Permalink
Browse files

Add cross-site authentication stuff

  • Loading branch information...
1 parent dd8dcc3 commit 467a39f9b03971e01bb2c92671a0b050cb341662 @pudge pudge committed Aug 7, 2008
View
@@ -1549,6 +1549,68 @@ sub deleteUser {
return $rows;
}
+
+########################################################
+# Get user info from the users table.
+sub getUserCrossSiteAuthenticate {
+ my($self, $site, $params, $user) = @_;
+ $user ||= getCurrentUser();
+ my $gSkin = getCurrentSkin();
+
+ return unless $site->{host} eq $gSkin->{hostname};
+
+ # XXX skip_tstamp_rand is testing
+ unless ($site->{skip_tstamp_rand}) {
+ return unless $params->{tstamp} && $params->{'rand'};
+
+ return unless ( ($params->{tstamp} + 60) >= time() );
+
+ $self->sqlInsert('xsite_auth_log', {
+ site => $site->{site},
+ ts => $params->{tstamp},
+ nonce => $params->{'rand'}
+ }) or return;
+ }
+
+ my $new = 0;
+ my $uid = $self->sqlSelect('uid', 'users_param',
+ "name=" . $self->sqlQuote($site->{auth_param_name}) .
+ " AND value=" . $self->sqlQuote($params->{user_id})
+ );
+
+ if (!$uid) {
+ my $newnick = sprintf($site->{user_name_format}, $params->{shortname} || $params->{user_id});
+ my $matchname = nick2matchname($newnick);
+ my $email = '';
+
+ # no email for now, so skip checks for email (and matchname;
+ # we don't care if someone already has an "sfpudge", that
+ # should not stop us from making a "SF:pudge")
+ $uid = $self->createUser(
+ $matchname, '', $newnick, { skipchecks => 1 }
+ );
+ $new = 1;
+
+ if ($uid) {
+ # XXX consider disallowing these accounts from
+ # authenticating on other domains
+ my $data = {};
+ $data->{creation_ipid} = $user->{ipid};
+ $data->{ $site->{auth_param_name} } = $params->{user_id};
+ $data->{acl}{nopasswd} = 1;
+ $self->setUser($uid, $data);
+ }
+ }
+
+ return unless $uid; # dunno!
+
+ my $logtoken = $self->getLogToken($uid, 1);
+
+ # return UID alone in scalar context
+ return wantarray ? ($uid, $logtoken, $new) : $uid;
+}
+
+
########################################################
# Get user info from the users table.
sub getUserAuthenticate {
@@ -2386,21 +2448,25 @@ sub existsUid {
# while this is going on, we won't end up with a half created user.
# -Brian
sub createUser {
- my($self, $matchname, $email, $newuser) = @_;
- return unless $matchname && $email && $newuser;
+ my($self, $matchname, $email, $newuser, $opts) = @_;
+ return unless $matchname && $newuser;
+ $opts ||= {};
+ return if !$email && !$opts->{skipchecks};
$email =~ s/\s//g; # strip whitespace from emails
- return if ($self->sqlSelect(
- "uid", "users",
- "matchname=" . $self->sqlQuote($matchname)
- ))[0] || $self->existsEmail($email);
+ if (!$opts->{skipchecks}) {
+ return if ($self->sqlSelect(
+ "uid", "users",
+ "matchname=" . $self->sqlQuote($matchname)
+ ))[0] || $self->existsEmail($email);
+ }
$self->sqlDo("SET AUTOCOMMIT=0");
$self->sqlInsert("users", {
uid => undef,
- realemail => $email,
+ realemail => $email || '',
nickname => $newuser,
matchname => $matchname,
seclev => 1,
@@ -1344,9 +1344,13 @@ sub setCookie {
# ".slashdot.org" is OK. the only way to set a cookie
# to a *host* is to leave the domain blank, which is
# why we set the first cookie with no domain. -- pudge
+ # unless domain does not match the root domain -- pudge
# domain must start with a '.' and have one more '.'
- # embedded in it, else we ignore it
+ # embedded in it, else we ignore it, so you can
+ # enter an *invalid* value in skins.cookiedomain to
+ # override constants.cookiedomain, and *not* have
+ # any domain cookie set -- pudge
my $domain = ($cookiedomain && $cookiedomain =~ /^\..+\./)
? $cookiedomain
: '';
@@ -1362,8 +1366,6 @@ sub setCookie {
my $cookie = Apache::Cookie->new($r, %cookiehash);
- # this should be fine, but if there is a problem, comment the following
- # lines, and uncomment the one right above "bake"
if (!$val) {
$cookie->expires('-1y'); # delete
} elsif ($session && $session =~ /^\+\d+[mhdy]$/) {
@@ -69,7 +69,7 @@ sub main {
# feel free to send msgdiv => 'thisdivhere' to the ajax call,
# and any reskey error messages will be sent to it
if ($form->{msgdiv}) {
- header_ajax({ content_type => 'application/json' });
+ http_send({ content_type => 'application/json' });
(my $msgdiv = $form->{msgdiv}) =~ s/[^\w-]+//g;
print Data::JavaScript::Anon->anon_dump({
html => { $msgdiv => $rkey->errstr },
@@ -89,7 +89,7 @@ sub main {
# print STDERR "AJAX7 $$: $user->{uid}, $op ($retval)\n";
if ($retval) {
- header_ajax($options);
+ http_send($options);
print $retval;
}
@@ -1095,17 +1095,6 @@ sub saveModalPrefs {
##################################################################
sub default { }
-##################################################################
-sub header_ajax {
- my($options) = @_;
- my $ct = $options->{content_type} || 'text/plain';
-
- my $r = Apache->request;
- $r->content_type($ct);
- $r->header_out('Cache-Control', 'no-cache');
- $r->send_http_header;
-}
-
##################################################################
sub getOps {
my $slashdb = getCurrentDB();
View
@@ -217,6 +217,11 @@ sub mailPasswd {
my $user_send = $reader->getUser($uid);
+ if ($user->{acl}{nopasswd}) {
+ push @note, getData('mail_acl_nopasswd');
+ $error = 1;
+ }
+
if (!$error) {
# A user coming from a srcid that's been marked as not
# acceptable for posting from also does not get to
@@ -112,6 +112,10 @@ __template__
password mailed to you</a>.
+[% CASE 'mail_acl_nopasswd' %]
+ [% returnme.data_constant = 1 %]
+ This account is not allowed to log in normally. No password was mailed.
+
[% CASE 'mail_nonickname' %]
[% returnme.data_constant = 1 %]
User was not found. No password was mailed.
@@ -1554,6 +1554,15 @@ CREATE TABLE vars (
PRIMARY KEY (name)
) TYPE=InnoDB;
+DROP TABLE IF EXISTS xsite_auth_log;
+CREATE TABLE xsite_auth_log (
+ site VARCHAR(30) DEFAULT '' NOT NULL,
+ ts DATETIME DEFAULT '0000-00-00 00:00' NOT NULL,
+ nonce VARCHAR(30) DEFAULT '' NOT NULL,
+ UNIQUE KEY (site,ts,nonce)
+) TYPE=InnoDB;
+
+
#ALTER TABLE backup_blocks ADD FOREIGN KEY (bid) REFERENCES blocks(bid);
#ALTER TABLE comment_text ADD FOREIGN KEY (cid) REFERENCES comments(cid);
#ALTER TABLE discussions ADD FOREIGN KEY (topic) REFERENCES topics(tid);
View
@@ -5442,3 +5442,11 @@ UPDATE vars SET value = 'T_2_5_0_214' WHERE name = 'cvs_tag_currentcode';
# for plugins/FireHose
ALTER TABLE firehose MODIFY type ENUM("submission","journal","bookmark","feed","story","vendor","misc", "comment","discussion","project") default 'submission';
+
+DROP TABLE IF EXISTS xsite_auth_log;
+CREATE TABLE xsite_auth_log (
+ site VARCHAR(30) DEFAULT '' NOT NULL,
+ ts DATETIME DEFAULT '0000-00-00 00:00' NOT NULL,
+ nonce VARCHAR(30) DEFAULT '' NOT NULL,
+ UNIQUE KEY (site,ts,nonce)
+) TYPE=InnoDB;

0 comments on commit 467a39f

Please sign in to comment.