Index: modules/openid/openid.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v
retrieving revision 1.64
diff -u -9 -p -r1.64 openid.module
--- modules/openid/openid.module 15 Oct 2009 16:18:45 -0000 1.64
+++ modules/openid/openid.module 19 Oct 2009 20:39:23 -0000
@@ -60,20 +60,21 @@ function openid_help($path, $arg) {
}
/**
* Implement hook_user_insert().
*/
function openid_user_insert(&$edit, $account, $category) {
if (isset($_SESSION['openid']['values'])) {
// The user has registered after trying to login via OpenID.
if (variable_get('user_email_verification', TRUE)) {
- drupal_set_message(t('Once you have verified your email address, you may log in via OpenID.'));
+ drupal_set_message(t('Once you have verified your e-mail address, you may log in via OpenID.'));
}
+ user_set_authmaps($account, array('authname_openid' => $_SESSION['openid']['values']['response']['openid.claimed_id']));
unset($_SESSION['openid']);
}
}
/**
* Implement hook_form_FORM_ID_alter().
*/
function openid_form_user_login_block_alter(&$form, &$form_state) {
_openid_user_login_form_alter($form, $form_state);
@@ -127,27 +128,33 @@ function _openid_user_login_form_alter(&
/**
* Implement hook_form_alter().
*
* Adds OpenID login to the login forms.
*/
function openid_form_user_register_form_alter(&$form, &$form_state) {
if (isset($_SESSION['openid']['values'])) {
// We were unable to auto-register a new user. Prefill the registration
// form with the values we have.
- $form['name']['#default_value'] = $_SESSION['openid']['values']['name'];
- $form['mail']['#default_value'] = $_SESSION['openid']['values']['mail'];
+ $form['account']['name']['#default_value'] = $_SESSION['openid']['values']['name'];
+ $form['account']['mail']['#default_value'] = $_SESSION['openid']['values']['mail'];
+
// If user_email_verification is off, hide the password field and just fill
// with random password to avoid confusion.
if (!variable_get('user_email_verification', TRUE)) {
$form['pass']['#type'] = 'hidden';
$form['pass']['#value'] = user_password();
}
- $form['auth_openid'] = array('#type' => 'hidden', '#value' => $_SESSION['openid']['values']['auth_openid']);
+ $form['openid_display'] = array(
+ '#type' => 'item',
+ '#title' => t('Your OpenID'),
+ '#description' => t('This OpenID will be attached to your account after registration.'),
+ '#markup' => check_plain($_SESSION['openid']['values']['response']['openid.claimed_id']),
+ );
}
}
/**
* Login form _validate hook
*/
function openid_login_validate($form, &$form_state) {
$return_to = $form_state['values']['openid.return_to'];
if (empty($return_to)) {
@@ -426,30 +433,45 @@ function openid_authentication($response
}
else {
drupal_set_message(t('You must validate your email address for this account before logging in via OpenID'));
}
}
elseif (variable_get('user_register', 1)) {
// Register new user
$form_state['args'] = array();
$form_state['redirect'] = NULL;
- $form_state['values']['name'] = (empty($response['openid.sreg.nickname'])) ? $identity : $response['openid.sreg.nickname'];
- $form_state['values']['mail'] = (empty($response['openid.sreg.email'])) ? '' : $response['openid.sreg.email'];
+ $form_state['values']['name'] = !empty($response['openid.sreg.nickname']) ? $response['openid.sreg.nickname'] : '';
+ $form_state['values']['mail'] = !empty($response['openid.sreg.email']) ? $response['openid.sreg.email'] : '';
$form_state['values']['pass'] = user_password();
$form_state['values']['status'] = variable_get('user_register', 1) == 1;
$form_state['values']['response'] = $response;
- $form = drupal_retrieve_form('user_register_form', $form_state);
- drupal_prepare_form('user_register_form', $form, $form_state);
- drupal_validate_form('user_register_form', $form, $form_state);
- if (form_get_errors()) {
+
+ if (empty($response['openid.sreg.email']) && empty($response['openid.sreg.nickname'])) {
+ drupal_set_message(t('Please complete the registration by filling out the form below. If you already have an account, you can log in now and add your OpenID under "My account".', array('@login' => url('user/login'))), 'warning');
+ $success = FALSE;
+ }
+ else {
+ $form = drupal_retrieve_form('user_register_form', $form_state);
+ drupal_prepare_form('user_register_form', $form, $form_state);
+ drupal_validate_form('user_register_form', $form, $form_state);
+ $success = !form_get_errors();
+ if (!$success) {
+ drupal_set_message(t('Account registration using the information provided by your OpenID provider failed due to the reasons listed below. Please complete the registration by filling out the form below. If you already have an account, you can log in now and add your OpenID under "My account".', array('@login' => url('user/login'))), 'warning');
+ // Append form validation errors below the above warning.
+ $messages = drupal_get_messages('error');
+ foreach ($messages['error'] as $message) {
+ drupal_set_message( $message, 'error');
+ }
+ }
+ }
+ if (!$success) {
// We were unable to register a valid new user, redirect to standard
// user/register and prefill with the values we received.
- drupal_set_message(t('OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can log in now and add your OpenID under "My Account"', array('@login' => url('user/login'))), 'error');
$_SESSION['openid']['values'] = $form_state['values'];
// We'll want to redirect back to the same place.
$destination = drupal_get_destination();
unset($_GET['destination']);
drupal_goto('user/register', array('query' => $destination));
}
else {
unset($form_state['values']['response']);
$account = user_save(drupal_anonymous_user(), $form_state['values']);
Index: modules/openid/openid.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.test,v
retrieving revision 1.6
diff -u -9 -p -r1.6 openid.test
--- modules/openid/openid.test 30 Sep 2009 04:06:15 -0000 1.6
+++ modules/openid/openid.test 19 Oct 2009 20:39:23 -0000
@@ -81,19 +81,18 @@ class OpenIDFunctionalTest extends Drupa
// Fill out and submit the login form.
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Log in'));
// Check we are on the OpenID redirect form.
$this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
// Submit form to the OpenID Provider Endpoint.
$this->drupalPost(NULL, array(), t('Send'));
-
$this->assertText($this->web_user->name, t('User was logged in.'));
// Test logging in via the user/login page.
$this->drupalLogout();
$this->drupalPost('user/login', $edit, t('Log in'));
// Check we are on the OpenID redirect form.
$this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
@@ -138,44 +137,137 @@ class OpenIDFunctionalTest extends Drupa
// Manually submit form because SimpleTest is not able to execute JavaScript.
$this->assertRaw('', t('JavaScript form submission found.'));
$this->drupalPost(NULL, array(), t('Send'));
}
$this->assertRaw(t('Successfully added %identity', array('%identity' => $identity)), t('Identity %identity was added.', array('%identity' => $identity)));
}
/**
- * Test openID auto-registration with e-mail verification disabled.
+ * Test OpenID auto-registration with e-mail verification disabled.
*/
function testRegisterUserWithoutEmailVerification() {
variable_set('user_email_verification', FALSE);
// Load the front page to get the user login block.
$this->drupalGet('');
// Use a User-supplied Identity that is the URL of an XRDS document.
$identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
+ // Tell openid_test.module to respond with these SREG fields.
+ variable_set('openid_test_response', array('openid.sreg.nickname' => 'john', 'openid.sreg.email' => 'john@example.com'));
+
+ // Fill out and submit the login form.
+ $edit = array('openid_identifier' => $identity);
+ $this->drupalPost(NULL, $edit, t('Log in'));
+
+ // Check we are on the OpenID redirect form.
+ $this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
+
+ // Submit form to the OpenID Provider Endpoint.
+ $this->drupalPost(NULL, array(), t('Send'));
+ $this->assertText('john', t('User was logged in.'));
+
+ $user = user_load_by_name('john');
+ $this->assertTrue($user, t('User was registered with right username.'));
+ $this->assertEqual($user->mail, 'john@example.com', t('User was registered with right email address.'));
+ }
+
+ /**
+ * Test OpenID auto-registration with a provider that supplies invalid SREG
+ * information (a username that is already taken, and no e-mail address).
+ */
+ function testRegisterUserWithInvalidSreg() {
+ // Load the front page to get the user login block.
+ $this->drupalGet('');
+
+ // Use a User-supplied Identity that is the URL of an XRDS document.
+ $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
+
+ // Tell openid_test.module to respond with these SREG fields.
+ variable_set('openid_test_response', array('openid.sreg.nickname' => $this->web_user->name, 'openid.sreg.email' => 'mail@invalid#'));
+
+ // Fill out and submit the login form.
+ $edit = array('openid_identifier' => $identity);
+ $this->drupalPost(NULL, $edit, t('Log in'));
+
+ // Check we are on the OpenID redirect form.
+ $this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
+
+ // Submit form to the OpenID Provider Endpoint.
+ $this->drupalPost(NULL, array(), t('Send'));
+
+ $this->assertRaw(t('Account registration using the information provided by your OpenID provider failed due to the reasons listed below. Please complete the registration by filling out the form below. If you already have an account, you can log in now and add your OpenID under "My account".', array('@login' => url('user/login'))), t('User was asked to complete the registration process manually.'));
+ $this->assertRaw(t('The name %name is already taken.', array('%name' => $this->web_user->name)), t('Form validation error for username was displayed.'));
+ $this->assertRaw(t('The e-mail address %mail is not valid.', array('%mail' => 'mail@invalid#')), t('Form validation error for e-mail address was displayed.'));
+
+ // Enter username and e-mail address manually.
+ $edit = array('name' => 'john', 'mail' => 'john@example.com');
+ $this->drupalPost(NULL, $edit, t('Create new account'));
+ $this->assertRaw(t('Once you have verified your e-mail address, you may log in via OpenID.'), t('User was asked to verify e-mail address.'));
+
+ $user = user_load_by_name('john');
+ $this->assertTrue($user, t('User was registered with right username.'));
+
+ // Follow the one-time login that was sent in the confirmation e-mail.
+ $this->drupalGet(user_pass_reset_url($user));
+ $this->drupalPost(NULL, array(), t('Log in'));
+
+ // The user is taken to user/%uid/edit.
+ $this->assertFieldByName('mail', 'john@example.com', t('User was registered with right e-mail address.'));
+
+ $this->clickLink(t('OpenID identities'));
+ $this->assertRaw($identity, t('OpenID identity was registered.'));
+ }
+
+ /**
+ * Test OpenID auto-registration with a provider that does not supply SREG
+ * information (i.e. no username or e-mail address).
+ */
+ function testRegisterUserWithoutSreg() {
+ // Load the front page to get the user login block.
+ $this->drupalGet('');
+
+ // Use a User-supplied Identity that is the URL of an XRDS document.
+ $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
+
// Fill out and submit the login form.
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Log in'));
- // The OpenID module responds with an HTML form that is to be submitted
- // to the OpenID Provider Endpoint. This is usually done automatically
- // using JavaScript, but the SimpleTest browser does not support JavaScript,
- // so the form is submitted manually instead.
- $this->assertRaw('', t('JavaScript form submission found.'));
+ // Check we are on the OpenID redirect form.
+ $this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
+
+ // Submit form to the OpenID Provider Endpoint.
$this->drupalPost(NULL, array(), t('Send'));
- $this->assertText('johndoe', t('User was logged in.'));
- $user = user_load_by_name('johndoe');
- $this->assertTrue($user, t('User was found.'));
- $this->assertEqual($user->mail, 'johndoe@example.com', t('User was registered with right email address.'));
+ $this->assertRaw(t('Please complete the registration by filling out the form below. If you already have an account, you can log in now and add your OpenID under "My account".', array('@login' => url('user/login'))), t('User was asked to complete the registration process manually.'));
+ $this->assertNoRaw(t('You must enter a username.'), t('Form validation error for username was not displayed.'));
+ $this->assertNoRaw(t('You must enter an e-mail address.'), t('Form validation error for e-mail address was not displayed.'));
+
+ // Enter username and e-mail address manually.
+ $edit = array('name' => 'john', 'mail' => 'john@example.com');
+ $this->drupalPost(NULL, $edit, t('Create new account'));
+ $this->assertRaw(t('Once you have verified your e-mail address, you may log in via OpenID.'), t('User was asked to verify e-mail address.'));
+
+ $user = user_load_by_name('john');
+ $this->assertTrue($user, t('User was registered with right username.'));
+
+ // Follow the one-time login that was sent in the confirmation e-mail.
+ $this->drupalGet(user_pass_reset_url($user));
+ $this->drupalPost(NULL, array(), t('Log in'));
+
+ // The user is taken to user/%uid/edit.
+ $this->assertFieldByName('mail', 'john@example.com', t('User was registered with right e-mail address.'));
+
+ $this->clickLink(t('OpenID identities'));
+ $this->assertRaw($identity, t('OpenID identity was registered.'));
}
}
/**
* Test internal helper functions.
*/
class OpenIDUnitTest extends DrupalWebTestCase {
public static function getInfo() {
return array(
Index: modules/openid/tests/openid_test.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/tests/openid_test.module,v
retrieving revision 1.5
diff -u -9 -p -r1.5 openid_test.module
--- modules/openid/tests/openid_test.module 30 Sep 2009 18:36:02 -0000 1.5
+++ modules/openid/tests/openid_test.module 19 Oct 2009 20:39:23 -0000
@@ -199,30 +199,28 @@ function _openid_test_endpoint_authentic
module_load_include('inc', 'openid');
// Generate unique identifier for this authentication.
$nonce = _openid_nonce();
// Generate response containing the user's identity. The openid.sreg.xxx
// entries contain profile data stored by the OpenID Provider (see OpenID
// Simple Registration Extension 1.0).
- $response = array(
+ $response = variable_get('openid_test_response', array()) + array(
'openid.ns' => OPENID_NS_2_0,
'openid.mode' => 'id_res',
'openid.op_endpoint' => $base_url . url('openid/provider'),
// openid.claimed_id is not sent by OpenID 1 clients.
'openid.claimed_id' => isset($_REQUEST['openid_claimed_id']) ? $_REQUEST['openid_claimed_id'] : '',
'openid.identity' => $_REQUEST['openid_identity'],
'openid.return_to' => $_REQUEST['openid_return_to'],
'openid.response_nonce' => $nonce,
'openid.assoc_handle' => 'openid-test',
- 'openid.sreg.email' => 'johndoe@example.com',
- 'openid.sreg.nickname' => 'johndoe',
'openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle',
);
// Sign the message using the MAC key that was exchanged during association.
$association = new stdClass;
$association->mac_key = variable_get('mac_key');
$keys_to_sign = explode(',', $response['openid.signed']);
$response['openid.sig'] = _openid_signature($association, $response, $keys_to_sign);