more openid setup

author Art Cancro <ajc@citadel.org>

Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)

committer Art Cancro <ajc@citadel.org>

Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)
author Art Cancro <ajc@citadel.org>
Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)
committer Art Cancro <ajc@citadel.org>
Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)
diff --git a/webcit/auth.c b/webcit/auth.c

index 5a04806cd4f4952529e4e68b3e6fd21359b169d7..cee4bbf508eec6bda13bb950bf38c8d47d8d8376 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -336,6 +336,7 @@ void extract_link(char *target_buf, int target_size, char *rel, char *source_buf
  
  /* 
   * Perform authentication using OpenID
+ * assemble the checkid_immediate request and then redirect to the user's identity provider
   */
  void do_openid_login(void)
  {
@@ -361,9 +362,6 @@ void do_openid_login(void)
                         extract_link(openid_server, sizeof openid_server, "openid.server", buf);
                         extract_link(openid_delegate, sizeof openid_delegate, "openid.delegate", buf);
  
-                       lprintf(9, "  Server: %s\n", openid_server);
-                       lprintf(9, "Delegate: %s\n", openid_delegate);
-
                         /* Empty delegate is legal; we just use the openid_url instead */
                         if (IsEmptyStr(openid_delegate)) {
                                 safestrncpy(openid_delegate, bstr("openid_url"), sizeof openid_delegate);
@@ -371,16 +369,60 @@ void do_openid_login(void)
  
                         /* Now we know where to redirect to. */
  
-                       // char redirect_string[4096];
-
-                       lprintf(9, "identity:   %s\n", openid_delegate);
-                       lprintf(9, "return_to:  %s://%s/foo\n", (is_https ? "https" : "http"), WC->http_host);
-                       lprintf(9, "trust_root: %s://%s\n", (is_https ? "https" : "http"), WC->http_host);
-
+                       char redirect_string[4096];
+                       char escaped_identity[1024];
+                       char escaped_return_to[1024];
+                       char escaped_trust_root[1024];
+
+                       stresc(escaped_identity, sizeof escaped_identity, openid_delegate, 0, 1);
+
+                       snprintf(buf, sizeof buf, "%s://%s/finish_openid_login",
+                               (is_https ? "https" : "http"), WC->http_host);
+                       stresc(escaped_return_to, sizeof escaped_identity, buf, 0, 1);
+
+                       snprintf(buf, sizeof buf, "%s://%s",
+                               (is_https ? "https" : "http"), WC->http_host);
+                       stresc(escaped_trust_root, sizeof escaped_identity, buf, 0, 1);
+
+                       snprintf(redirect_string, sizeof redirect_string,
+                               "%s"
+                               "?openid.mode=checkid_immediate"
+                               "&openid_identity=%s"
+                               "&openid.return_to=%s"
+                               "&openid.trust_root=%s"
+                               ,
+                               openid_server, escaped_identity, escaped_return_to, escaped_trust_root
+                       );
+                       http_redirect(redirect_string);
+                       return;
+               }
+       }
  
+       /* If we get to this point then something failed. */
+       display_openid_login(_("Your password was not accepted."));
+}
  
+/* 
+ * Perform authentication using OpenID
+ * assemble the checkid_immediate request and then redirect to the user's identity provider
+ */
+void finish_openid_login(void)
+{
+       if (havebstr("openid.mode")) {
+               if (!strcasecmp(bstr("openid.mode"), "error")) {
+                       if (havebstr("openid.error")) {
+                               display_openid_login(bstr("openid.error"));
+                       }
+                       else {
+                               display_openid_login(_("Your password was not accepted."));
+                       }
+                       return;
                 }
         }
+
+
+       // FIXME finish this
+
         if (WC->logged_in) {
                 if (WC->need_regi) {
                         display_reg(1);
diff --git a/webcit/webcit.c b/webcit/webcit.c

index f3d221229b3a979c1ff22aea2fc03734fa60da33..1aea8de3775c14252e07fb7007ce6a9073987f45 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -1715,10 +1715,12 @@ void session_loop(struct httprequest *req)
          */
         } else if ((!WC->logged_in) && (!strcasecmp(action, "login"))) {
                 do_login();
-       } else if ((!WC->logged_in) && (!strcasecmp(action, "openid_login"))) {
-               do_openid_login();
         } else if ((!WC->logged_in) && (!strcasecmp(action, "display_openid_login"))) {
                 display_openid_login(NULL);
+       } else if ((!WC->logged_in) && (!strcasecmp(action, "openid_login"))) {
+               do_openid_login();
+       } else if ((!WC->logged_in) && (!strcasecmp(action, "finish_openid_login"))) {
+               finish_openid_login();
         } else if (!WC->logged_in) {
                 display_login(NULL);
         }
diff --git a/webcit/webcit.h b/webcit/webcit.h

index 93b71c6258e68d3eac1fd2b13f1fa61a752c579c..d1fc1b1884b9aac04ac206a6ad44f7318bab622c 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -485,6 +485,7 @@ void locate_host(char *, int);
  void become_logged_in(char *, char *, char *);
  void do_login(void);
  void do_openid_login(void);
+void finish_openid_login(void);
  void display_login(char *mesg);
  void display_openid_login(char *mesg);
  void do_welcome(void);
author	Art Cancro <ajc@citadel.org>
	Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)
committer	Art Cancro <ajc@citadel.org>
	Fri, 16 May 2008 19:17:46 +0000 (19:17 +0000)
webcit/auth.c		patch \| blob \| history
webcit/webcit.c		patch \| blob \| history
webcit/webcit.h		patch \| blob \| history