Changeset 26605 for extensions/oAuth
- Timestamp:
- Jan 11, 2014, 1:27:14 AM (10 years ago)
- Location:
- extensions/oAuth
- Files:
-
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/oAuth/admin/template/providers.tpl
r26558 r26605 128 128 </ol> 129 129 {else} 130 <p>{'No registration required for OpenID based providers'|translate}</p> 130 <p style="text-align:left;"> 131 {if $p=='Flickr' or $p=='Steam' or $p=='Wordpress'} 132 {'Based on OpenID.'|translate}</br> 133 {/if} 134 {'No registration required.'|translate}<br> 135 <a href="{$provider.about_link}" target="_blank">{'About'|translate}</a> 136 </p> 131 137 {/if} 132 138 </div> -
extensions/oAuth/admin/template/style.css
r26556 r26605 48 48 margin:5px; 49 49 } 50 .Wordpress, .OpenID, .Flickr, .Steam {50 .Wordpress, .OpenID, .Flickr, .Steam, .Persona { 51 51 display:inline-block; 52 52 } -
extensions/oAuth/auth.php
r26604 r26605 10 10 try { 11 11 // inputs 12 if ( $provider == 'OpenID' and !isset($_GET['openid_identifier']))12 if ($provider == 'OpenID' and !isset($_GET['openid_identifier'])) 13 13 { 14 14 throw new Exception('Invalid OpenID!', 1003); … … 25 25 } 26 26 27 $hybridauth = new Hybrid_Auth($hybridauth_conf); 27 if ($provider == 'Persona') 28 { 29 $response = persona_verify($_POST['assertion']); 30 31 if ($response === false || $response['status'] != 'okay') 32 { 33 header('HTTP/1.1 503 Service Unavailable'); 34 exit; 35 } 36 else 37 { 38 $oauth_id = array($provider, $response['email']); 39 } 40 } 41 else 42 { 43 $hybridauth = new Hybrid_Auth($hybridauth_conf); 44 45 // connected 46 if ($hybridauth->isConnectedWith($provider)) 47 { 48 $adapter = $hybridauth->getAdapter($provider); 49 $remote_user = $adapter->getUserProfile(); 50 51 $oauth_id = array($provider, $remote_user->identifier); 52 } 53 } 28 54 29 // connected 30 if ($hybridauth->isConnectedWith($provider)) 55 if (!empty($oauth_id)) 31 56 { 32 $adapter = $hybridauth->getAdapter($provider);33 $remote_user = $adapter->getUserProfile();34 35 $oauth_id = $provider.'---'.$remote_user->identifier;36 37 57 // check is already registered 38 58 $query = ' 39 SELECT id FROM ' .USERS_TABLE.'40 WHERE oauth_id = "' .$oauth_id.'"59 SELECT id FROM ' . USERS_TABLE . ' 60 WHERE oauth_id = "' . implode('---', $oauth_id) . '" 41 61 ;'; 42 62 $result = pwg_query($query); … … 47 67 log_user($user_id, false); 48 68 49 $ template->assign('REDIRECT_TO', 'default');69 $redirect_to = 'default'; 50 70 } 51 71 // not registered : redirect to register page … … 54 74 if ($conf['allow_user_registration']) 55 75 { 56 pwg_set_session_var('oauth_new_user', array($provider,$remote_user->identifier));57 $ template->assign('REDIRECT_TO', 'register');76 pwg_set_session_var('oauth_new_user', $oauth_id); 77 $redirect_to = 'register'; 58 78 } 59 79 else 60 80 { 61 81 $_SESSION['page_errors'][] = l10n('Sorry, new registrations are blocked on this gallery.'); 62 $adapter->logout();63 $ template->assign('REDIRECT_TO', 'identification');82 if (isset($adapter)) $adapter->logout(); 83 $redirect_to = 'identification'; 64 84 } 85 } 86 87 if ($provider == 'Persona') 88 { 89 echo json_encode(compact('redirect_to')); 90 header('HTTP/1.1 200 OK'); 91 exit; 92 } 93 else 94 { 95 $template->assign('REDIRECT_TO', $redirect_to); 65 96 } 66 97 } … … 92 123 5 : Authentication aborded 93 124 6 : User profile request failed 125 404 : User not found 94 126 other errors : 127 503 : Persona error 95 128 1002 : Invalid provider 96 129 1003 : Missing openid_identifier 97 130 */ 98 catch (Exception $e) { 99 switch ($e->getCode()) { 131 catch (Exception $e) 132 { 133 switch ($e->getCode()) 134 { 100 135 case 5: 101 136 $template->assign('ERROR', l10n('Authentication canceled')); break; -
extensions/oAuth/include/functions.inc.php
r26604 r26605 25 25 function oauth_assign_template_vars($u_redirect=null) 26 26 { 27 global $template, $conf, $hybridauth_conf ;27 global $template, $conf, $hybridauth_conf, $user; 28 28 29 29 $conf['oauth']['include_common_template'] = true; … … 31 31 if ($template->get_template_vars('OAUTH') == null) 32 32 { 33 if (!empty($user['oauth_id'])) 34 { 35 list($provider, $identifier) = explode('---', $user['oauth_id'], 2); 36 if ($provider == 'Persona') 37 { 38 $persona_email = $identifier; 39 } 40 } 41 33 42 $template->assign('OAUTH', array( 34 43 'conf' => $conf['oauth'], 35 44 'u_login' => get_root_url() . OAUTH_PATH . 'auth.php?provider=', 36 45 'providers' => $hybridauth_conf['providers'], 46 'persona_email' => @$persona_email, 37 47 )); 38 48 $template->assign(array( … … 70 80 } 71 81 } 82 83 // http://www.sitepoint.com/authenticate-users-with-mozilla-persona/ 84 function persona_verify() 85 { 86 $url = 'https://verifier.login.persona.org/verify'; 87 88 $assert = filter_input( 89 INPUT_POST, 90 'assertion', 91 FILTER_UNSAFE_RAW, 92 FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH 93 ); 94 95 $scheme = 'http'; 96 if ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443 ) 97 { 98 $scheme = 'https'; 99 } 100 $audience = sprintf( 101 '%s://%s:%s', 102 $scheme, 103 $_SERVER['HTTP_HOST'], 104 $_SERVER['SERVER_PORT'] 105 ); 106 107 $params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode($audience); 108 109 $options = array( 110 CURLOPT_URL => $url, 111 CURLOPT_RETURNTRANSFER => true, 112 CURLOPT_POST => true, 113 CURLOPT_POSTFIELDS => $params, 114 CURLOPT_SSL_VERIFYPEER => true, 115 CURLOPT_SSL_VERIFYHOST => 2, 116 ); 117 118 $ch = curl_init(); 119 curl_setopt_array($ch, $options); 120 $result = curl_exec($ch); 121 curl_close($ch); 122 123 if ($result === false) 124 { 125 return false; 126 } 127 else 128 { 129 return json_decode($result, true); 130 } 131 } -
extensions/oAuth/include/providers_stats.inc.php
r26555 r26605 55 55 'provider_name' => 'OpenID', 56 56 'new_app_link' => null, 57 'about_link' => 'http://openid.net/get-an-openid/what-is-openid/', 57 58 ), 58 59 'Flickr' => array( … … 60 61 'provider_name' => 'Flickr', 61 62 'new_app_link' => null, 63 'about_link' => 'http://openid.net/get-an-openid/what-is-openid/', 62 64 ), 63 65 'Steam' => array( … … 65 67 'provider_name' => 'Steam', 66 68 'new_app_link' => null, 69 'about_link' => 'http://openid.net/get-an-openid/what-is-openid/', 67 70 ), 68 71 'Wordpress' => array( … … 70 73 'provider_name' => 'Wordpress', 71 74 'new_app_link' => null, 75 'about_link' => 'http://openid.net/get-an-openid/what-is-openid/', 72 76 ), 77 'Persona' => array( 78 'label' => 'Persona', 79 'provider_name' => 'Persona', 80 'new_app_link' => null, 81 'about_link' => 'https://login.persona.org/about', 82 ), 73 83 ); -
extensions/oAuth/include/public_events.inc.php
r26604 r26605 9 9 global $template, $conf, $hybridauth_conf; 10 10 11 if ($hybridauth_conf['enabled'] >0)11 if ($hybridauth_conf['enabled'] == 0) 12 12 { 13 13 return; … … 37 37 { 38 38 list($oauth_id) = pwg_db_fetch_row($result); 39 list($provider) = explode('---', $oauth_id );39 list($provider) = explode('---', $oauth_id, 2); 40 40 $_SESSION['page_errors'][] = l10n('You registered with a %s account, please sign in with the same account.', $provider); 41 41 … … 65 65 list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user'); 66 66 67 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php');68 69 67 try { 70 $hybridauth = new Hybrid_Auth($hybridauth_conf); 71 $adapter = $hybridauth->authenticate($provider); 72 $remote_user = $adapter->getUserProfile(); 73 74 // security, check remote identifier 75 if ($remote_user->identifier != $user_identifier) 68 if ($provider == 'Persona') 76 69 { 77 pwg_unset_session_var('oauth_new_user'); 78 throw new Exception('Hacking attempt!', 403); 70 $template->assign('OAUTH_USER', array( 71 'provider' => $provider, 72 'username' => $user_identifier, 73 'u_profile' => null, 74 'avatar' => null, 75 )); 76 77 oauth_assign_template_vars(); 78 $template->append('OAUTH', array('persona_email'=>$user_identifier), true); 79 80 $conf['oauth']['include_common_template'] = true; 79 81 } 80 81 $template->assign('OAUTH_USER', array( 82 'provider' => $provider, 83 'username' => $remote_user->displayName, 84 'u_profile' => $remote_user->profileURL, 85 'avatar' => $remote_user->photoURL, 86 )); 82 else 83 { 84 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 87 85 86 $hybridauth = new Hybrid_Auth($hybridauth_conf); 87 $adapter = $hybridauth->authenticate($provider); 88 $remote_user = $adapter->getUserProfile(); 89 90 // security, check remote identifier 91 if ($remote_user->identifier != $user_identifier) 92 { 93 pwg_unset_session_var('oauth_new_user'); 94 throw new Exception('Hacking attempt!', 403); 95 } 96 97 $template->assign('OAUTH_USER', array( 98 'provider' => $provider, 99 'username' => $remote_user->displayName, 100 'u_profile' => $remote_user->profileURL, 101 'avatar' => $remote_user->photoURL, 102 )); 103 } 104 105 $oauth_id = $provider.'---'.$user_identifier; 106 88 107 $page['infos'][] = l10n('Your registration is almost done, please complete the registration form.'); 89 90 $oauth_id = $provider.'---'.$remote_user->identifier;91 108 92 109 // form submited … … 124 141 { 125 142 // overwrite fields with remote datas 126 $_POST['login'] = $remote_user->displayName; 127 $_POST['mail_address'] = $remote_user->email; 143 if ($provider == 'Persona') 144 { 145 $_POST['login'] = ''; 146 $_POST['mail_address'] = $user_identifier; 147 } 148 else 149 { 150 $_POST['login'] = $remote_user->displayName; 151 $_POST['mail_address'] = $remote_user->email; 152 } 128 153 } 129 154 … … 133 158 $template->set_prefilter('register', 'oauth_remove_password_fields_prefilter'); 134 159 } 135 catch (Exception $e) { 160 catch (Exception $e) 161 { 136 162 $page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); 137 163 } … … 152 178 function oauth_begin_profile() 153 179 { 154 global $template, $user, $hybridauth_conf, $page; 155 156 $oauth_id = get_oauth_id($user['id']); 157 158 if (!isset($oauth_id)) 159 { 160 return; 161 } 162 163 list($provider) = explode('---', $oauth_id); 164 165 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 180 global $template, $user, $hybridauth_conf, $page, $user; 181 182 if (empty($user['oauth_id'])) 183 { 184 return; 185 } 186 187 list($provider, $user_identifier) = explode('---', $user['oauth_id'], 2); 166 188 167 189 try { 168 $hybridauth = new Hybrid_Auth($hybridauth_conf); 169 $adapter = $hybridauth->getAdapter($provider); 170 $remote_user = $adapter->getUserProfile(); 171 172 $template->assign('OAUTH_USER', array( 173 'provider' => $provider, 174 'username' => $remote_user->displayName, 175 'u_profile' => $remote_user->profileURL, 176 'avatar' => $remote_user->photoURL, 177 )); 190 if ($provider == 'Persona') 191 { 192 $template->assign('OAUTH_USER', array( 193 'provider' => $provider, 194 'username' => $user_identifier, 195 'u_profile' => null, 196 'avatar' => null, 197 )); 198 } 199 else 200 { 201 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 202 203 $hybridauth = new Hybrid_Auth($hybridauth_conf); 204 $adapter = $hybridauth->getAdapter($provider); 205 $remote_user = $adapter->getUserProfile(); 206 207 $template->assign('OAUTH_USER', array( 208 'provider' => $provider, 209 'username' => $remote_user->displayName, 210 'u_profile' => $remote_user->profileURL, 211 'avatar' => $remote_user->photoURL, 212 )); 213 } 178 214 179 215 $template->assign('OAUTH_PATH', OAUTH_PATH); … … 181 217 $template->set_prefilter('profile_content', 'oauth_remove_password_fields_prefilter'); 182 218 } 183 catch (Exception $e) { 219 catch (Exception $e) 220 { 184 221 $page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); 185 222 } … … 201 238 } 202 239 203 list($provider) = explode('---', $oauth_id); 204 205 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 206 207 try { 208 $hybridauth = new Hybrid_Auth($hybridauth_conf); 209 $adapter = $hybridauth->getAdapter($provider); 210 $adapter->logout(); 211 } 212 catch (Exception $e) { 213 $_SESSION['page_errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); 240 list($provider, $identifier) = explode('---', $oauth_id, 2); 241 242 243 if ($provider != 'Persona') 244 { 245 require_once(OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'); 246 247 try { 248 $hybridauth = new Hybrid_Auth($hybridauth_conf); 249 $adapter = $hybridauth->getAdapter($provider); 250 $adapter->logout(); 251 } 252 catch (Exception $e) { 253 $_SESSION['page_errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); 254 } 214 255 } 215 256 } … … 233 274 } 234 275 235 oauth_assign_template_vars(get_gallery_home_url()); 276 $u_redirect = !empty($_GET['redirect']) ? urldecode($_GET['redirect']) : get_gallery_home_url(); 277 oauth_assign_template_vars($u_redirect); 236 278 237 279 $template->set_prefilter('menubar', 'oauth_add_menubar_buttons_prefilter'); 238 280 } 239 281 240 function oauth_include_template() 282 283 /** 284 * load common javascript 285 */ 286 function oauth_page_header() 241 287 { 242 288 global $conf, $template; 243 289 244 290 if (isset($conf['oauth']['include_common_template'])) 245 291 { -
extensions/oAuth/main.inc.php
r26604 r26605 20 20 21 21 22 global $hybridauth_conf, $conf; 23 22 24 // try to load hybridauth config 23 global $hybridauth_conf;24 25 25 include_once(OAUTH_PATH . 'include/functions.inc.php'); 26 26 … … 29 29 load_hybridauth_conf(); 30 30 } 31 32 // force getuserdata() to retrieve 'oauth_id' field 33 $conf['user_fields']['oauth_id'] = 'oauth_id'; 31 34 32 35 … … 43 46 add_event_handler('loc_begin_profile', 'oauth_begin_profile'); 44 47 45 add_event_handler('loc_after_page_header', 'oauth_ include_template');48 add_event_handler('loc_after_page_header', 'oauth_page_header'); 46 49 47 50 add_event_handler('try_log_user', 'oauth_try_log_user', EVENT_HANDLER_PRIORITY_NEUTRAL-30, 2); … … 98 101 // } 99 102 // } 103 104 // pwg_unset_session_var('persona_logout'); 100 105 } 101 106 -
extensions/oAuth/template/identification_common.tpl
r26604 r26605 3 3 {combine_script id='jquery.colorbox' load='footer' require='jquery' path='themes/default/js/plugins/jquery.colorbox.min.js'} 4 4 {combine_css id='colorbox' path="themes/default/js/plugins/colorbox/style2/colorbox.css"} 5 6 {if $OAUTH.providers.Persona.enabled} 7 {combine_script id='persona' path='https://login.persona.org/include.js' load='footer'} 8 {/if} 5 9 6 10 {html_style} … … 31 35 32 36 // click on a button 33 jQuery('a.oauth ').click(function(e) {37 jQuery('a.oauth:not(.persona)').click(function(e) { 34 38 e.preventDefault(); 35 39 … … 100 104 jQuery.colorbox.close(); 101 105 }); 106 107 {if $OAUTH.providers.Persona.enabled} 108 jQuery('a.oauth.persona').click(function(e) { 109 e.preventDefault(); 110 navigator.id.request(); 111 }); 112 113 jQuery('a[href$="act=logout"]').click(function(e) { 114 e.preventDefault(); 115 navigator.id.logout(); 116 }); 117 118 navigator.id.watch({ 119 loggedInUser: {if not empty($OAUTH.persona_email)}'{$OAUTH.persona_email}'{else}null{/if}, 120 121 onlogin: function(assertion) { 122 jQuery.ajax({ 123 type: 'POST', 124 url: '{$OAUTH.u_login}Persona', 125 dataType: 'json', 126 data: { assertion: assertion }, 127 success: function(data) { 128 oauth_redirect(data.redirect_to); 129 }, 130 error: function() { 131 alert('Unknown error'); 132 } 133 }); 134 }, 135 136 onlogout: function() { 137 window.location.href = '{$U_LOGOUT}'; 138 } 139 }); 140 {/if} 102 141 {/footer_script} 103 142 -
extensions/oAuth/template/oauth_sprites.css
r23808 r26605 17 17 .oauth_16px.yahoo { background-position: -160px 0px; } 18 18 .oauth_16px.steam { background-position: -176px 0px; } 19 .oauth_16px.persona { background-position: -192px 0px; } 19 20 20 21 .oauth_26px { … … 36 37 .oauth_26px.yahoo { background-position: -260px 0px; } 37 38 .oauth_26px.steam { background-position: -286px 0px; } 39 .oauth_26px.persona { background-position: -312px 0px; } 38 40 39 41 .oauth_38px { … … 55 57 .oauth_38px.yahoo { background-position: -380px 0px; } 56 58 .oauth_38px.steam { background-position: -418px 0px; } 59 .oauth_38px.persona { background-position: -456px 0px; }
Note: See TracChangeset
for help on using the changeset viewer.