From 74104ecda187779baf9beefd48905b15918265dc Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Fri, 16 May 2008 19:17:46 +0000 Subject: [PATCH] more openid setup --- webcit/auth.c | 60 +++++++++++++++++++++++++++++++++++++++++-------- webcit/webcit.c | 6 +++-- webcit/webcit.h | 1 + 3 files changed, 56 insertions(+), 11 deletions(-) diff --git a/webcit/auth.c b/webcit/auth.c index 5a04806cd..cee4bbf50 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -336,6 +336,7 @@ void extract_link(char *target_buf, int target_size, char *rel, char *source_buf /* * Perform authentication using OpenID + * assemble the checkid_immediate request and then redirect to the user's identity provider */ void do_openid_login(void) { @@ -361,9 +362,6 @@ void do_openid_login(void) extract_link(openid_server, sizeof openid_server, "openid.server", buf); extract_link(openid_delegate, sizeof openid_delegate, "openid.delegate", buf); - lprintf(9, " Server: %s\n", openid_server); - lprintf(9, "Delegate: %s\n", openid_delegate); - /* Empty delegate is legal; we just use the openid_url instead */ if (IsEmptyStr(openid_delegate)) { safestrncpy(openid_delegate, bstr("openid_url"), sizeof openid_delegate); @@ -371,16 +369,60 @@ void do_openid_login(void) /* Now we know where to redirect to. */ - // char redirect_string[4096]; - - lprintf(9, "identity: %s\n", openid_delegate); - lprintf(9, "return_to: %s://%s/foo\n", (is_https ? "https" : "http"), WC->http_host); - lprintf(9, "trust_root: %s://%s\n", (is_https ? "https" : "http"), WC->http_host); - + char redirect_string[4096]; + char escaped_identity[1024]; + char escaped_return_to[1024]; + char escaped_trust_root[1024]; + + stresc(escaped_identity, sizeof escaped_identity, openid_delegate, 0, 1); + + snprintf(buf, sizeof buf, "%s://%s/finish_openid_login", + (is_https ? "https" : "http"), WC->http_host); + stresc(escaped_return_to, sizeof escaped_identity, buf, 0, 1); + + snprintf(buf, sizeof buf, "%s://%s", + (is_https ? "https" : "http"), WC->http_host); + stresc(escaped_trust_root, sizeof escaped_identity, buf, 0, 1); + + snprintf(redirect_string, sizeof redirect_string, + "%s" + "?openid.mode=checkid_immediate" + "&openid_identity=%s" + "&openid.return_to=%s" + "&openid.trust_root=%s" + , + openid_server, escaped_identity, escaped_return_to, escaped_trust_root + ); + http_redirect(redirect_string); + return; + } + } + /* If we get to this point then something failed. */ + display_openid_login(_("Your password was not accepted.")); +} +/* + * Perform authentication using OpenID + * assemble the checkid_immediate request and then redirect to the user's identity provider + */ +void finish_openid_login(void) +{ + if (havebstr("openid.mode")) { + if (!strcasecmp(bstr("openid.mode"), "error")) { + if (havebstr("openid.error")) { + display_openid_login(bstr("openid.error")); + } + else { + display_openid_login(_("Your password was not accepted.")); + } + return; } } + + + // FIXME finish this + if (WC->logged_in) { if (WC->need_regi) { display_reg(1); diff --git a/webcit/webcit.c b/webcit/webcit.c index f3d221229..1aea8de37 100644 --- a/webcit/webcit.c +++ b/webcit/webcit.c @@ -1715,10 +1715,12 @@ void session_loop(struct httprequest *req) */ } else if ((!WC->logged_in) && (!strcasecmp(action, "login"))) { do_login(); - } else if ((!WC->logged_in) && (!strcasecmp(action, "openid_login"))) { - do_openid_login(); } else if ((!WC->logged_in) && (!strcasecmp(action, "display_openid_login"))) { display_openid_login(NULL); + } else if ((!WC->logged_in) && (!strcasecmp(action, "openid_login"))) { + do_openid_login(); + } else if ((!WC->logged_in) && (!strcasecmp(action, "finish_openid_login"))) { + finish_openid_login(); } else if (!WC->logged_in) { display_login(NULL); } diff --git a/webcit/webcit.h b/webcit/webcit.h index 93b71c625..d1fc1b188 100644 --- a/webcit/webcit.h +++ b/webcit/webcit.h @@ -485,6 +485,7 @@ void locate_host(char *, int); void become_logged_in(char *, char *, char *); void do_login(void); void do_openid_login(void); +void finish_openid_login(void); void display_login(char *mesg); void display_openid_login(char *mesg); void do_welcome(void); -- 2.39.2