[BUGFIX] Make OpenID login work with identifier select 73/21373/13
authorChristian Weiske <cweiske@cweiske.de>
Wed, 12 Jun 2013 19:23:06 +0000 (21:23 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Mon, 21 Oct 2013 08:04:59 +0000 (10:04 +0200)
commit57dbb49ff7ceab21f32c5c5971d346df63d0bc00
tree3a74181c22e7697d6db5153a3e9b8ef121f26d4c
parent1d6e32d060565136145ca2134e0b1c71ec3bde3b
[BUGFIX] Make OpenID login work with identifier select

The OpenID protocol has an option which is called
identifier_select which let's the OpenID provider
return the unique OpenID identifier for a user.
A notable example is Google:
Their OpenID for all users is https://www.google.com/accounts/o8/id
while the actual OpenID identity is different, e.g.
https://www.google.com/accounts/o8/id?id=AItOawm2w
(for users without a google+ profile).

Because of this, we cannot verify that the OpenID URL
given by the user during login exists in our database
before starting the OpenID process.
Instead, we first need to run the OpenID process
to get the final OpenID identifier of the user and
only then check if a user with that ID exists
in our database.

This change also also introduces a new field in the
backend login form, "openid_url". The field is needed
to cleanly distinguish OpenID from normal logins,
to make full OpenID URL normalization possible
(i.e. adding http:// automatically if missing).

Resolves: #25322
Releases: 6.2
Change-Id: Id31238760fe4e58e2a823beddaeb454ba28d59be
Reviewed-on: https://review.typo3.org/21373
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Christian Weiske
Tested-by: Christian Weiske
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/backend/Classes/Controller/LoginController.php
typo3/sysext/openid/Classes/Exception.php [new file with mode: 0644]
typo3/sysext/openid/Classes/OpenidService.php
typo3/sysext/openid/Classes/Wizard.php
typo3/sysext/openid/ext_localconf.php
typo3/sysext/rsaauth/Classes/RsaAuthService.php
typo3/sysext/t3skin/Resources/Private/Templates/login.html
typo3/sysext/t3skin/Resources/Public/JavaScript/login.js