diff options
| author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-03-27 20:14:38 +0200 |
|---|---|---|
| committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-03-27 20:15:34 +0200 |
| commit | 285529a532743d52af94d3d571178a413dd944c8 (patch) | |
| tree | 1d25919aba233f3cde3c98dfab0f987dafb878b0 /src/mulk/benki/auth.clj | |
| parent | 89e5ee140a4becefa4d4023102107727c5921efb (diff) | |
Implement BrowserID-based login.
Diffstat (limited to 'src/mulk/benki/auth.clj')
| -rw-r--r-- | src/mulk/benki/auth.clj | 57 |
1 files changed, 45 insertions, 12 deletions
diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj index 93e106e..03d9746 100644 --- a/src/mulk/benki/auth.clj +++ b/src/mulk/benki/auth.clj @@ -2,7 +2,7 @@ (:refer-clojure) (:use [clojure core repl pprint] [hiccup core page-helpers] - [mulk.benki util db] + [mulk.benki config util db] [clojure.core.match :only [match]] [noir core] @@ -10,7 +10,8 @@ (:require [noir.session :as session] [noir.response :as response] [noir.request :as request] - [clojure.java.jdbc :as sql]) + [clojure.java.jdbc :as sql] + [com.twinql.clojure.http :as http]) (:import [org.openid4java.consumer ConsumerManager] [org.openid4java.message ParameterList])) @@ -50,6 +51,31 @@ (layout "Authentication Failed" [:p "OpenID authentication failed."])))) +(defpage [:post "/login/browserid/verify"] {assertion :assertion} + ;; NB. Can implement this ourselves if we want. + (let [reply (http/post "https://browserid.org/verify" + :query {:assertion assertion + :audience (:base-uri @benki-config)} + :as :json) + result (:content reply) + status (:status result) + email (:email result)] + (if (= (:status result) "okay") + (with-dbt + (let [record (first (query "SELECT * FROM user_email_addresses WHERE email = ?" email)) + user-id (and record (:user record))] + (if user-id + (let [return-uri (session/flash-get)] + (session/put! :user user-id) + (response/json {:email email, :returnURI return-uri})) + {:status 418, + :headers {"Content-Type" "text/plain"}, + :body "I couldn't find you in the database."}))) + {:status 418, + :headers {"Content-Type" "text/plain"}, + :body "Your BrowserID request was crooked."}))) + + (defpage [:post "/login/return"] [] (return-from-openid-provider)) @@ -76,14 +102,21 @@ (defpage "/login" [] (session/flash-put! (or (session/flash-get) - (get-in (request/ring-request) [:headers "Referer"]))) + (get-in (request/ring-request) [:headers "referer"]))) (layout login-page-layout "Benki Login" - [:form {:action (resolve-uri "/login/authenticate"), - :method "GET" - :id "openid_form"} - [:div {:id "openid_choice"} - [:p "Please select your OpenID provider:"] - [:div {:id "openid_btns"}]] - [:div {:id "openid_input_area"} - [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] - [:input {:type "submit"}]]])) + [:div#browserid-box + [:h2 "BrowserID login"] + [:a#browserid {:href "#"} + [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png") + :alt "Sign in using BrowserID"}]]] + [:div#openid-login-panel + [:h2 "OpenID login"] + [:form {:action (resolve-uri "/login/authenticate"), + :method "GET" + :id "openid_form"} + [:div {:id "openid_choice"} + [:p "Please select your OpenID provider:"] + [:div {:id "openid_btns"}]] + [:div {:id "openid_input_area"} + [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] + [:input {:type "submit"}]]]])) |