aboutsummaryrefslogtreecommitdiff
path: root/return.php
blob: ab0fc622afb4a0df0e5e705f6d158f9941e2936a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
/**
 * Callback for return_to url redirection.
 * 
 * The identity server will redirect back to this handler with the results of
 * the authentication attempt.
 * 
 * Note: the Janrain OpenID library is incompatible with Elgg's routing so
 * this script needs to be directly accessed.
 */

require_once dirname(dirname(dirname(__FILE__))).'/engine/start.php';

elgg_load_library('openid_consumer');
elgg_load_library('openid_client');

// get user data from the response
$consumer = new ElggOpenIDConsumer($store);
$url = elgg_get_site_url() . 'mod/openid_client/return.php';
$consumer->setReturnURL($url);
$data = $consumer->completeAuthentication();
if (!$data || !$data['openid_identifier']) {
	register_error(elgg_echo('openid_client:error:bad_response'));
	forward();
}

// is there an account already associated with this openid
$user = null;
$users = elgg_get_entities_from_annotations(array(
	'type' => 'user',
	'annotation_name' => 'openid_identifier',
	'annotation_value' => $data['openid_identifier'],
));
if ($users) {
	// there should only be one account
	$user = $users[0];
} else {
	$email = elgg_extract('email', $data);
	if ($email) {
		$users = get_user_by_email($email);
		if (count($users) === 1) {
			$user = $users[0];
			$user->annotate('openid_identifier', $data['openid_identifier'], ACCESS_PUBLIC);
		}
	}
}

if ($user) {
	// log in user and maybe update account (admin setting, user prompt?)
	try {
		login($user);
	} catch (LoginException $e) {
		register_error($e->getMessage());
		forward();
	}

	system_message(elgg_echo('loginok'));
	forward();
} else {
	// register the new user
	$result = openid_client_registration_page_handler($data);
	if (!$result) {
		register_error(elgg_echo('openid_client:error:bad_register'));
		forward();
	}
}