* Removed some cruft from the login code. Combined the

  do_login() and session_startup() functions.  Moved more duplicated
  code into a single code path.
* Completed the OpenID signin process for existing users, and for new
  users who have made their preferred nickname available via Simple
  Registration Extension (assuming this nickname is available on the
  Citadel system).  Other sign in flows are forthcoming...

diff --git a/citadel/citserver.c b/citadel/citserver.c
index 29150820afd2c7eb2c042c30cdbef9681a0c457e..ca612b0b0ed9b93261a789a8fa29b5de1d82e474 100644 (file)
--- a/citadel/citserver.c
+++ b/citadel/citserver.c
@@ -170,6 +170,7 @@ void master_startup(void) {
                gettimeofday(&tv, NULL);
                seed = tv.tv_usec;
        }
+       srand(seed);
        srandom(seed);
 
        CtdlLogPrintf(CTDL_INFO, "Initializing ipgm secret\n");

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index 0a676f70016bd0170da8845cc52dd66c68d6d5c9..7bd6867e681cfe47891ab1a20d44f054daf8fc78 100644 (file)
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -223,6 +223,7 @@ void cmd_oidd(char *argbuf) {
 int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys)
 {
        char *desired_name = NULL;
+       char new_password[32];
 
        if (config.c_auth_mode != AUTHMODE_NATIVE) return(1);
        if (config.c_disable_newu) return(2);
@@ -240,10 +241,13 @@ int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys)
        /* The desired account name is available.  Create the account and log it in! */
        if (create_user(desired_name, 1)) return(6);
 
+       snprintf(new_password, sizeof new_password, "%08lx%08lx", random(), random());
+       CtdlSetPassword(new_password);
        attach_openid(&CC->user, claimed_id);
        return(0);
 }
 
+// FIXME we still have to set up the vCard
 
 // identity = [50]  http://uncensored.citadel.org/~ajc/MyID.config.php
 // sreg.nickname = [17]  IGnatius T Foobar
@@ -272,6 +276,8 @@ int login_via_openid(char *claimed_id)
        cdb_free(cdboi);
 
        if (!getuserbynumber(&CC->user, usernum)) {
+               /* Now become the user we just created */
+               safestrncpy(CC->curr_user, CC->user.fullname, sizeof CC->curr_user);
                do_login();
                return(0);
        }

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index ac25b1a8926616e4b9014c78a7f4ed5d124ddfa1..4f4ba6795d57581541be5d51cf308b1fa556e592 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -618,8 +618,9 @@ void cmd_user(char *cmdbuf)
 /*
  * session startup code which is common to both cmd_pass() and cmd_newu()
  */
-void session_startup(void)
+void do_login(void)
 {
+       CC->logged_in = 1;
        CtdlLogPrintf(CTDL_NOTICE, "<%s> logged in\n", CC->curr_user);
 
        lgetuser(&CC->user, CC->curr_user);
@@ -806,13 +807,6 @@ void start_chkpwd_daemon(void) {
 }
 
 
-void do_login()
-{
-       (CC->logged_in) = 1;
-       session_startup();
-}
-
-
 int CtdlTryPassword(char *password)
 {
        int code;
@@ -1103,7 +1097,7 @@ int create_user(char *newusername, int become_user)
                /* Now become the user we just created */
                memcpy(&CC->user, &usbuf, sizeof(struct ctdluser));
                safestrncpy(CC->curr_user, username, sizeof CC->curr_user);
-               CC->logged_in = 1;
+               do_login();
        
                /* Check to make sure we're still who we think we are */
                if (getuser(&CC->user, CC->curr_user)) {
@@ -1173,7 +1167,6 @@ void cmd_newu(char *cmdbuf)
        a = create_user(username, 1);
 
        if (a == 0) {
-               session_startup();
                logged_in_response();
        } else if (a == ERROR + ALREADY_EXISTS) {
                cprintf("%d '%s' already exists.\n",
@@ -1189,9 +1182,21 @@ void cmd_newu(char *cmdbuf)
 }
 
 
+/*
+ * set password - back end api code
+ */
+void CtdlSetPassword(char *new_pw)
+{
+       lgetuser(&CC->user, CC->curr_user);
+       safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password));
+       lputuser(&CC->user);
+       CtdlLogPrintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user);
+       PerformSessionHooks(EVT_SETPASS);
+}
+
 
 /*
- * set password
+ * set password - citadel protocol implementation
  */
 void cmd_setp(char *new_pw)
 {
@@ -1212,12 +1217,9 @@ void cmd_setp(char *new_pw)
                cprintf("%d Password unchanged.\n", CIT_OK);
                return;
        }
-       lgetuser(&CC->user, CC->curr_user);
-       safestrncpy(CC->user.password, new_pw, sizeof(CC->user.password));
-       lputuser(&CC->user);
+
+       CtdlSetPassword(new_pw);
        cprintf("%d Password changed.\n", CIT_OK);
-       CtdlLogPrintf(CTDL_INFO, "Password changed for user <%s>\n", CC->curr_user);
-       PerformSessionHooks(EVT_SETPASS);
 }
 
 

diff --git a/citadel/user_ops.h b/citadel/user_ops.h
index c4e3e902df3cf11a5800315958046c0c480aa2ad..0fb812298c9f2cdf6a12b8530ebf660adb9c888d 100644 (file)
--- a/citadel/user_ops.h
+++ b/citadel/user_ops.h
@@ -70,6 +70,7 @@ enum {
 
 
 int CtdlTryPassword(char *password);
+void CtdlSetPassword(char *new_pw);
 
 /*
  * Values which may be returned by CtdlTryPassword()

diff --git a/webcit/auth.c b/webcit/auth.c
index 553e9af30937a051a5f77075eae9e6ec86624078..1eed0591759c0475568abb3d3293b87f2285e55f 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -220,8 +220,7 @@ void do_login(void)
                        serv_printf("PASS %s", bstr("pass"));
                        serv_getln(buf, sizeof buf);
                        if (buf[0] == '2') {
-                               become_logged_in(bstr("name"),
-                                                bstr("pass"), buf);
+                               become_logged_in(bstr("name"), bstr("pass"), buf);
                        } else {
                                display_login(&buf[4]);
                                return;
@@ -352,7 +351,7 @@ void finalize_openid_login(void)
                                                else if (linecount == 2) {
                                                        safestrncpy(password, buf, sizeof password);
                                                }
-                                               else if (linecount == 2) {
+                                               else if (linecount == 3) {
                                                        safestrncpy(logged_in_response, buf,
                                                                sizeof logged_in_response);
                                                }