summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 17:01:38 +0200
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 17:01:38 +0200
commitf58ba7296c88ca1c217f0482c18660f701e4a026 (patch)
tree78970aaaddcc55e901b6a0d10e7136b94731e5cb
parenta6f651c0f9def5efbd0e034514d320818d06e7c6 (diff)
Permit certificate-based login.
-rw-r--r--resources/config.sexp.sample3
-rw-r--r--schema.sql8
-rw-r--r--src/mulk/benki/auth.clj64
-rw-r--r--src/mulk/benki/util.clj2
4 files changed, 49 insertions, 28 deletions
diff --git a/resources/config.sexp.sample b/resources/config.sexp.sample
index bebb7d0..0e0d98a 100644
--- a/resources/config.sexp.sample
+++ b/resources/config.sexp.sample
@@ -6,7 +6,8 @@
:user "benki"
:password ""}
:websocket-base "ws://localhost:3001"
- :base-uri "http://localhost:3001"
+ :base-uri "https://localhost:4333"
+ :cert-req-base "https://localhost:4334"
:tag-base "example.com"
:web-port 3001
:mode :production ;or :dev
diff --git a/schema.sql b/schema.sql
index ab9abb8..96b53a3 100644
--- a/schema.sql
+++ b/schema.sql
@@ -22,15 +22,15 @@ CREATE TABLE openids(
);
CREATE TABLE rsa_keys(
- modulus VARCHAR NOT NULL,
- exponent VARCHAR NOT NULL,
+ modulus NUMERIC NOT NULL,
+ exponent NUMERIC NOT NULL,
PRIMARY KEY(modulus, exponent)
);
CREATE TABLE user_rsa_keys(
"user" INTEGER NOT NULL,
- modulus VARCHAR NOT NULL,
- exponent VARCHAR NOT NULL,
+ modulus NUMERIC NOT NULL,
+ exponent NUMERIC NOT NULL,
PRIMARY KEY("user", modulus, exponent),
FOREIGN KEY("user") REFERENCES users,
FOREIGN KEY(modulus, exponent) REFERENCES rsa_keys
diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj
index 815fad0..9cbe405 100644
--- a/src/mulk/benki/auth.clj
+++ b/src/mulk/benki/auth.clj
@@ -19,6 +19,12 @@
(defonce manager (ConsumerManager.))
+
+(defn find-user [user-id]
+ (first (if user-id
+ (query "SELECT * FROM users WHERE id = ?" user-id)
+ nil)))
+
(defn return-from-openid-provider []
(let [parlist (ParameterList. (:query-params (request/ring-request)))
discovered (session/get :discovered)
@@ -37,9 +43,7 @@
user-id (if openid
(:user openid)
nil)
- user (first (if user-id
- (query "SELECT * FROM users WHERE id = ?" user-id)
- nil))]
+ user (find-user user-id)]
(if user-id
(do (session/put! :user user-id)
(if-let [return-uri (session/flash-get)]
@@ -101,22 +105,38 @@
)})
(defpage "/login" []
- (session/flash-put! (or (session/flash-get)
- (get-in (request/ring-request) [:headers "referer"])))
- (layout login-page-layout "Benki Login"
- [:div#browserid-box
- [:h2 "BrowserID login"]
- [:a#browserid {:href "#"}
- [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
- :alt "Sign in using BrowserID"}]]]
- [:div#openid-login-panel
- [:h2 "OpenID login"]
- [:form {:action (resolve-uri "/login/authenticate"),
- :method "GET"
- :id "openid_form"}
- [:div {:id "openid_choice"}
- [:p "Please select your OpenID provider:"]
- [:div {:id "openid_btns"}]]
- [:div {:id "openid_input_area"}
- [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
- [:input {:type "submit"}]]]]))
+ (let [return-uri (or (session/flash-get)
+ (get-in (request/ring-request) [:headers "referer"]))]
+ (with-dbt
+ (if-let [cert-user-id (and *client-cert*
+ (:user
+ (query1 "SELECT \"user\" FROM user_rsa_keys
+ WHERE modulus = (?::NUMERIC)
+ AND exponent = (?::NUMERIC)"
+ (str (:modulus *client-cert*))
+ (str (:exponent *client-cert*)))))]
+ (let [cert-user (find-user cert-user-id)]
+ (session/put! :user cert-user-id)
+ (if return-uri
+ (redirect return-uri)
+ (layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"])))
+ (do
+ (session/flash-put! return-uri)
+ (layout login-page-layout "Benki Login"
+ [:div#browserid-box
+ [:h2 "BrowserID login"]
+ [:a#browserid {:href "#"}
+ [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
+ :alt "Sign in using BrowserID"}]]]
+ [:div#openid-login-panel
+ [:h2 "OpenID login"]
+ [:form {:action (resolve-uri "/login/authenticate"),
+ :method "GET"
+ :id "openid_form"}
+ [:div {:id "openid_choice"}
+ [:p "Please select your OpenID provider:"]
+ [:div {:id "openid_btns"}]]
+ [:div {:id "openid_input_area"}
+ [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
+ [:input {:type "submit"}]]]]))))))
+ \ No newline at end of file
diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj
index d3df4af..0bfe5e9 100644
--- a/src/mulk/benki/util.clj
+++ b/src/mulk/benki/util.clj
@@ -59,7 +59,7 @@
(defn linkrel [& args]
(match [(vec args)]
- [[:login]] (fmt nil "/login")
+ [[:login]] (str (:cert-req-base @benki-config) "/login")
[[:home]] (fmt nil "/")
[[:marx]] (fmt nil "/marx")
[[:marx :submit]] (fmt nil "/marx/submit")