From cb7b221bd15a30083ef39547ed31205337bd6c62 Mon Sep 17 00:00:00 2001
From: Matthias Andreas Benkard <code@mail.matthias.benkard.de>
Date: Mon, 14 Nov 2011 21:39:16 +0100
Subject: Partially implement OpenID login support.

---
 src/mulk/benki/auth.clj | 53 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 50 insertions(+), 3 deletions(-)

(limited to 'src/mulk/benki/auth.clj')

diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj
index 36465f1..9105a21 100644
--- a/src/mulk/benki/auth.clj
+++ b/src/mulk/benki/auth.clj
@@ -1,14 +1,61 @@
 (ns mulk.benki.auth
   (:refer-clojure)
   (:use [clojure         core repl pprint]
-        [clojure.contrib error-kit]
+        [clojure.contrib repl-utils]
         [hiccup core     page-helpers]
         [mulk.benki      util]
         [clojure.core.match.core
          :only [match]]
-        noir.core))
+        [noir            core])
+  (:require [noir.session  :as session]
+            [noir.response :as response]
+            [noir.request  :as request])
+  (:import [org.openid4java.consumer ConsumerManager]
+           [org.openid4java.message ParameterList]))
+
+
+(defonce manager (ConsumerManager.))
+
+
+(defpartial return-from-openid-provider []
+  (let [parlist      (ParameterList. (:query-params (request/ring-request)))
+        discovered   (session/get :discovered)
+        ;; Does the following work for POST requests?
+        request-uri  (str "http://localhost:3001/login/return"
+                          ;;(resolve-uri "/login/return")
+                          (let [query-string (:query-string (request/ring-request))]
+                            (if query-string
+                              (str "?" query-string)
+                              "")))
+        verification (.verify manager request-uri parlist discovered)
+        id           (.getVerifiedId verification)]
+    (if id
+      (layout "Authenticated!"
+              [:p "Authentication result: " [:strong [:code (escape-html (fmt nil "~S" (bean id)))]]
+               " (identifier: " [:strong [:code (escape-html (.getIdentifier id))]] ")"])
+      (layout "Authentication Failed"))))
+
+(defpage [:post "/login/return"] []
+  (return-from-openid-provider))
+
+(defpage "/login/return" []
+  (return-from-openid-provider))
+
+
+(defpage "/login/authenticate" {openid :openid}
+  (let [discoveries (.discover     manager openid)
+        discovered  (.associate    manager discoveries)
+        authreq     (.authenticate manager discovered ;;(resolve-uri "/login/return")
+                                   "http://localhost:3001/login/return"
+                                   )]
+    (session/put! :discovered discovered)
+    (response/redirect (.getDestinationUrl authreq true))))
 
 
 (defpage "/login" []
   (layout "Benki Login"
-    []))
+    [:p "Please enter your OpenID:"]
+    [:form {:action (resolve-uri "/login/authenticate"),
+            :method "GET"}
+     [:input {:type "text", :name "openid"}]
+     [:input {:type "submit"}]]))
-- 
cgit v1.2.3