Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/plugins/openid/server.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/openid/server.php')
-rw-r--r--plugins/openid/server.php65
1 files changed, 36 insertions, 29 deletions
diff --git a/plugins/openid/server.php b/plugins/openid/server.php
index 2804fcd1..05ca5d37 100644
--- a/plugins/openid/server.php
+++ b/plugins/openid/server.php
@@ -48,8 +48,8 @@ function openid_provider_xrds_simple( $xrds ) {
if ( ! $user && get_option( 'openid_blog_owner' ) ) {
$url_parts = parse_url( get_option( 'home' ) );
- $path = array_key_exists( 'path', $url_parts ) ? $url_parts['path'] : '';
- $path = trailingslashit( $path );
+ $path = array_key_exists( 'path', $url_parts ) ? $url_parts['path'] : '';
+ $path = trailingslashit( $path );
$script = preg_replace( '/index.php$/', '', $_SERVER['SCRIPT_NAME'] );
$script = trailingslashit( $script );
@@ -76,32 +76,32 @@ function openid_provider_xrds_simple( $xrds ) {
$services = array();
$tmp_types = apply_filters( 'openid_server_xrds_types', array( 'http://specs.openid.net/auth/2.0/signon' ) );
- $types = array();
+ $types = array();
foreach ( $tmp_types as $t ) {
$types[] = array( 'content' => $t );
}
$services[] = array(
- 'Type' => $types,
- 'URI' => openid_server_url(),
+ 'Type' => $types,
+ 'URI' => openid_server_url(),
'LocalID' => get_author_posts_url( $user->ID ),
);
$tmp_types = apply_filters( 'openid_server_xrds_types', array( 'http://openid.net/signon/1.1' ) );
- $types = array();
+ $types = array();
foreach ( $tmp_types as $t ) {
$types[] = array( 'content' => $t );
}
$services[] = array(
- 'Type' => $types,
- 'URI' => openid_server_url(),
+ 'Type' => $types,
+ 'URI' => openid_server_url(),
'openid:Delegate' => get_author_posts_url( $user->ID ),
);
}
} else {
$services = array(
array(
- 'Type' => array( array( 'content' => 'http://specs.openid.net/auth/2.0/server' ) ),
- 'URI' => openid_server_url(),
+ 'Type' => array( array( 'content' => 'http://specs.openid.net/auth/2.0/server' ) ),
+ 'URI' => openid_server_url(),
'LocalID' => 'http://specs.openid.net/auth/2.0/identifier_select',
),
);
@@ -136,19 +136,19 @@ function openid_provider_webfinger( $webfinger, $resource, $user ) {
if ( get_user_meta( $user->ID, 'openid_delegate', true ) ) {
$webfinger['links'][] = array(
'href' => get_user_meta( $user->ID, 'openid_delegate', true ),
- 'rel' => 'http://specs.openid.net/auth/2.0/provider',
+ 'rel' => 'http://specs.openid.net/auth/2.0/provider',
);
} else {
// check if WebFinger user is "blog-owner"
if ( get_option( 'openid_blog_owner' ) && get_option( 'openid_blog_owner' ) == $user->user_login ) {
$webfinger['links'][] = array(
'href' => site_url( '/' ),
- 'rel' => 'http://specs.openid.net/auth/2.0/provider',
+ 'rel' => 'http://specs.openid.net/auth/2.0/provider',
);
} else { // otherwise use author-url
$webfinger['links'][] = array(
'href' => get_author_posts_url( $user->ID ),
- 'rel' => 'http://specs.openid.net/auth/2.0/provider',
+ 'rel' => 'http://specs.openid.net/auth/2.0/provider',
);
}
}
@@ -248,15 +248,20 @@ function openid_server_auth_request( $request ) {
do_action( 'openid_server_post_auth', $request );
// get some user data
- $user = wp_get_current_user();
+ $user = wp_get_current_user();
$author_url = get_author_posts_url( $user->ID );
- $id_select = $request->idSelect();
+ $id_select = ( $request->identity == 'http://specs.openid.net/auth/2.0/identifier_select' );
// bail if user does not have access to OpenID provider
if ( ! $user->has_cap( 'use_openid_provider' ) ) {
return $request->answer( false );
}
+ // bail if user doesn't own identity and not using id select
+ if ( ! $id_select && ( $author_url != $request->identity ) ) {
+ return $request->answer( false );
+ }
+
// if using id select but user is delegating, display error to user (unless checkid_immediate)
if ( $id_select && get_user_meta( $user->ID, 'openid_delegate', true ) ) {
if ( 'checkid_immediate' != $request->mode ) {
@@ -270,14 +275,14 @@ function openid_server_auth_request( $request ) {
echo '<h1>' . __( 'OpenID Login Error', 'openid' ) . '</h1>';
echo '<p>';
- printf( __( 'Because you have delegated your OpenID, you cannot login with the URL <strong>%s</strong>. Instead, you must use your full OpenID when logging in.', 'openid'), trailingslashit( get_option( 'home' ) ) );
+ printf( __( 'Because you have delegated your OpenID, you cannot login with the URL <strong>%s</strong>. Instead, you must use your full OpenID when logging in.', 'openid' ), trailingslashit( get_option( 'home' ) ) );
echo'</p>';
- echo '<p>' . sprintf( __( 'Your full OpenID is: %s', 'openid'), '<strong>' . $author_url . '</strong>' ) . '</p>';
+ echo '<p>' . sprintf( __( 'Your full OpenID is: %s', 'openid' ), '<strong>' . $author_url . '</strong>' ) . '</p>';
echo '
<form method="post">
<p class="submit">
- <input type="submit" value="'.__('Continue').'" />
+ <input type="submit" value="' . __( 'Continue' ) . '" />
<input type="hidden" name="action" value="cancel" />
<input type="hidden" name="openid_server" value="1" />
</p>'
@@ -293,7 +298,7 @@ function openid_server_auth_request( $request ) {
// if user trusts site, we're done
$trusted_sites = get_user_meta( $user->ID, 'openid_trusted_sites', true );
- $site_hash = md5( $request->trust_root );
+ $site_hash = md5( $request->trust_root );
if ( is_array( $trusted_sites ) && array_key_exists( $site_hash, $trusted_sites ) ) {
$trusted_sites[ $site_hash ]['last_login'] = time();
update_user_meta( $user->ID, 'openid_trusted_sites', $trusted_sites );
@@ -421,7 +426,7 @@ function openid_provider_link_tags() {
}
}
} else {
- $server = openid_server_url();
+ $server = openid_server_url();
$identifier = get_author_posts_url( $user->ID );
echo '
@@ -471,8 +476,8 @@ function openid_server_user_trust( $request ) {
);
$site = apply_filters( 'openid_server_store_trusted_site', $site );
- $trusted_sites = get_user_meta( $user->ID, 'openid_trusted_sites', true );
- $site_hash = md5( $request->trust_root );
+ $trusted_sites = get_user_meta( $user->ID, 'openid_trusted_sites', true );
+ $site_hash = md5( $request->trust_root );
$trusted_sites[ $site_hash ] = $site;
update_user_meta( $user->ID, 'openid_trusted_sites', $trusted_sites );
@@ -502,7 +507,7 @@ function openid_server_user_trust( $request ) {
<div id="site">' . get_option( 'blogname' ) . '</div>';
if ( is_user_logged_in() ) {
- $user = wp_get_current_user();
+ $user = wp_get_current_user();
$logout_url = site_url( 'wp-login.php?action=logout&redirect_to=' . urlencode( openid_server_url() ), 'login' );
echo '
<div id="loggedin">' . sprintf( __( 'Logged in as %1$s (%2$s). <a href="%3$s">Use a different account?</a>', 'openid' ), $user->display_name, $user->user_login, $logout_url ) . '</div>';
@@ -530,8 +535,10 @@ function openid_server_user_trust( $request ) {
</p>
<p style="margin: 3em 0 1em 0; font-size: 0.8em;">'
- . sprintf( __( 'Manage or remove access on the <a href="%s" target="_blank">Trusted Sites</a> page.', 'openid' ),
- admin_url( ( current_user_can( 'edit_users' ) ? 'users.php' : 'profile.php' ) . '?page=openid_trusted_sites' ) )
+ . sprintf(
+ __( 'Manage or remove access on the <a href="%s" target="_blank">Trusted Sites</a> page.', 'openid' ),
+ admin_url( ( current_user_can( 'edit_users' ) ? 'users.php' : 'profile.php' ) . '?page=openid_trusted_sites' )
+ )
. '</p>
<p style="margin: 1em 0; font-size: 0.8em;">'
. sprintf( __( '<a href="%s" target="_blank">Edit your profile</a> to change the information that gets shared with Trusted Sites.', 'openid' ), admin_url( 'profile.php' ) )
@@ -603,8 +610,8 @@ function openid_server_get_delegation_info( $userid, $url = null ) {
}
$html_content = $response->body;
- $p = new Auth_OpenID_Parse();
- $link_attrs = $p->parseLinkAttrs( $html_content );
+ $p = new Auth_OpenID_Parse();
+ $link_attrs = $p->parseLinkAttrs( $html_content );
// check HTML for OpenID2
$server_url = $p->findFirstHref( $link_attrs, 'openid2.provider' );
@@ -614,8 +621,8 @@ function openid_server_get_delegation_info( $userid, $url = null ) {
$openid_url = $url;
}
$services[] = array(
- 'Type' => array( array( 'content' => Auth_OpenID_Type_1_1 ) ),
- 'URI' => $server_url,
+ 'Type' => array( array( 'content' => Auth_OpenID_Type_1_1 ) ),
+ 'URI' => $server_url,
'LocalID' => $openid_url,
);
}