#include "ctdl_module.h"
#include "config.h"
#include "citserver.h"
+#include "user_ops.h"
struct ctdl_openid {
char claimed_id[1024];
+/*
+ * getuserbyopenid() works the same way as getuser() and getuserbynumber().
+ * If a user account exists which is associated with the Claimed ID, it fills usbuf and returns zero.
+ * Otherwise it returns nonzero.
+ */
+int getuserbyopenid(struct ctdluser *usbuf, char *claimed_id)
+{
+ struct cdbdata *cdboi;
+ long usernum = 0;
+
+ cdboi = cdb_fetch(CDB_OPENID, claimed_id, strlen(claimed_id));
+ if (cdboi == NULL) {
+ return(-1);
+ }
+
+ memcpy(&usernum, cdboi->ptr, sizeof(long));
+ cdb_free(cdboi);
+
+ return(getuserbynumber(usbuf, usernum));
+}
+
+
/**************************************************************************/
/* */
/* Otherwise, a user is attempting to log in using the validated OpenID */
else {
- cprintf("fail\n"); // FIXME do the login here!!
- }
+ struct ctdluser usbuf;
+
+ /*
+ * Existing user who has claimed this OpenID?
+ *
+ * Note: if you think that sending the password back over the wire is insecure,
+ * check your assumptions. If someone has successfully asserted an OpenID that
+ * is associated with the account, they already have password equivalency and can
+ * login, so they could just as easily change the password, etc.
+ */
+ if (getuserbyopenid(&usbuf, oiddata->claimed_id) == 0) {
+ cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password);
+ }
+ else {
+ cprintf("fail\n"); // FIXME do the login here!!
+ }
+ }
}
else {
cprintf("fail\n");
svput("NEWUSER_BUTTON_POST", WCS_STRING, "");
}
-#ifdef TECH_PREVIEW
+ if (1) { // FIXME we have to check whether the server offers openid
svprintf(HKEY("OFFER_OPENID_LOGIN"), WCS_STRING,
"<div align=center>"
"<a href=\"display_openid_login\">"
,
"Log in using OpenID"
);
-#else
+ }
+ else {
svput("OFFER_OPENID_LOGIN", WCS_STRING, "");
-#endif
+ }
do_template("login");
char buf[1024];
struct wcsession *WCC = WC;
int already_logged_in = (WCC->logged_in) ;
+ int linecount = 0;
+ char result[128] = "";
+ char username[128] = "";
+ char password[128] = "";
if (havebstr("openid.mode")) {
if (!strcasecmp(bstr("openid.mode"), "id_res")) {
serv_puts("000");
+ linecount = 0;
while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
- // FIXME
+ if (linecount == 0) safestrncpy(result, buf, sizeof result);
+ if (!strcasecmp(result, "authenticate")) {
+ if (linecount == 1) {
+ safestrncpy(username, buf, sizeof username);
+ }
+ else if (linecount == 2) {
+ safestrncpy(password, buf, sizeof password);
+ }
+ }
+ ++linecount;
}
}
}
return;
}
- /* Otherwise the user is probably attempting to log in using OpenID */
+ /* Was the claimed ID associated with an existing account? Then log in that account now. */
+ if (!strcasecmp(result, "authenticate")) {
+ serv_printf("USER %s", username);
+ serv_getln(buf, sizeof buf);
+ if (buf[0] == '3') {
+ serv_printf("PASS %s", password);
+ serv_getln(buf, sizeof buf);
+ if (buf[0] == '2') {
+ become_logged_in(username, password, buf);
+ }
+ }
+ }
+
+ /* FIXME -- right here we have to put the code to log in a new user */
+
+ /* Did we manage to log in? If so, continue with the normal flow... */
if (WC->logged_in) {
if (WC->need_regi) {
display_reg(1);