From: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Fri, 31 Oct 2008 22:52:30 +0000 (+0100)
Subject: User can choose to always trust websites
X-Git-Tag: xorg/0.10.0~46
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=2e5fbf5e95af6df07bf7b52f78a4bec325c1af41;p=platal.git

User can choose to always trust websites
TODO implement a way to remove websites from the whitelist
---

diff --git a/modules/openid.php b/modules/openid.php
index e3ac3bc..7c66b8c 100644
--- a/modules/openid.php
+++ b/modules/openid.php
@@ -55,13 +55,6 @@
  * Reading the source of the server can also help understanding the code below.
  */
 
-/* **checkid_immediate is not supported (yet)**, which means that we will
- * always ask for confirmation before redirecting to a third-party.
- * A sensible way to implement it would be to add a "Always trust this site"
- * checkbox to the form, and to store trusted websites per user. This still
- * raises the question of removing websites from that list.
- * Another possibility is to maintain a global whitelist.
- */
 
 class OpenidModule extends PLModule
 {
@@ -170,7 +163,7 @@ class OpenidModule extends PLModule
         $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, get_sreg_data($user));
 
         // Check the whitelist
-        $whitelisted = is_trusted_site($user, $request->trust_root);
+        $whitelisted = false;//is_trusted_site($user, $request->trust_root);
 
         // Ask the user for confirmation
         if (!$whitelisted && $_SERVER['REQUEST_METHOD'] != 'POST') {
@@ -181,6 +174,12 @@ class OpenidModule extends PLModule
         }
 
         // At this point $_SERVER['REQUEST_METHOD'] == 'POST'
+
+        // Add 'always trusted' sites to whitelist
+        if (isset($_POST['trust']) && @$_POST['always']) {
+            add_trusted_site($user, $request->trust_root);
+        }
+
         // Answer to the Relying Party
         if ($whitelisted || isset($_POST['trust'])) {
             S::kill('openid_request');
diff --git a/modules/openid/openid.inc.php b/modules/openid/openid.inc.php
index 6a749ab..4a55439 100644
--- a/modules/openid/openid.inc.php
+++ b/modules/openid/openid.inc.php
@@ -119,5 +119,12 @@ function is_trusted_site($user, $url)
     return $res->fetchOneCell() > 0;
 }
 
+function add_trusted_site($user, $url)
+{
+    XDB::execute("INSERT IGNORE INTO openid_trusted
+                      SET user_id={?}, url={?}",
+                  $user->id(), $url);
+}
+
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>
\ No newline at end of file
diff --git a/templates/openid/trust.tpl b/templates/openid/trust.tpl
index 0ac66e4..fa5f68e 100644
--- a/templates/openid/trust.tpl
+++ b/templates/openid/trust.tpl
@@ -33,10 +33,12 @@
 </ul>
 {/if}
 
-<p><strong>Souhaitez-vous confirmer votre identité ?<strong></p>
+
+<p><strong>Souhaitez-vous confirmer votre identité ?</strong></p>
 
 <div class="form">
   <form method="post" action="openid/trust">
+    <input type="checkbox" name="always" /> Toujours faire confiance à ce site<br />
     <input type="submit" name="trust" value="Confirmer" />
     <input type="submit" value="Annuler" />
   </form>