From: Art Cancro <ajc@citadel.org>
Date: Thu, 5 Jun 2008 02:32:46 +0000 (+0000)
Subject: * Completed the code for creating a new account, manually specifying
X-Git-Tag: v7.86~2166
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=4b70719359d4be829a4a78f2198a9da61f36f652

* Completed the code for creating a new account, manually specifying
  the account name, when an OpenID was verified but the desired nickname
  either was not supplied or conflicts with an existing user.
* The SETP command can now be passed a special string that tells it the
  client wants the server to auto-generate a random password.
---

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index 0729c62de..b74a3f886 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -181,6 +181,31 @@ void cmd_oidl(char *argbuf) {
 }
 
 
+/*
+ * Create a new user account, manually specifying the name, after successfully
+ * verifying an OpenID (which will of course be attached to the account)
+ */
+void cmd_oidc(char *argbuf) {
+	struct ctdl_openid *oiddata = (struct ctdl_openid *) CC->openid_data;
+
+	if (!oiddata->verified) {
+		cprintf("%d You have not verified an OpenID yet.\n", ERROR);
+		return;
+	}
+
+	/* We can make the semantics of OIDC exactly the same as NEWU, simply
+	 * by _calling_ cmd_newu() and letting it run.  Very clever!
+	 */
+	cmd_newu(argbuf);
+
+	/* Now, if this logged us in, we have to attach the OpenID */
+	if (CC->logged_in) {
+		attach_openid(&CC->user, oiddata->claimed_id);
+	}
+}
+
+
+
 
 /*
  * Detach an OpenID from the currently logged in account
@@ -778,6 +803,7 @@ CTDL_MODULE_INIT(openid_rp)
 		CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
 		CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account");
 		CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account");
+		CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create a new user after validating an OpenID");
 		CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT);
 		CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER);
 	}
@@ -785,7 +811,3 @@ CTDL_MODULE_INIT(openid_rp)
 	/* return our Subversion id for the Log */
 	return "$Id$";
 }
-
-
-/* FIXME ... we have to add the new openid database to serv_vandelay.c */
-
diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 4f4ba6795..6baed0b2e 100644
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1200,6 +1200,8 @@ void CtdlSetPassword(char *new_pw)
  */
 void cmd_setp(char *new_pw)
 {
+	int generate_random_password = 0;
+
 	if (CtdlAccessCheck(ac_logged_in)) {
 		return;
 	}
@@ -1212,14 +1214,23 @@ void cmd_setp(char *new_pw)
 			ERROR + NOT_HERE);
 		return;
 	}
-	strproc(new_pw);
-	if (IsEmptyStr(new_pw)) {
-		cprintf("%d Password unchanged.\n", CIT_OK);
-		return;
-	}
 
-	CtdlSetPassword(new_pw);
-	cprintf("%d Password changed.\n", CIT_OK);
+	if (!strcasecmp(new_pw, "GENERATE_RANDOM_PASSWORD")) {
+		char random_password[17];
+		generate_random_password = 1;
+		snprintf(random_password, sizeof random_password, "%08lx%08lx", random(), random());
+		CtdlSetPassword(random_password);
+		cprintf("%d %s\n", CIT_OK, random_password);
+	}
+	else {
+		strproc(new_pw);
+		if (IsEmptyStr(new_pw)) {
+			cprintf("%d Password unchanged.\n", CIT_OK);
+			return;
+		}
+		CtdlSetPassword(new_pw);
+		cprintf("%d Password changed.\n", CIT_OK);
+	}
 }
 
 
diff --git a/webcit/auth.c b/webcit/auth.c
index 25d1e95c7..8b54dc53d 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -161,6 +161,8 @@ void display_openid_name_request(char *claimed_id, char *username) {
 	stresc(buf, sizeof buf, claimed_id, 0, 0);
 	svprintf(HKEY("VERIFIED"), WCS_STRING, _("Your OpenID <tt>%s</tt> was successfully verified."),
 		claimed_id);
+	svput("CLAIMED_ID", WCS_STRING, claimed_id);
+
 
 	if (!IsEmptyStr(username)) {
 		stresc(buf, sizeof buf, username, 0, 0);
@@ -302,19 +304,17 @@ void openid_manual_create(void)
 		return;
 	}
 
-#if 0 
-	char buf[SIZ];
+	char buf[1024];
 	if (havebstr("newuser_action")) {
 		serv_printf("OIDC %s", bstr("name"));
 		serv_getln(buf, sizeof buf);
 		if (buf[0] == '2') {
-			become_logged_in(bstr("name"), bstr("pass"), buf);		// FIXME
-		} else {
-			display_openid_name_request(char *claimed_id, char *username);	// FIXME
-			return;
+			char gpass[1024] = "";
+			serv_puts("SETP GENERATE_RANDOM_PASSWORD");
+			serv_getln(gpass, sizeof gpass);
+			become_logged_in(bstr("name"), &gpass[4], buf);
 		}
 	}
-#endif
 
 	if (WC->logged_in) {
 		if (WC->need_regi) {
@@ -325,7 +325,7 @@ void openid_manual_create(void)
 			do_welcome();
 		}
 	} else {
-		display_login(_("Your password was not accepted."));
+		display_openid_name_request(bstr("openid_url"), bstr("name"));
 	}
 
 }
diff --git a/webcit/static/openid_manual_create.html b/webcit/static/openid_manual_create.html
index 2f4607086..7b4807de0 100644
--- a/webcit/static/openid_manual_create.html
+++ b/webcit/static/openid_manual_create.html
@@ -6,6 +6,7 @@
 	<?ACTION_REQUESTED><br />
 </div>
 <form action="openid_manual_create" method="POST"  class="box" id="login_form">
+	<input type="hidden" NAME="openid_url" VALUE="<?CLAIMED_ID>">
         <label for="uname"><?USERNAME_BOX></label>
         <input type="text" name="name" id="uname" > <br>
         <div class="logbuttons">