aboutsummaryrefslogtreecommitdiff
path: root/return.php
diff options
context:
space:
mode:
Diffstat (limited to 'return.php')
-rw-r--r--return.php238
1 files changed, 41 insertions, 197 deletions
diff --git a/return.php b/return.php
index 3d949b492..23751e54a 100644
--- a/return.php
+++ b/return.php
@@ -1,210 +1,54 @@
<?php
-
/**
- * Callback for return_to url redirection. The identity server will
- * redirect back to this handler with the results of the
- * authentication attempt.
+ * Callback for return_to url redirection.
*
- * Note: the Elgg action system strips off the query string and is incompatible with
- * the JanRain OpenID library, so we need to keep this as an ordinary PHP file
- * for now.
+ * The identity server will redirect back to this handler with the results of
+ * the authentication attempt.
*
+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so
+ * this script needs to be directly accessed.
*/
-require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');
-require_once(dirname(__FILE__).'/models/model.php');
-
-global $CONFIG;
-
-set_context('openid');
-$store = new OpenID_ElggStore();
-$consumer = new Auth_OpenID_Consumer($store);
+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';
-$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';
+elgg_load_library('openid_consumer');
+elgg_load_library('openid_client');
-// TODO - handle passthru_url properly
-// $dest = $query['destination'];
-$response = $consumer->complete($return_url);
-
-if ($response->status == Auth_OpenID_CANCEL) {
- register_error(elgg_echo("openid_client:authentication_cancelled"));
-} else if ($response->status != Auth_OpenID_SUCCESS) {
- register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );
-} else { // SUCCESS.
- $openid_url = $response->getDisplayIdentifier();
-
- // Look for sreg data.
- $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
- $sreg = $sreg_resp->contents();
- if ($sreg) {
- $email = trim($sreg['email']);
- $fullname = trim($sreg['fullname']);
- //print ($email.' '.$fullname);
- }
-
- $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');
+// get user data from the response
+$store = new Auth_OpenID_FileStore('/tmp');
+$consumer = new ElggOpenIDConsumer($store);
+$url = elgg_get_site_url() . 'mod/openid_client/return.php';
+$consumer->setReturnURL($url);
+$data = $consumer->completeAuthentication();
+if (!$data || !$data['openid_identifier']) {
+ // @todo handle error
+}
- if (!$entities || $entities[0]->active == 'no') {
- if (!$entities) {
- // this account does not exist
- if (!$email || !validate_email_address($email)) {
- // there is a problem with the email provided by the profile exchange, so generate a form to collect it
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);
- $body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);
- }
- $missing_data = true;
- } elseif (!$fullname) {
- // the name is missing
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
- if ($email_confirmation) {
- $prefix = 'a';
- } else {
- $prefix = 'n';
- }
- // create the account
- if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {
- $details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);
- $body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);
- }
- $missing_data = true;
- } else {
- // email address and name look good
-
- $login = false;
-
- // create a new account
-
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
-
- $user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);
- $missing_data = false;
- }
- } else {
- // this is an inactive account
- $user = $entities[0];
-
- // need to figure out why the account is inactive
-
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
-
- if ($user->email && $user->name) {
- $missing_data = false;
- // no missing information
- if (!$email_confirmation) {
- // OK, this is weird - no email confirmation required and all the information has been supplied
- // this should not happen, so just go ahead and activate the account
- $user->active = 'yes';
- $user->save();
- }
- } else {
- // missing information
- $missing_data = true;
- // does this person have an existing magic code?
- if ($details = openid_client_get_invitation_by_username($user->alias)) {
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
- } else {
- // create a new magic code
- $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);
- $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
- }
- }
- }
- if ($user && !$missing_data) {
-
- if ($email_confirmation) {
- $i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);
- openid_client_send_activate_confirmation_message($i_code);
- system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));
- } else {
- system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));
- $login = true;
- }
- }
-
- } else {
-
- $user = $entities[0];
-
- // account is active, check to see if this user has been banned
-
- if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.
- register_error(elgg_echo("openid_client:banned"));
- } else {
- // user has not been banned
- // check to see if email address has changed
- if ($email && $email != $user->email && validate_email_address($email)) {
- // the email on the OpenID server is not the same as the email registered on this local client system
- $email_confirmation = openid_client_check_email_confirmation($openid_url);
- if ($CONFIG->openid_client_always_sync == 'yes') {
- // this client always forces client/server data syncs
- if ($fullname) {
- $user->name = $fullname;
- }
- if ($email_confirmation) {
- // don't let this user in until the email address change is confirmed
- $login = false;
- $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);
- openid_client_send_change_confirmation_message($i_code);
- system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));
- } else {
- $login = true;
- if (openid_client_get_user_by_email($email)) {
- register_error(elgg_echo("openid_client:email_in_use"),$email);
- } else {
- $user->email = $email;
- system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));
- }
- }
- } else {
- $login = true;
- if (!$store->getNoSyncStatus($user)) {
- // the following conditions are true:
- // the email address has changed on the server,
- // this client does not *require* syncing with the server,
- // but this user has not turned off syncing
- // therefore the user needs to be offered the chance to sync his or her data
- $body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);
- }
- }
- } elseif ($fullname && $fullname != $user->name) {
- // the fullname on the OpenID server is not the same as the name registered on this local client system
- $login = true;
- if ($CONFIG->openid_client_always_sync == 'yes') {
- // this client always forces client/server data syncs
- $user->name = $fullname;
- } else {
- if (!$store->getNoSyncStatus($user)) {
- // the following conditions are true:
- // the fullname has changed on the server,
- // this client does not *require* syncing with the server,
- // but this user has not turned off syncing
- // therefore the user needs to be offered the chance to sync his or her data
- $body = openid_client_generate_sync_form($email,$fullname,$user,false);
- }
- }
- } else {
- // nothing has changed or the data is null so let this person in
- $login = true;
- }
- }
+// does this user exist
+$users = elgg_get_entities_from_metadata(array(
+ 'type' => 'user',
+ 'subtype' => 'openid',
+ 'metadata_name' => 'openid_identifier',
+ 'metadata_value' => $data['openid_identifier'],
+));
+if ($users) {
+ // log in user and maybe update account (admin setting, user prompt?)
+ $user = $users[0];
+
+ try {
+ login($user);
+ } catch (LoginException $e) {
+ register_error($e->getMessage());
+ forward();
}
-
- if ($login) {
-
- $rememberme = get_input('remember',0);
- if (!empty($rememberme)) {
- login($user,true);
- } else {
- login($user);
- }
- }
-}
-
-if(isset($body) && $body) {
-
- page_draw(elgg_echo('openid_client:information_title'),$body);
-} else {
+ system_message(elgg_echo('loginok'));
forward();
+} else {
+ // register the new user
+ $result = openid_client_registration_page_handler($data);
+ if (!$result) {
+ register_error();
+ forward();
+ }
}