diff options
author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-06-16 17:01:38 +0200 |
---|---|---|
committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-06-16 17:01:38 +0200 |
commit | f58ba7296c88ca1c217f0482c18660f701e4a026 (patch) | |
tree | 78970aaaddcc55e901b6a0d10e7136b94731e5cb /src | |
parent | a6f651c0f9def5efbd0e034514d320818d06e7c6 (diff) |
Permit certificate-based login.
Diffstat (limited to 'src')
-rw-r--r-- | src/mulk/benki/auth.clj | 64 | ||||
-rw-r--r-- | src/mulk/benki/util.clj | 2 |
2 files changed, 43 insertions, 23 deletions
diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj index 815fad0..9cbe405 100644 --- a/src/mulk/benki/auth.clj +++ b/src/mulk/benki/auth.clj @@ -19,6 +19,12 @@ (defonce manager (ConsumerManager.)) + +(defn find-user [user-id] + (first (if user-id + (query "SELECT * FROM users WHERE id = ?" user-id) + nil))) + (defn return-from-openid-provider [] (let [parlist (ParameterList. (:query-params (request/ring-request))) discovered (session/get :discovered) @@ -37,9 +43,7 @@ user-id (if openid (:user openid) nil) - user (first (if user-id - (query "SELECT * FROM users WHERE id = ?" user-id) - nil))] + user (find-user user-id)] (if user-id (do (session/put! :user user-id) (if-let [return-uri (session/flash-get)] @@ -101,22 +105,38 @@ )}) (defpage "/login" [] - (session/flash-put! (or (session/flash-get) - (get-in (request/ring-request) [:headers "referer"]))) - (layout login-page-layout "Benki Login" - [:div#browserid-box - [:h2 "BrowserID login"] - [:a#browserid {:href "#"} - [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png") - :alt "Sign in using BrowserID"}]]] - [:div#openid-login-panel - [:h2 "OpenID login"] - [:form {:action (resolve-uri "/login/authenticate"), - :method "GET" - :id "openid_form"} - [:div {:id "openid_choice"} - [:p "Please select your OpenID provider:"] - [:div {:id "openid_btns"}]] - [:div {:id "openid_input_area"} - [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] - [:input {:type "submit"}]]]])) + (let [return-uri (or (session/flash-get) + (get-in (request/ring-request) [:headers "referer"]))] + (with-dbt + (if-let [cert-user-id (and *client-cert* + (:user + (query1 "SELECT \"user\" FROM user_rsa_keys + WHERE modulus = (?::NUMERIC) + AND exponent = (?::NUMERIC)" + (str (:modulus *client-cert*)) + (str (:exponent *client-cert*)))))] + (let [cert-user (find-user cert-user-id)] + (session/put! :user cert-user-id) + (if return-uri + (redirect return-uri) + (layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"]))) + (do + (session/flash-put! return-uri) + (layout login-page-layout "Benki Login" + [:div#browserid-box + [:h2 "BrowserID login"] + [:a#browserid {:href "#"} + [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png") + :alt "Sign in using BrowserID"}]]] + [:div#openid-login-panel + [:h2 "OpenID login"] + [:form {:action (resolve-uri "/login/authenticate"), + :method "GET" + :id "openid_form"} + [:div {:id "openid_choice"} + [:p "Please select your OpenID provider:"] + [:div {:id "openid_btns"}]] + [:div {:id "openid_input_area"} + [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] + [:input {:type "submit"}]]]])))))) +
\ No newline at end of file diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj index d3df4af..0bfe5e9 100644 --- a/src/mulk/benki/util.clj +++ b/src/mulk/benki/util.clj @@ -59,7 +59,7 @@ (defn linkrel [& args] (match [(vec args)] - [[:login]] (fmt nil "/login") + [[:login]] (str (:cert-req-base @benki-config) "/login") [[:home]] (fmt nil "/") [[:marx]] (fmt nil "/marx") [[:marx :submit]] (fmt nil "/marx/submit") |