From f58ba7296c88ca1c217f0482c18660f701e4a026 Mon Sep 17 00:00:00 2001 From: Matthias Andreas Benkard Date: Sat, 16 Jun 2012 17:01:38 +0200 Subject: Permit certificate-based login. --- src/mulk/benki/auth.clj | 64 ++++++++++++++++++++++++++++++++----------------- src/mulk/benki/util.clj | 2 +- 2 files changed, 43 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/mulk/benki/auth.clj b/src/mulk/benki/auth.clj index 815fad0..9cbe405 100644 --- a/src/mulk/benki/auth.clj +++ b/src/mulk/benki/auth.clj @@ -19,6 +19,12 @@ (defonce manager (ConsumerManager.)) + +(defn find-user [user-id] + (first (if user-id + (query "SELECT * FROM users WHERE id = ?" user-id) + nil))) + (defn return-from-openid-provider [] (let [parlist (ParameterList. (:query-params (request/ring-request))) discovered (session/get :discovered) @@ -37,9 +43,7 @@ user-id (if openid (:user openid) nil) - user (first (if user-id - (query "SELECT * FROM users WHERE id = ?" user-id) - nil))] + user (find-user user-id)] (if user-id (do (session/put! :user user-id) (if-let [return-uri (session/flash-get)] @@ -101,22 +105,38 @@ )}) (defpage "/login" [] - (session/flash-put! (or (session/flash-get) - (get-in (request/ring-request) [:headers "referer"]))) - (layout login-page-layout "Benki Login" - [:div#browserid-box - [:h2 "BrowserID login"] - [:a#browserid {:href "#"} - [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png") - :alt "Sign in using BrowserID"}]]] - [:div#openid-login-panel - [:h2 "OpenID login"] - [:form {:action (resolve-uri "/login/authenticate"), - :method "GET" - :id "openid_form"} - [:div {:id "openid_choice"} - [:p "Please select your OpenID provider:"] - [:div {:id "openid_btns"}]] - [:div {:id "openid_input_area"} - [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] - [:input {:type "submit"}]]]])) + (let [return-uri (or (session/flash-get) + (get-in (request/ring-request) [:headers "referer"]))] + (with-dbt + (if-let [cert-user-id (and *client-cert* + (:user + (query1 "SELECT \"user\" FROM user_rsa_keys + WHERE modulus = (?::NUMERIC) + AND exponent = (?::NUMERIC)" + (str (:modulus *client-cert*)) + (str (:exponent *client-cert*)))))] + (let [cert-user (find-user cert-user-id)] + (session/put! :user cert-user-id) + (if return-uri + (redirect return-uri) + (layout {} "Authenticated!" [:p "Welcome back, " (:first_name cert-user) "!"]))) + (do + (session/flash-put! return-uri) + (layout login-page-layout "Benki Login" + [:div#browserid-box + [:h2 "BrowserID login"] + [:a#browserid {:href "#"} + [:img {:src (resolve-uri "/3rdparty/browserid/sign_in_orange.png") + :alt "Sign in using BrowserID"}]]] + [:div#openid-login-panel + [:h2 "OpenID login"] + [:form {:action (resolve-uri "/login/authenticate"), + :method "GET" + :id "openid_form"} + [:div {:id "openid_choice"} + [:p "Please select your OpenID provider:"] + [:div {:id "openid_btns"}]] + [:div {:id "openid_input_area"} + [:input {:type "text", :name "openid_identifier", :id "openid_identifier"}] + [:input {:type "submit"}]]]])))))) + \ No newline at end of file diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj index d3df4af..0bfe5e9 100644 --- a/src/mulk/benki/util.clj +++ b/src/mulk/benki/util.clj @@ -59,7 +59,7 @@ (defn linkrel [& args] (match [(vec args)] - [[:login]] (fmt nil "/login") + [[:login]] (str (:cert-req-base @benki-config) "/login") [[:home]] (fmt nil "/") [[:marx]] (fmt nil "/marx") [[:marx :submit]] (fmt nil "/marx/submit") -- cgit v1.2.3