otp.php 4.73 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
<?php
/**
 * StatusNet, the distributed open-source microblogging tool
 *
 * Allow one-time password login
 *
 * PHP version 5
 *
 * LICENCE: This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @category  Login
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @copyright 2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3
 * @link      http://status.net/
 */

if (!defined('STATUSNET')) {
    exit(1);
}

/**
 * Allow one-time password login
 *
 * This action will automatically log in the user identified by the user_id
 * parameter. A login_token record must be constructed beforehand, typically
 * by code where the user is already authenticated.
 *
 * @category  Login
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @copyright 2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3
 * @link      http://status.net/
 */
class OtpAction extends Action
{
    var $user;
    var $token;
    var $rememberme;
    var $returnto;
    var $lt;

    function prepare($args)
    {
        parent::prepare($args);

        if (common_is_real_login()) {
61
            // TRANS: Client error displayed trying to use "one time password login" when already logged in.
62 63 64 65 66 67
            $this->clientError(_('Already logged in.'));
        }

        $id = $this->trimmed('user_id');

        if (empty($id)) {
68
            // TRANS: Client error displayed trying to use "one time password login" without specifying a user.
69 70 71
            $this->clientError(_('No user ID specified.'));
        }

72
        $this->user = User::getKV('id', $id);
73 74

        if (empty($this->user)) {
75
            // TRANS: Client error displayed trying to use "one time password login" without using an existing user.
76 77 78 79 80 81
            $this->clientError(_('No such user.'));
        }

        $this->token = $this->trimmed('token');

        if (empty($this->token)) {
82
            // TRANS: Client error displayed trying to use "one time password login" without specifying a login token.
83 84 85
            $this->clientError(_('No login token specified.'));
        }

86
        $this->lt = Login_token::getKV('user_id', $id);
87 88

        if (empty($this->lt)) {
89
            // TRANS: Client error displayed trying to use "one time password login" without requesting a login token.
90 91 92 93
            $this->clientError(_('No login token requested.'));
        }

        if ($this->lt->token != $this->token) {
94
            // TRANS: Client error displayed trying to use "one time password login" while specifying an invalid login token.
95 96 97 98 99 100 101 102
            $this->clientError(_('Invalid login token specified.'));
        }

        if ($this->lt->modified > time() + Login_token::TIMEOUT) {
            //token has expired
            //delete the token as it is useless
            $this->lt->delete();
            $this->lt = null;
103
            // TRANS: Client error displayed trying to use "one time password login" while specifying an expired login token.
104 105 106 107 108 109 110 111 112
            $this->clientError(_('Login token expired.'));
        }

        $this->rememberme = $this->boolean('rememberme');
        $this->returnto = $this->trimmed('returnto');

        return true;
    }

113
    function handle($args)
114 115 116 117 118
    {
        parent::handle($args);

        // success!
        if (!common_set_user($this->user)) {
119
            // TRANS: Server error displayed when a user object could not be created trying to login using "one time password login".
120 121 122 123 124 125 126 127
            $this->serverError(_('Error setting user. You are probably not authorized.'));
        }

        // We're now logged in; disable the lt

        $this->lt->delete();
        $this->lt = null;

Evan Prodromou's avatar
Evan Prodromou committed
128 129
        common_real_login(true);

130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
        if ($this->rememberme) {
            common_rememberme($this->user);
        }

        if (!empty($this->returnto)) {
            $url = $this->returnto;
            // We don't have to return to it again
            common_set_returnto(null);
        } else {
            $url = common_local_url('all',
                                    array('nickname' =>
                                          $this->user->nickname));
        }

        common_redirect($url, 303);
    }
}