1 files changed, 41 insertions, 197 deletions
diff --git a/return.php b/return.php
index 3d949b492..23751e54a 100644
--- a/return.php
+++ b/return.php
@@ -1,210 +1,54 @@
 <?php
-
 /**
- * Callback for return_to url redirection. The identity server will
- * redirect back to this handler with the results of the
- * authentication attempt.
+ * Callback for return_to url redirection.
  * 
- * Note: the Elgg action system strips off the query string and is incompatible with
- * the JanRain OpenID library, so we need to keep this as an ordinary PHP file
- * for now.
+ * The identity server will redirect back to this handler with the results of
+ * the authentication attempt.
  * 
+ * Note: the Janrain OpenID library is incompatible with Elgg's routing so
+ * this script needs to be directly accessed.
  */
 
-require_once(dirname(dirname(dirname(__FILE__))).'/engine/start.php');
-require_once(dirname(__FILE__).'/models/model.php');
-
-global $CONFIG;
-
-set_context('openid');
-$store = new OpenID_ElggStore();
-$consumer = new Auth_OpenID_Consumer($store);
+require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';
 
-$return_url = $CONFIG->wwwroot.'mod/openid_client/return.php';
+elgg_load_library('openid_consumer');
+elgg_load_library('openid_client');
 
-// TODO - handle passthru_url properly
-// $dest = $query['destination'];
-$response = $consumer->complete($return_url);
-
-if ($response->status == Auth_OpenID_CANCEL) {
-    register_error(elgg_echo("openid_client:authentication_cancelled"));
-} else if ($response->status != Auth_OpenID_SUCCESS) {
-    register_error(sprintf(elgg_echo("openid_client:authentication_failed"),$response->status,$response->message) );
-} else { // SUCCESS.
-	$openid_url = $response->getDisplayIdentifier();
-	
-    // Look for sreg data.
-    $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
-    $sreg = $sreg_resp->contents();
-	if ($sreg) {
-        $email = trim($sreg['email']);
-        $fullname = trim($sreg['fullname']);
-        //print ($email.' '.$fullname);
-    }
-    
-    $entities = get_entities_from_metadata('alias', $openid_url, 'user', 'openid');
+// get user data from the response
+$store = new Auth_OpenID_FileStore('/tmp');
+$consumer = new ElggOpenIDConsumer($store);
+$url = elgg_get_site_url() . 'mod/openid_client/return.php';
+$consumer->setReturnURL($url);
+$data = $consumer->completeAuthentication();
+if (!$data || !$data['openid_identifier']) {
+	// @todo handle error
+}
 
-	if (!$entities || $entities[0]->active == 'no') {
-		if (!$entities) {
-			// this account does not exist
-	    	if (!$email || !validate_email_address($email)) {
-    	    	// there is a problem with the email provided by the profile exchange, so generate a form to collect it
-				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, true)) {
-		    		$details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$email,$fullname);
-	    			$body = openid_client_generate_missing_data_form($openid_url,'',$fullname,true,$details);
-				}
-				$missing_data = true;
-			} elseif (!$fullname) {
-    			// the name is missing
-				$email_confirmation = openid_client_check_email_confirmation($openid_url);
-				if ($email_confirmation) {
-					$prefix = 'a';
-				} else {
-					$prefix = 'n';
-				}
-				// create the account
-				if ($user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation)) {
-					$details = openid_client_create_invitation($prefix,$openid_url,$user->getGUID(),$email,$fullname);
-					$body = openid_client_generate_missing_data_form($openid_url,$email,'',$email_confirmation,$details);
-				}
-				$missing_data = true;
-			} else {
-				// email address and name look good 
-				
-				$login = false;			
-							    
-			    // create a new account
-				   
-			   	$email_confirmation = openid_client_check_email_confirmation($openid_url);		    					    
-			    							
-				$user = openid_client_create_openid_user($openid_url,$email, $fullname, $email_confirmation);
-				$missing_data = false;
-			}
-		} else {
-			// this is an inactive account
-			$user = $entities[0];
-			
-			// need to figure out why the account is inactive
-			
-			$email_confirmation = openid_client_check_email_confirmation($openid_url);
-			
-			if ($user->email && $user->name) {
-    			$missing_data = false;
-    			// no missing information
-			    if (!$email_confirmation) {
-    			    // OK, this is weird - no email confirmation required and all the information has been supplied
-    			    // this should not happen, so just go ahead and activate the account
-    			    $user->active = 'yes';
-    			    $user->save();
-			    }
-		    } else {    		    
-    		    // missing information
-    		    $missing_data = true;
-    		    // does this person have an existing magic code?
-    		    if ($details = openid_client_get_invitation_by_username($user->alias)) {
-        		    $body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
-    		    } else {
-        		    // create a new magic code
-        		    $details = openid_client_create_invitation('a',$openid_url,$user->getGUID(),$user->email,$user->name);
-	    			$body = openid_client_generate_missing_data_form($openid_url,$user->email,$user->name,$email_confirmation,$details);
-    			}   
-		    }
-		}
-		if ($user && !$missing_data) {
-				
-			if ($email_confirmation) {
-				$i_code = openid_client_create_invitation('a',$openid_url,$user->guid,$email,$fullname);
-				openid_client_send_activate_confirmation_message($i_code);
-				system_message(sprintf(elgg_echo("openid_client:activate_confirmation"), $email));
-			} else {
-				system_message(sprintf(elgg_echo("openid_client:created_openid_account"),$email, $fullname));
-				$login = true;
-			}
-		}
-				
-	} else {
-    	
-    	$user = $entities[0];
-		
-		// account is active, check to see if this user has been banned
-	
-	    if (isset($user->banned) && $user->banned == 'yes') { // this needs to change.
-	        register_error(elgg_echo("openid_client:banned"));
-	    } else {
-		    // user has not been banned
-		    // check to see if email address has changed
-		    if ($email && $email != $user->email && validate_email_address($email)) {
-			    // the email on the OpenID server is not the same as the email registered on this local client system
-			    $email_confirmation = openid_client_check_email_confirmation($openid_url);
-			    if ($CONFIG->openid_client_always_sync == 'yes') {
-				    // this client always forces client/server data syncs
-				    if ($fullname) {
-				    	$user->name = $fullname;
-			    	}
-				    if ($email_confirmation) {
-					    // don't let this user in until the email address change is confirmed
-					    $login = false;
-					    $i_code = openid_client_create_invitation('c',$openid_url,$user->guid,$email,$fullname);
-					    openid_client_send_change_confirmation_message($i_code);
-					    system_message(sprintf(elgg_echo("openid_client:change_confirmation"), $email));
-					} else {
-						$login = true;
-						if (openid_client_get_user_by_email($email)) {
-							register_error(elgg_echo("openid_client:email_in_use"),$email);
-						} else {
-    						$user->email = $email;
-							system_message(sprintf(elgg_echo("openid_client:email_updated"),$email));
-						}
-					}
-				} else {
-					$login = true;
-					if (!$store->getNoSyncStatus($user)) {
-						// the following conditions are true:
-						// the email address has changed on the server,
-						// this client does not *require* syncing with the server,
-						// but this user has not turned off syncing
-						// therefore the user needs to be offered the chance to sync his or her data
-						$body = openid_client_generate_sync_form($email,$fullname,$user,$email_confirmation);
-					}
-				}
-			} elseif ($fullname && $fullname != $user->name) {
-				// the fullname on the OpenID server is not the same as the name registered on this local client system
-				$login = true;
-				if ($CONFIG->openid_client_always_sync == 'yes') {
-				    // this client always forces client/server data syncs
-				    $user->name = $fullname;
-				} else {
-					if (!$store->getNoSyncStatus($user)) {
-				    	// the following conditions are true:
-						// the fullname has changed on the server,
-						// this client does not *require* syncing with the server,
-						// but this user has not turned off syncing
-						// therefore the user needs to be offered the chance to sync his or her data
-						$body = openid_client_generate_sync_form($email,$fullname,$user,false);
-					}
-				}
-			} else {
-				// nothing has changed or the data is null so let this person in
-				$login = true;
-			}
-		}							    
+// does this user exist
+$users = elgg_get_entities_from_metadata(array(
+	'type' => 'user',
+	'subtype' => 'openid',
+	'metadata_name' => 'openid_identifier',
+	'metadata_value' => $data['openid_identifier'],
+));
+if ($users) {
+	// log in user and maybe update account (admin setting, user prompt?)
+	$user = $users[0];
+
+	try {
+		login($user);
+	} catch (LoginException $e) {
+		register_error($e->getMessage());
+		forward();
 	}
-    
-    if ($login) {
-		
-		$rememberme = get_input('remember',0);
-		if (!empty($rememberme)) {
-			login($user,true);
-		} else {
-    		login($user);
-		}
-	}
-} 
-
-if(isset($body) && $body) {
-    
-    page_draw(elgg_echo('openid_client:information_title'),$body);
 
-} else {
+	system_message(elgg_echo('loginok'));
 	forward();
+} else {
+	// register the new user
+	$result = openid_client_registration_page_handler($data);
+	if (!$result) {
+		register_error();
+		forward();
+	}
 }