From 51df9c0f8c5e7ee4dc5ff9a2c60b49b292b483db Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Sat, 31 May 2008 05:06:24 +0000
Subject: [PATCH] Success!  We can now log in an existing user with OpenID. We
 still have to write the code to create a new user using OpenID.

---
 citadel/modules/openid/serv_openid_rp.c | 42 +++++++++++++++++++++++--
 webcit/auth.c                           | 40 ++++++++++++++++++++---
 2 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index f2b7e3d16..01ee711f7 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -33,6 +33,7 @@
 #include "ctdl_module.h"
 #include "config.h"
 #include "citserver.h"
+#include "user_ops.h"
 
 struct ctdl_openid {
 	char claimed_id[1024];
@@ -143,6 +144,28 @@ void cmd_oidl(char *argbuf) {
 
 
 
+/*
+ * getuserbyopenid() works the same way as getuser() and getuserbynumber().
+ * If a user account exists which is associated with the Claimed ID, it fills usbuf and returns zero.
+ * Otherwise it returns nonzero.
+ */
+int getuserbyopenid(struct ctdluser *usbuf, char *claimed_id)
+{
+	struct cdbdata *cdboi;
+	long usernum = 0;
+
+	cdboi = cdb_fetch(CDB_OPENID, claimed_id, strlen(claimed_id));
+	if (cdboi == NULL) {
+		return(-1);
+	}
+
+	memcpy(&usernum, cdboi->ptr, sizeof(long));
+	cdb_free(cdboi);
+
+	return(getuserbynumber(usbuf, usernum));
+}
+
+
 
 /**************************************************************************/
 /*                                                                        */
@@ -548,9 +571,24 @@ void cmd_oidf(char *argbuf) {
 
 		/* Otherwise, a user is attempting to log in using the validated OpenID */	
 		else {
-			cprintf("fail\n");		// FIXME do the login here!!
-		}
+			struct ctdluser usbuf;
+
+			/*
+			 * Existing user who has claimed this OpenID?
+			 *
+			 * Note: if you think that sending the password back over the wire is insecure,
+			 * check your assumptions.  If someone has successfully asserted an OpenID that
+			 * is associated with the account, they already have password equivalency and can
+			 * login, so they could just as easily change the password, etc.
+			 */
+			if (getuserbyopenid(&usbuf, oiddata->claimed_id) == 0) {
+				cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password);
+			}
 
+			else {
+				cprintf("fail\n");		// FIXME do the login here!!
+			}
+		}
 	}
 	else {
 		cprintf("fail\n");
diff --git a/webcit/auth.c b/webcit/auth.c
index b923dd9db..96503c1a7 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -78,7 +78,7 @@ void display_login(char *mesg)
 		svput("NEWUSER_BUTTON_POST", WCS_STRING, "");
 	}
 
-#ifdef TECH_PREVIEW
+	if (1) {	// FIXME we have to check whether the server offers openid
 		svprintf(HKEY("OFFER_OPENID_LOGIN"), WCS_STRING,
 			"<div align=center>"
 			"<a href=\"display_openid_login\">"
@@ -88,9 +88,10 @@ void display_login(char *mesg)
 			,
 			"Log in using OpenID"
 		);
-#else
+	}
+	else {
 		svput("OFFER_OPENID_LOGIN", WCS_STRING, "");
-#endif
+	}
 
 	do_template("login");
 
@@ -312,6 +313,10 @@ void finalize_openid_login(void)
 	char buf[1024];
 	struct wcsession *WCC = WC;
 	int already_logged_in = (WCC->logged_in) ;
+	int linecount = 0;
+	char result[128] = "";
+	char username[128] = "";
+	char password[128] = "";
 
 	if (havebstr("openid.mode")) {
 		if (!strcasecmp(bstr("openid.mode"), "id_res")) {
@@ -337,8 +342,18 @@ void finalize_openid_login(void)
 
 				serv_puts("000");
 
+				linecount = 0;
 				while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
-					// FIXME
+					if (linecount == 0) safestrncpy(result, buf, sizeof result);
+					if (!strcasecmp(result, "authenticate")) {
+						if (linecount == 1) {
+							safestrncpy(username, buf, sizeof username);
+						}
+						else if (linecount == 2) {
+							safestrncpy(password, buf, sizeof password);
+						}
+					}
+					++linecount;
 				}
 			}
 		}
@@ -350,7 +365,22 @@ void finalize_openid_login(void)
 		return;
 	}
 
-	/* Otherwise the user is probably attempting to log in using OpenID */
+	/* Was the claimed ID associated with an existing account?  Then log in that account now. */
+	if (!strcasecmp(result, "authenticate")) {
+		serv_printf("USER %s", username);
+		serv_getln(buf, sizeof buf);
+		if (buf[0] == '3') {
+			serv_printf("PASS %s", password);
+			serv_getln(buf, sizeof buf);
+			if (buf[0] == '2') {
+				become_logged_in(username, password, buf);
+			}
+		}
+	}
+
+	/* FIXME -- right here we have to put the code to log in a new user */
+
+	/* Did we manage to log in?  If so, continue with the normal flow... */
 	if (WC->logged_in) {
 		if (WC->need_regi) {
 			display_reg(1);
-- 
2.30.2