Propeller-heads Unite!

User name validation - a quick look at the Drupal API reveals exactly the function I needed: user_validate_name()

To add user name validation to the OpenID Drupal module, add the following code to the openid_create_account_submit() function immediately after the $query = $_POST; statement:
if (user_validate_name($query['edit']['fullname']) != NULL) {
$error = user_validate_name($query['edit']['fullname']);
drupal_set_message('Name is invalid. '.$error, 'error');
header("Location: " . url('openid/get_email'));
exit(0);
}

Worked like a charm. Any user name submitted when registering using an OpenID is now validated against Drupal’s internal user name validation - alphanumeric characters and spaces only. Anything else drops the user back to the name and email request form with an error telling them why the name was rejected. Slick!

Now I just need to figure out how to map existing Drupal users in the database to OpenIDs. Anyone done that before?

UPDATE: Resolved the above question. Add a record to the authmap table with the user’s UID and OpenID. Make sure the OpenID is normalized (has the trailing slash).

UPDATE #2: Updated the diff file that shows what I changed from the stock OpenID Drupal module.

No Comments »

What can I say beyond, “It works!”

Oh, all right. I suppose I could say a few things. The stock OpenID Drupal module works, but it needed a bit of improvement to be useful to us. By default, the OpenID module creates a Drupal user whose name is their OpenID. That is somewhat problematic, since OpenIDs tend to be somewhat lengthy. So lengthy, in fact, that I have yet to find a Drupal theme that handles them well. They usually either get cropped or overflow into the next column, depending on the CSS. Less than optimal.

We really want to use OpenID as the authentication for the OVSD systems. Justin and I were talking in IRC about his efforts to get it running with Drupal 5. I was feeling inspired, so last night I took a whack at it. With a remarkably-small amount of head-scratching, I was able to modify the stock OpenID Drupal module (v1.1.1) to pull the user’s full name from their OpenID profile and use it as their Drupal name.

I cracked open the openid.module file and made the following changes:

1. First, we need to tell the OpenID consumer to grab the user’s full name from their OpenID profile. To do that, we change the request from this:
   $auth_request->addExtensionArg('sreg', 'optional', 'email');

   to this:
   $auth_request->addExtensionArg('sreg', 'optional', 'email,fullname');

2. Now that we have the user’s full name, we need to store it for use later. To do that, we add a line in this statement:
   if ($sreg) {
$_SESSION['sreg_email'] = $sreg['email'];
}

   to look like this:
   if ($sreg) {
$_SESSION['sreg_email'] = $sreg['email'];
$_SESSION['sreg_fullname'] = $sreg['fullname'];
}

3. Now that we have the information we need, we can use it in the registration form. When the module gets a login request from a user not already in the Drupal user table, it prompts them to enter their e-mail address:
   $form['email'] = array('#type' => 'textfield',
'#title' => t('Email Address'),
'#default_value' => @$_SESSION['sreg_email'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your email address.')
);
$form['submit'] = array('#type' => 'submit',
'#value' => t('Submit')
);
$form['#action'] = url('openid/get_email');
$content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
"with your OpenID (%s), you must enter an email address:</p> %s",
$_SESSION['openid'], drupal_get_form('openid_create_account',
$form));

   So we just need to add the user’s full name to the registration form:
   $form['email'] = array('#type' => 'textfield',
'#title' => t('Email Address'),
'#default_value' => @$_SESSION['sreg_email'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your email address.')
);
$form['fullname'] = array('#type' => 'textfield',
'#title' => t('Full name'),
'#default_value' => @$_SESSION['sreg_fullname'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your full name.')
);
$form['submit'] = array('#type' => 'submit',
'#value' => t('Submit')
);
$form['#action'] = url('openid/get_email');
$content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
"with your OpenID (%s), you must enter your name and email address:</p> %s",
$_SESSION['openid'], drupal_get_form('openid_create_account',
$form));

4. Lastly, we need to create the user. The stock OpenID module sets the Drupal “name” field in the “users” table to be their OpenID here:
   $user = user_save('', array('name' => $_SESSION['openid'],
'pass' => user_password(),
'mail' => $query['edit']['email'],
'init' => $_SESSION['openid'],

   To use the “fullname” variable we grabbed from the user’s OpenID profile, we just need to change it to this:
   $user = user_save('', array('name' => $query['edit']['fullname'],
'pass' => user_password(),
'mail' => $query['edit']['email'],
'init' => $_SESSION['openid'],

I’ve posted a diff file that shows the exact changes from the stock OpenID Drupal module.

Security note: If you decide to use this code, be aware that there is no verification done on the user’s name yet. Whatever the user enters in the name field of the registration form is submitted directly into Drupal as the user’s name. So it’s possible there is a security/exploit issue if a malicious user puts something wacky in there. I need to wade into it the code and see if Drupal already has some safeguards in place, or whether I need to add a bit of sanitizing code to the module to ensure there’s nothing nasty embedded in the name. In the mean time, use at your own risk.

No Comments »