return false;
+	}
+
+	$title = 'register';
+
+	$vars = openid_client_prepare_registration_vars($data);
+	$content = elgg_view('openid_client/register', $vars);
+
+	$body = elgg_view_layout('one_column', array('content' => $content));
+	echo elgg_view_page($title, $body);
+
+	return true;
+}
+
+/**
+ * Create the form vars for registration
+ *
+ * @param array $data
+ * @return array
+ */
+function openid_client_prepare_registration_vars(array $data) {
+	$vars = array();
+
+	$vars['openid_identifier'] = $data['openid_identifier'];
+
+	// username
+	if (isset($data['username'])) {
+		$vars['username'] = $data['username'];
+	} else if (isset($data['email'])) {
+		$vars['username'] = array_pop(explode('@', $data['email']));
+	} else {
+		$vars['username'] = null;
+	}
+
+	// is the username available
+	$vars['is_username_available'] = true;
+
+	// is the username valid
+	try {
+		$vars['is_username_valid'] = validate_username($vars['username']);
+	} catch (RegistrationException $e) {
+		$vars['is_username_valid'] = false;
+	}
+
+	// the rest
+	$vars['email'] = elgg_extract('email', $data);
+	$vars['name'] = elgg_extract('name', $data);
+
+	return $vars;
+}
diff --git a/return.php b/return.php
index 3d949b492..23751e54a 100644
--- a/return.php
+++ b/return.php
@@ -1,210 +1,54 @@
 <?php

-

 /**

- * Callback for return_to url redirection. The identity server will

- * redirect back to this handler with the results of the

- * authentication attempt.

+ * Callback for return_to url redirection.

  * 

- * Note: the Elgg action system strips off the query string and is incompatible with

- * the JanRain OpenID library, so we need to keep this as an ordinary PHP file

- * for now.

+ * The identity server will redirect back to this handler with the results of

+ * the authentication attempt.

  * 

+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so

+ * this script needs to be directly accessed.

  */

 

-require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');

-require_once(dirname(__FILE__).'/models/model.php');

-

-global $CONFIG;

-

-set_context('openid');

-$store = new OpenID_ElggStore();

-$consumer = new Auth_OpenID_Consumer($store);

+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';

 

-$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';

+elgg_load_library('openid_consumer');

+elgg_load_library('openid_client');

 

-// TODO - handle passthru_url properly

-// $dest = $query['destination'];

-$response = $consumer->complete($return_url);

-

-if ($response->status == Auth_OpenID_CANCEL) {

-    register_error(elgg_echo("openid_client:authentication_cancelled"));

-} else if ($response->status != Auth_OpenID_SUCCESS) {

-    register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );

-} else { // SUCCESS.

-	$openid_url = $response->getDisplayIdentifier();

-	

-    // Look for sreg data.

-    $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);

-    $sreg = $sreg_resp->contents();

-	if ($sreg) {

-        $email = trim($sreg['email']);

-        $fullname = trim($sreg['fullname']);

-        //print ($email.' '.$fullname);

-    }

-    

-    $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');

+// get user data from the response

+$store = new Auth_OpenID_FileStore('/tmp');

+$consumer = new ElggOpenIDConsumer($store);

+$url = elgg_get_site_url() . 'mod/openid_client/return.php';

+$consumer->setReturnURL($url);

+$data = $consumer->completeAuthentication();

+if (!$data || !$data['openid_identifier']) {

+	// @todo handle error

+}

 

-	if (!$entities || $entities[0]->active == 'no') {

-		if (!$entities) {

-			// this account does not exist

-	    	if (!$email || !validate_email_address($email)) {

-    	    	// there is a problem with the email provided by the profile exchange, so generate a form to collect it

-				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {

-		    		$details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);

-	    			$body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);

-				}

-				$missing_data = true;

-			} elseif (!$fullname) {

-    			// the name is missing

-				$email_confirmation = openid_client_check_email_confirmation($openid_url);

-				if ($email_confirmation) {

-					$prefix = 'a';

-				} else {

-					$prefix = 'n';

-				}

-				// create the account

-				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {

-					$details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);

-					$body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);

-				}

-				$missing_data = true;

-			} else {

-				// email address and name look good 

-				

-				$login = false;			

-							    

-			    // create a new account

-				   

-			   	$email_confirmation = openid_client_check_email_confirmation($openid_url);		    					    

-			    							

-				$user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);

-				$missing_data = false;

-			}

-		} else {

-			// this is an inactive account

-			$user = $entities[0];

-			

-			// need to figure out why the account is inactive

-			

-			$email_confirmation = openid_client_check_email_confirmation($openid_url);

-			

-			if ($user->email && $user->name) {

-    			$missing_data = false;

-    			// no missing information

-			    if (!$email_confirmation) {

-    			    // OK, this is weird - no email confirmation required and all the information has been supplied

-    			    // this should not happen, so just go ahead and activate the account

-    			    $user->active = 'yes';

-    			    $user->save();

-			    }

-		    } else {    		    

-    		    // missing information

-    		    $missing_data = true;

-    		    // does this person have an existing magic code?

-    		    if ($details = openid_client_get_invitation_by_username($user->alias)) {

-        		    $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);

-    		    } else {

-        		    // create a new magic code

-        		    $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);

-	    			$body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);

-    			}   

-		    }

-		}

-		if ($user && !$missing_data) {

-				

-			if ($email_confirmation) {

-				$i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);

-				openid_client_send_activate_confirmation_message($i_code);

-				system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));

-			} else {

-				system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));

-				$login = true;

-			}

-		}

-				

-	} else {

-    	

-    	$user = $entities[0];

-		

-		// account is active, check to see if this user has been banned

-	

-	    if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.

-	        register_error(elgg_echo("openid_client:banned"));

-	    } else {

-		    // user has not been banned

-		    // check to see if email address has changed

-		    if ($email && $email != $user->email && validate_email_address($email)) {

-			    // the email on the OpenID server is not the same as the email registered on this local client system

-			    $email_confirmation = openid_client_check_email_confirmation($openid_url);

-			    if ($CONFIG->openid_client_always_sync == 'yes') {

-				    // this client always forces client/server data syncs

-				    if ($fullname) {

-				    	$user->name = $fullname;

-			    	}

-				    if ($email_confirmation) {

-					    // don't let this user in until the email address change is confirmed

-					    $login = false;

-					    $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);

-					    openid_client_send_change_confirmation_message($i_code);

-					    system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));

-					} else {

-						$login = true;

-						if (openid_client_get_user_by_email($email)) {

-							register_error(elgg_echo("openid_client:email_in_use"),$email);

-						} else {

-    						$user->email = $email;

-							system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));

-						}

-					}

-				} else {

-					$login = true;

-					if (!$store->getNoSyncStatus($user)) {

-						// the following conditions are true:

-						// the email address has changed on the server,

-						// this client does not *require* syncing with the server,

-						// but this user has not turned off syncing

-						// therefore the user needs to be offered the chance to sync his or her data

-						$body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);

-					}

-				}

-			} elseif ($fullname && $fullname != $user->name) {

-				// the fullname on the OpenID server is not the same as the name registered on this local client system

-				$login = true;

-				if ($CONFIG->openid_client_always_sync == 'yes') {

-				    // this client always forces client/server data syncs

-				    $user->name = $fullname;

-				} else {

-					if (!$store->getNoSyncStatus($user)) {

-				    	// the following conditions are true:

-						// the fullname has changed on the server,

-						// this client does not *require* syncing with the server,

-						// but this user has not turned off syncing

-						// therefore the user needs to be offered the chance to sync his or her data

-						$body = openid_client_generate_sync_form($email,$fullname,$user,false);

-					}

-				}

-			} else {

-				// nothing has changed or the data is null so let this person in

-				$login = true;

-			}

-		}							    

+// does this user exist

+$users = elgg_get_entities_from_metadata(array(

+	'type' => 'user',

+	'subtype' => 'openid',

+	'metadata_name' => 'openid_identifier',

+	'metadata_value' => $data['openid_identifier'],

+));

+if ($users) {

+	// log in user and maybe update account (admin setting, user prompt?)

+	$user = $users[0];

+

+	try {

+		login($user);

+	} catch (LoginException $e) {

+		register_error($e->getMessage());

+		forward();

 	}

-    

-    if ($login) {

-		

-		$rememberme = get_input('remember',0);

-		if (!empty($rememberme)) {

-			login($user,true);

-		} else {

-    		login($user);

-		}

-	}

-} 

-

-if(isset($body) && $body) {

-    

-    page_draw(elgg_echo('openid_client:information_title'),$body);

 

-} else {

+	system_message(elgg_echo('loginok'));

 	forward();

+} else {

+	// register the new user

+	$result = openid_client_registration_page_handler($data);

+	if (!$result) {

+		register_error();

+		forward();

+	}

 }

diff --git a/start.php b/start.php
index afbd7e49d..d335d6e55 100644
--- a/start.php
+++ b/start.php
@@ -1,88 +1,61 @@
 <?php

-

 /**

- * Elgg openid client plugin

+ * Elgg OpenID client

  * 

- * @package ElggOpenID

- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2

- * @author Kevin Jardine <kevin@radagast.biz>

- * @copyright Curverider Ltd 2008-2009

- * @link http://elgg.com/

  */

- 

- global $CONFIG;

- 

- set_include_path(get_include_path() . PATH_SEPARATOR . $CONFIG->pluginspath . 'openid_client/models');

+

+elgg_register_event_handler('init', 'system', 'openid_client_init');

 

 /**

- * OpenID client initialisation

- *

- * These parameters are required for the event API, but we won't use them:

- * 

- * @param unknown_type $event

- * @param unknown_type $object_type

- * @param unknown_type $object

+ * OpenID client initialization

  */

-

 function openid_client_init() {

-		

-    elgg_extend_view("login/extend", "openid_client/forms/login");

-        

-	// Extend system CSS with our own styles

-	elgg_extend_view('css','openid_client/css');

-		

-	// Register a page handler, so we can have nice URLs

-	register_page_handler('openid_client','openid_client_page_handler');

-    	

-}

-        

-function openid_client_pagesetup()

-    {

-    if (get_context() == 'admin' && isadminloggedin()) {

-    	global $CONFIG;

-    	add_submenu_item(elgg_echo('openid_client:admin_title'), $CONFIG->wwwroot . 'pg/openid_client/admin');

-    }

-}

+	elgg_extend_view('core/account/login_box', 'openid_client/login');

+	

+	$base = elgg_get_plugins_path() . 'openid_client/actions/openid_client';

+	elgg_register_action('openid_client/login', "$base/login.php", 'public');

+	elgg_register_action('openid_client/register', "$base/register.php", 'public');

 

-function openid_client_can_edit($hook_name, $entity_type, $return_value, $parameters) {

-	$entity = $parameters['entity'];

-	$context = get_context();

-	if ($context == 'openid' && $entity->getSubtype() == "openid") {

-	// should be able to do anything with OpenID user data

-	return true;

-	}

-	return null;  

+	$base = elgg_get_plugins_path() . 'openid_client/lib';

+	elgg_register_library('openid_client', "$base/helpers.php");

+

+	elgg_register_event_handler('create', 'user', 'openid_client_set_subtype', 1);

+

+	elgg_register_page_handler('openid_client', 'openid_client_page_handler');

 }

 

-function openid_client_page_handler($page) {

-	if (isset($page[0])) {

-		if ($page[0] == 'admin') {

-			include(dirname(__FILE__) . "/pages/admin.php");

-			return true;

-		} else if ($page[0] == 'confirm') {

-			include(dirname(__FILE__) . "/pages/confirm.php");

-			return true;

-		} else if ($page[0] == 'sso') {

-			include(dirname(__FILE__) . "/pages/sso.php");

-			return true;

-		} else if ($page[0] == 'reset') {

-			include(dirname(__FILE__) . "/pages/reset.php");

-			return true;

-		}

-	}

-	return false;

+/**

+ * Set the correct subtype for OpenID users

+ *

+ * @param string   $event  Event name

+ * @param string   $type   Object type

+ * @param ElggUser $user   New user

+ */

+function openid_client_set_subtype($event, $type, $user) {

+	$db_prefix = elgg_get_config('dbprefix');

+	$guid = (int)$user->getGUID();

+	$subtype_id = (int)add_subtype('user', 'openid');

+

+	$query = "UPDATE {$db_prefix}entities SET subtype = $subtype_id WHERE guid = $guid";

+	update_data($query);

 }

 

-register_elgg_event_handler('init','system','openid_client_init');

-register_elgg_event_handler('pagesetup','system','openid_client_pagesetup');

+/**

+ * OpenID client page handler

+ *

+ * @param type $page Array of URL segments

+ * @return bool

+ */

+function openid_client_page_handler($page) {

 

-register_plugin_hook('permissions_check','user','openid_client_can_edit');

+	// this is test code for right now

+	elgg_load_library('openid_client');

+	openid_client_registration_page_handler(array(

+		'username' => 'john',

+		'email' => 'john@example.org',

+		'name' => 'John Doe',

+		'openid_identifier' => 'abcdefghijklmnopqrstuvwxyz',

+	));

 

-// Register actions

-global $CONFIG;

-register_action("openid_client/login",true,$CONFIG->pluginspath . "openid_client/actions/login.php");

-register_action("openid_client/return",true,$CONFIG->pluginspath . "openid_client/actions/return.php");

-register_action("openid_client/admin",false,$CONFIG->pluginspath . "openid_client/actions/admin.php");

-//register_action("openid_client/confirm",false,$CONFIG->pluginspath . "openid_client/actions/confirm.php");

-register_action("openid_client/missing",false,$CONFIG->pluginspath . "openid_client/actions/missing.php");

-register_action("openid_client/sync",false,$CONFIG->pluginspath . "openid_client/actions/sync.php");

+	return true;

+}

diff --git a/views/default/forms/openid_client/register.php b/views/default/forms/openid_client/register.php
new file mode 100644
index 000000000..b8f57fb59
--- /dev/null
+++ b/views/default/forms/openid_client/register.php
@@ -0,0 +1,55 @@
+<?php
+/**
+ * OpenID register form body
+ *
+ * @uses $vars['openid_identifier']
+ * @uses $vars['username']
+ * @uses $vars['is_username_available']
+ * @uses $vars['is_username_valid']
+ * @uses $vars['email']
+ * @uses $vars['name']
+ */
+
+$username_label = '';
+$username_input = elgg_view('input/text', array(
+	'name' => 'username',
+	'value' => $vars['username'],
+));
+
+$name_label = elgg_echo();
+$name_input = elgg_view('input/text', array(
+	'name' => 'name',
+	'value' => $vars['name'],
+));
+
+$email_label = elgg_echo();
+$email_input = elgg_view('input/email', array(
+	'name' => 'email',
+	'value' => $vars['email'],
+));
+
+$openid_input = elgg_view('input/hidden', array(
+	'name' => 'openid_identifier',
+	'value' => $vars['openid_identifier'],
+));
+$button = elgg_view('input/submit', array('value' => elgg_echo('save')));
+
+echo <<<HTML
+<div>
+	<label>$username_label</label>
+	$username_input
+</div>
+<div>
+	<label>$name_label</label>
+	$name_input
+</div>
+<div>
+	<label>$email_label</label>
+	$email_input
+</div>
+<div class="elgg-foot">
+	$openid_input
+	$button
+</div>
+
+HTML;
diff --git a/views/default/openid_client/login.php b/views/default/openid_client/login.php
new file mode 100644
index 000000000..f89b790c0
--- /dev/null
+++ b/views/default/openid_client/login.php
@@ -0,0 +1,10 @@
+<?php
+/**
+ *
+ */
+
+echo elgg_view('output/url', array(
+	'text' => 'login with Google',
+	'href' => 'action/openid_client/login',
+	'is_action' => true,
+));
diff --git a/views/default/openid_client/register.php b/views/default/openid_client/register.php
new file mode 100644
index 000000000..0c3770ed2
--- /dev/null
+++ b/views/default/openid_client/register.php
@@ -0,0 +1,7 @@
+<?php
+/**
+ * Registration content view for OpenID client
+ *
+ */
+
+echo elgg_view_form('openid_client/register', array(), $vars);