From 241138fa540131c02e5a4a1c706949d196c28844 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Mon, 2 Jun 2008 21:36:02 +0000
Subject: [PATCH] more openid work

---
 citadel/modules/openid/serv_openid_rp.c | 87 +++++++++++++++----------
 citadel/user_ops.h                      |  1 +
 webcit/auth.c                           | 19 +++---
 3 files changed, 63 insertions(+), 44 deletions(-)

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index d0515618a..0a676f700 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -218,11 +218,47 @@ void cmd_oidd(char *argbuf) {
 
 
 /*
- * getuserbyopenid() works the same way as getuser() and getuserbynumber().
- * If a user account exists which is associated with the Claimed ID, it fills usbuf and returns zero.
+ * Attempt to auto-create a new Citadel account using the nickname from Simple Registration Extension
+ */
+int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys)
+{
+	char *desired_name = NULL;
+
+	if (config.c_auth_mode != AUTHMODE_NATIVE) return(1);
+	if (config.c_disable_newu) return(2);
+	if (CC->logged_in) return(3);
+	if (!GetHash(sri_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4);
+
+	CtdlLogPrintf(CTDL_DEBUG, "The desired account name is <%s>\n", desired_name);
+
+	if (!getuser(&CC->user, desired_name)) {
+		CtdlLogPrintf(CTDL_DEBUG, "<%s> is already taken by another user.\n", desired_name);
+		memset(&CC->user, 0, sizeof(struct ctdluser));
+		return(5);
+	}
+
+	/* The desired account name is available.  Create the account and log it in! */
+	if (create_user(desired_name, 1)) return(6);
+
+	attach_openid(&CC->user, claimed_id);
+	return(0);
+}
+
+
+// identity = [50]  http://uncensored.citadel.org/~ajc/MyID.config.php
+// sreg.nickname = [17]  IGnatius T Foobar
+// sreg.email = [26]  ajc@uncensored.citadel.org
+// sreg.fullname = [10]  Art Cancro
+// sreg.postcode = [5]  10549
+// sreg.country = [2]  US
+
+
+
+/*
+ * If a user account exists which is associated with the Claimed ID, log it in and return zero.
  * Otherwise it returns nonzero.
  */
-int getuserbyopenid(struct ctdluser *usbuf, char *claimed_id)
+int login_via_openid(char *claimed_id)
 {
 	struct cdbdata *cdboi;
 	long usernum = 0;
@@ -235,21 +271,18 @@ int getuserbyopenid(struct ctdluser *usbuf, char *claimed_id)
 	memcpy(&usernum, cdboi->ptr, sizeof(long));
 	cdb_free(cdboi);
 
-	return(getuserbynumber(usbuf, usernum));
+	if (!getuserbynumber(&CC->user, usernum)) {
+		do_login();
+		return(0);
+	}
+	else {
+		memset(&CC->user, 0, sizeof(struct ctdluser));
+		return(-1);
+	}
 }
 
 
 
-int openid_create_user_via_sri(struct ctdluser *usbuf, char *claimed_id, HashList *sri_keys)
-{
-	if (config.c_auth_mode != AUTHMODE_NATIVE) return(1);
-	if (config.c_disable_newu) return(2);
-
-	/* FIXME do something */
-
-	return(99);
-}
-
 
 /**************************************************************************/
 /*                                                                        */
@@ -648,8 +681,6 @@ void cmd_oidf(char *argbuf) {
 
 		/* Otherwise, a user is attempting to log in using the validated OpenID */	
 		else {
-			struct ctdluser usbuf;
-
 			/*
 			 * Existing user who has claimed this OpenID?
 			 *
@@ -658,15 +689,17 @@ void cmd_oidf(char *argbuf) {
 			 * is associated with the account, they already have password equivalency and can
 			 * login, so they could just as easily change the password, etc.
 			 */
-			if (getuserbyopenid(&usbuf, oiddata->claimed_id) == 0) {
-				cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password);
+			if (login_via_openid(oiddata->claimed_id) == 0) {
+				cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
+				logged_in_response();
 			}
 
 			/*
 			 * New user whose OpenID is verified and Simple Registration Extension is in use?
 			 */
-			else if (openid_create_user_via_sri(&usbuf, oiddata->claimed_id, keys) == 0) {
-				cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password);
+			else if (openid_create_user_via_sri(oiddata->claimed_id, keys) == 0) {
+				cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
+				logged_in_response();
 			}
 
 			/* FIXME right here we have to handle manual account creation */
@@ -699,20 +732,6 @@ void cmd_oidf(char *argbuf) {
 }
 
 
-// mode = [6]  id_res
-// identity = [50]  http://uncensored.citadel.org/~ajc/MyID.config.php
-// assoc_handle = [26]  6ekac3ju181tgepk7v4h9r7ui7
-// return_to = [42]  http://jemcaterers.net/finish_openid_login
-// sreg.nickname = [17]  IGnatius T Foobar
-// sreg.email = [26]  ajc@uncensored.citadel.org
-// sreg.fullname = [10]  Art Cancro
-// sreg.postcode = [5]  10549
-// sreg.country = [2]  US
-// signed = [102]  mode,identity,assoc_handle,return_to,sreg.nickname,sreg.email,sreg.fullname,sreg.postcode,sreg.country
-// sig = [28]  vixxxU4MAqWfxxxxCfrHv3TxxxhEw=
-
-
-
 
 /**************************************************************************/
 /*                                                                        */
diff --git a/citadel/user_ops.h b/citadel/user_ops.h
index 70c1b00c6..c4e3e902d 100644
--- a/citadel/user_ops.h
+++ b/citadel/user_ops.h
@@ -10,6 +10,7 @@ int getuserbynumber (struct ctdluser *usbuf, long int number);
 void rebuild_usersbynumber(void);
 void cmd_user (char *cmdbuf);
 void session_startup (void);
+void logged_in_response(void);
 void logout (void);
 void cmd_pass (char *buf);
 int purge_user (char *pname);
diff --git a/webcit/auth.c b/webcit/auth.c
index 2e3cc9a84..553e9af30 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -317,6 +317,7 @@ void finalize_openid_login(void)
 	char result[128] = "";
 	char username[128] = "";
 	char password[128] = "";
+	char logged_in_response[1024] = "";
 
 	if (havebstr("openid.mode")) {
 		if (!strcasecmp(bstr("openid.mode"), "id_res")) {
@@ -351,6 +352,10 @@ void finalize_openid_login(void)
 						else if (linecount == 2) {
 							safestrncpy(password, buf, sizeof password);
 						}
+						else if (linecount == 2) {
+							safestrncpy(logged_in_response, buf,
+								sizeof logged_in_response);
+						}
 					}
 					++linecount;
 				}
@@ -364,17 +369,11 @@ void finalize_openid_login(void)
 		return;
 	}
 
-	/* Was the claimed ID associated with an existing account?  Then log in that account now. */
+	/* If this operation logged us in, either by connecting with an existing account or by
+	 * auto-creating one using Simple Registration Extension, we're already on our way.
+	 */
 	if (!strcasecmp(result, "authenticate")) {
-		serv_printf("USER %s", username);
-		serv_getln(buf, sizeof buf);
-		if (buf[0] == '3') {
-			serv_printf("PASS %s", password);
-			serv_getln(buf, sizeof buf);
-			if (buf[0] == '2') {
-				become_logged_in(username, password, buf);
-			}
-		}
+		become_logged_in(username, password, logged_in_response);
 	}
 
 	/* FIXME -- right here we have to put the code to log in a new user */
-- 
2.30.2