summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 17:01:38 +0200
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 17:01:38 +0200
commitf58ba7296c88ca1c217f0482c18660f701e4a026 (patch)
tree78970aaaddcc55e901b6a0d10e7136b94731e5cb /src
parenta6f651c0f9def5efbd0e034514d320818d06e7c6 (diff)
Permit certificate-based login.
Diffstat (limited to 'src')
-rw-r--r--src/mulk/benki/auth.clj64
-rw-r--r--src/mulk/benki/util.clj2
2 files changed, 43 insertions, 23 deletions
diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj
index 815fad0..9cbe405 100644
--- a/src/mulk/benki/auth.clj
+++ b/src/mulk/benki/auth.clj
@@ -19,6 +19,12 @@
(defonce manager (ConsumerManager.))
+
+(defn find-user [user-id]
+ (first (if user-id
+ (query "SELECT * FROM users WHERE id = ?" user-id)
+ nil)))
+
(defn return-from-openid-provider []
(let [parlist (ParameterList. (:query-params (request/ring-request)))
discovered (session/get :discovered)
@@ -37,9 +43,7 @@
user-id (if openid
(:user openid)
nil)
- user (first (if user-id
- (query "SELECT * FROM users WHERE id = ?" user-id)
- nil))]
+ user (find-user user-id)]
(if user-id
(do (session/put! :user user-id)
(if-let [return-uri (session/flash-get)]
@@ -101,22 +105,38 @@
)})
(defpage "/login" []
- (session/flash-put! (or (session/flash-get)
- (get-in (request/ring-request) [:headers "referer"])))
- (layout login-page-layout "Benki Login"
- [:div#browserid-box
- [:h2 "BrowserID login"]
- [:a#browserid {:href "#"}
- [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
- :alt "Sign in using BrowserID"}]]]
- [:div#openid-login-panel
- [:h2 "OpenID login"]
- [:form {:action (resolve-uri "/login/authenticate"),
- :method "GET"
- :id "openid_form"}
- [:div {:id "openid_choice"}
- [:p "Please select your OpenID provider:"]
- [:div {:id "openid_btns"}]]
- [:div {:id "openid_input_area"}
- [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
- [:input {:type "submit"}]]]]))
+ (let [return-uri (or (session/flash-get)
+ (get-in (request/ring-request) [:headers "referer"]))]
+ (with-dbt
+ (if-let [cert-user-id (and *client-cert*
+ (:user
+ (query1 "SELECT \"user\" FROM user_rsa_keys
+ WHERE modulus = (?::NUMERIC)
+ AND exponent = (?::NUMERIC)"
+ (str (:modulus *client-cert*))
+ (str (:exponent *client-cert*)))))]
+ (let [cert-user (find-user cert-user-id)]
+ (session/put! :user cert-user-id)
+ (if return-uri
+ (redirect return-uri)
+ (layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"])))
+ (do
+ (session/flash-put! return-uri)
+ (layout login-page-layout "Benki Login"
+ [:div#browserid-box
+ [:h2 "BrowserID login"]
+ [:a#browserid {:href "#"}
+ [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png")
+ :alt "Sign in using BrowserID"}]]]
+ [:div#openid-login-panel
+ [:h2 "OpenID login"]
+ [:form {:action (resolve-uri "/login/authenticate"),
+ :method "GET"
+ :id "openid_form"}
+ [:div {:id "openid_choice"}
+ [:p "Please select your OpenID provider:"]
+ [:div {:id "openid_btns"}]]
+ [:div {:id "openid_input_area"}
+ [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}]
+ [:input {:type "submit"}]]]]))))))
+ \ No newline at end of file
diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj
index d3df4af..0bfe5e9 100644
--- a/src/mulk/benki/util.clj
+++ b/src/mulk/benki/util.clj
@@ -59,7 +59,7 @@
(defn linkrel [& args]
(match [(vec args)]
- [[:login]] (fmt nil "/login")
+ [[:login]] (str (:cert-req-base @benki-config) "/login")
[[:home]] (fmt nil "/")
[[:marx]] (fmt nil "/marx")
[[:marx :submit]] (fmt nil "/marx/submit")