1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#! /usr/bin/env perl
# Copyright 2012, Matthias Andreas Benkard <code@mail.matthias.benkard.de>.
use common::sense;
#use Modern::Perl 2011;
use Modern::Perl;
use JSON;
use CGI;
use CGI::Fast;
use OIDC::Lite;
use OIDC::Lite::Client::WebServer;
do "common.pl";
while (my $cgi = new CGI::Fast) {
load_config();
my $fakedomain = $::MULKONF->{fake_domain};
my $realdomain = $::MULKONF->{real_domain};
my $claimed_email = $cgi->param('email');
$claimed_email =~ s/\@$fakedomain/\@$realdomain/ if $fakedomain && $claimed_email;
given (my $_ = $::MULKONF->{auth_type}) {
when ('imap') {
print $cgi->redirect(reluri($cgi, "authenticate-with-password.html?email=$claimed_email"));
}
when ('google') {
my $oidc_client = OIDC::Lite::Client::WebServer->new(
id => $::MULKONF->{'google_oauth2_client_id'},
secret => $::MULKONF->{'google_oauth2_client_secret'},
authorize_uri => 'https://accounts.google.com/o/oauth2/auth',
access_token_uri => 'https://accounts.google.com/o/oauth2/token'
);
# FIXME: Make `state` a unique, random session token! (Maybe a
# signed, timestamped web token, so stateless?)
print $cgi->redirect($oidc_client->uri_to_redirect(
redirect_uri => reluri($cgi, 'login.pl'),
scope => 'openid email',
state => '',
extra => {
access_type => 'online',
login_hint => $claimed_email,
response_type => 'code'
}
));
}
default {
die "Invalid auth_type! " . $::MULKONF->{auth_type};
}
}
}
|