Annotate

mod_openid/mod_openid.lua @ 869:ec791fd8ce87

Return DN in the attributes table with singlematch
author Rob Hoelz <rob@hoelz.ro>
date Mon, 10 Dec 2012 22:14:28 +0100
parent 3:723fd785815f
child 1343:7dbde05b48a9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
1 local usermanager = require "core.usermanager"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
2 local httpserver = require "net.httpserver"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
3 local jidutil = require "util.jid"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
4 local hmac = require "hmac"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
5
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
6 local base64 = require "util.encodings".base64
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
7
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
8 local humane = require "util.serialization".serialize
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
9
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
10 -- Configuration
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
11 local base = "openid"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
12 local openidns = "http://specs.openid.net/auth/2.0" -- [#4.1.2]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
13 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
14
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
15 local associations = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
16
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
17 local function genkey(length)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
18 -- FIXME not cryptographically secure
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
19 str = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
20
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
21 for i = 1,length do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
22 local rand = math.random(33, 126)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
23 table.insert(str, string.char(rand))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
24 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
25
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
26 return table.concat(str)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
27 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
28
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
29 local function tokvstring(dict)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
30 -- key-value encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
31 local str = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
32
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
33 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
34 str = str..k..":"..v.."\n"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
35 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
36
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
37 return str
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
38 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
39
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
40 local function newassoc(key, shared)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
41 -- TODO don't use genkey here
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
42 local handle = genkey(16)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
43 associations[handle] = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
44 associations[handle]["key"] = key
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
45 associations[handle]["shared"] = shared
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
46 associations[handle]["time"] = os.time()
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
47 return handle
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
48 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
49
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
50 local function split(str, sep)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
51 local splits = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
52 str:gsub("([^.."..sep.."]*)"..sep, function(c) table.insert(splits, c) end)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
53 return splits
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
54 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
55
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
56 local function sign(response, key)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
57 local fields = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
58
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
59 for _,field in pairs(split(response["openid.signed"],",")) do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
60 fields[field] = response["openid."..field]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
61 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
62
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
63 -- [#10.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
64 return base64.encode(hmac.sha256(key, tokvstring(fields)))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
65 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
66
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
67 local function urlencode(s)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
68 return (string.gsub(s, "%W",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
69 function(str)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
70 return string.format("%%%02X", string.byte(str))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
71 end))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
72 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
73
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
74 local function urldecode(s)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
75 return(string.gsub(string.gsub(s, "+", " "), "%%(%x%x)",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
76 function(str)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
77 return string.char(tonumber(str,16))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
78 end))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
79 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
80
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
81 local function utctime()
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
82 local now = os.time()
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
83 local diff = os.difftime(now, os.time(os.date("!*t", now)))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
84 return now-diff
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
85 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
86
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
87 local function nonce()
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
88 -- generate a response nonce [#10.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
89 local random = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
90 for i=0,10 do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
91 random = random..string.char(math.random(33,126))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
92 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
93
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
94 local timestamp = os.date("%Y-%m-%dT%H:%M:%SZ", utctime())
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
95
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
96 return timestamp..random
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
97 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
98
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
99 local function query_params(query)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
100 if type(query) == "string" and #query > 0 then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
101 if query:match("=") then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
102 local params = {}
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
103 for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
104 if k and v then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
105 params[urldecode(k)] = urldecode(v)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
106 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
107 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
108 return params
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
109 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
110 return urldecode(query)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
111 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
112 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
113 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
114
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
115 local function split_host_port(combined)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
116 local host = combined
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
117 local port = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
118 local cpos = string.find(combined, ":")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
119 if cpos ~= nil then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
120 host = string.sub(combined, 0, cpos-1)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
121 port = string.sub(combined, cpos+1)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
122 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
123
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
124 return host, port
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
125 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
126
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
127 local function toquerystring(dict)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
128 -- query string encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
129 local str = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
130
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
131 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
132 str = str..urlencode(k).."="..urlencode(v).."&"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
133 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
134
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
135 return string.sub(str, 0, -1)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
136 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
137
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
138 local function match_realm(url, realm)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
139 -- FIXME do actual match [#9.2]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
140 return true
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
141 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
142
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
143 local function handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
144 module:log("debug", "Request at OpenID provider endpoint")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
145
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
146 local params = nil
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
147
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
148 if method == "GET" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
149 params = query_params(request.url.query)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
150 elseif method == "POST" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
151 params = query_params(body)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
152 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
153 -- TODO error
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
154 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
155 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
156
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
157 module:log("debug", "Request Parameters:\n"..humane(params))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
158
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
159 if params["openid.ns"] == openidns then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
160 -- OpenID 2.0 request [#5.1.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
161 if params["openid.mode"] == "associate" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
162 -- Associate mode [#8]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
163 -- TODO implement association
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
164
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
165 -- Error response [#8.2.4]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
166 local openidresponse = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
167 ["ns"] = openidns,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
168 ["session_type"] = params["openid.session_type"],
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
169 ["assoc_type"] = params["openid.assoc_type"],
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
170 ["error"] = "Association not supported... yet",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
171 ["error_code"] = "unsupported-type",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
172 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
173
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
174 local kvresponse = tokvstring(openidresponse)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
175 module:log("debug", "OpenID Response:\n"..kvresponse)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
176 return {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
177 headers = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
178 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
179 },
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
180 body = kvresponse
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
181 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
182 elseif params["openid.mode"] == "checkid_setup" or params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
183 -- Requesting authentication [#9]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
184 if not params["openid.realm"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
185 -- set realm to default value of return_to [#9.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
186 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
187 params["openid.realm"] = params["openid.return_to"]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
188 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
189 -- neither was sent, error [#9.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
190 -- FIXME return proper error
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
191 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
192 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
193 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
194
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
195 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
196 -- Assure that the return_to url matches the realm [#9.2]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
197 if not match_realm(params["openid.return_to"], params["openid.realm"]) then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
198 -- FIXME return proper error
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
199 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
200 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
201
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
202 -- Verify the return url [#9.2.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
203 -- TODO implement return url verification
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
204 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
205
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
206 if params["openid.claimed_id"] and params["openid.identity"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
207 -- asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
208
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
209 if params["openid.identity"] == "http://specs.openid.net/auth/2.0/identifier_select" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
210 -- automatically select an identity [#9.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
211 params["openid.identity"] = params["openid.claimed_id"]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
212 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
213
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
214 if params["openid.mode"] == "checkid_setup" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
215 -- Check ID Setup mode
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
216 -- TODO implement: NEXT STEP
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
217 local head = "<title>Prosody OpenID : Login</title>"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
218 local body = string.format([[
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
219 <p>Open ID Authentication<p>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
220 <p>Identifier: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
221 <p>Realm: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
222 <p>Return: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
223 <form method="POST" action="%s">
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
224 Jabber ID: <input type="text" name="jid"/><br/>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
225 Password: <input type="password" name="password"/><br/>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
226 <input type="hidden" name="openid.return_to" value="%s"/>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
227 <input type="submit" value="Authenticate"/>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
228 </form>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
229 ]], params["openid.claimed_id"], params["openid.realm"], params["openid.return_to"], base, params["openid.return_to"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
230
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
231 return string.format([[
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
232 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
233 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
234 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
235 <head>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
236 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
237 %s
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
238 </head>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
239 <body>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
240 %s
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
241 </body>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
242 </html>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
243 ]], head, body)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
244 elseif params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
245 -- Check ID Immediate mode [#9.3]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
246 -- TODO implement check id immediate
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
247 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
248 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
249 -- not asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
250 -- used for extensions
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
251 -- TODO implement common extensions
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
252 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
253 elseif params["openid.mode"] == "check_authentication" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
254 module:log("debug", "OpenID Check Authentication Mode")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
255 local assoc = associations[params["openid.assoc_handle"]]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
256 module:log("debug", "Checking Association Handle: "..params["openid.assoc_handle"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
257 if assoc and not assoc["shared"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
258 module:log("debug", "Found valid association")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
259 local sig = sign(params, assoc["key"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
260
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
261 local is_valid = "false"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
262 if sig == params["openid.sig"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
263 is_valid = "true"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
264 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
265
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
266 module:log("debug", "Signature is: "..is_valid)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
267
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
268 openidresponse = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
269 ns = openidns,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
270 is_valid = is_valid,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
271 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
272
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
273 -- Delete this association
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
274 associations[params["openid.assoc_handle"]] = nil
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
275 return {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
276 headers = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
277 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
278 },
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
279 body = tokvstring(openidresponse),
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
280 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
281 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
282 module:log("debug", "No valid association")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
283 -- TODO return error
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
284 -- Invalidate the handle [#11.4.2.2]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
285 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
286 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
287 -- Some other mode
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
288 -- TODO error
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
289 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
290 elseif params["password"] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
291 -- User is authenticating
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
292 local user, domain = jidutil.split(params["jid"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
293 module:log("debug", "Authenticating "..params["jid"].." ("..user..","..domain..") with password: "..params["password"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
294 local valid = usermanager.validate_credentials(domain, user, params["password"], "PLAIN")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
295 if valid then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
296 module:log("debug", "Authentication Succeeded: "..params["jid"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
297 if params["openid.return_to"] ~= "" then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
298 -- TODO redirect the user to return_to with the openid response
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
299 -- included, need to handle the case if its a GET, that there are
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
300 -- existing query parameters on the return_to URL [#10.1]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
301 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
302 local endpointurl = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
303 if port == '' then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
304 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
305 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
306 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
307 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
308
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
309 local nonce = nonce()
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
310 local key = genkey(32)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
311 local assoc_handle = newassoc(key)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
312
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
313 local openidresponse = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
314 ["openid.ns"] = openidns,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
315 ["openid.mode"] = "id_res",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
316 ["openid.op_endpoint"] = endpointurl,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
317 ["openid.claimed_id"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
318 ["openid.identity"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
319 ["openid.return_to"] = params["openid.return_to"],
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
320 ["openid.response_nonce"] = nonce,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
321 ["openid.assoc_handle"] = assoc_handle,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
322 ["openid.signed"] = "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce", -- FIXME
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
323 ["openid.sig"] = nil,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
324 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
325
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
326 openidresponse["openid.sig"] = sign(openidresponse, key)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
327
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
328 queryresponse = toquerystring(openidresponse)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
329
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
330 redirecturl = params["openid.return_to"]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
331 -- add the parameters to the return_to
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
332 if redirecturl:match("?") then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
333 redirecturl = redirecturl.."&"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
334 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
335 redirecturl = redirecturl.."?"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
336 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
337
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
338 redirecturl = redirecturl..queryresponse
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
339
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
340 module:log("debug", "Open ID Positive Assertion Response Table:\n"..humane(openidresponse))
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
341 module:log("debug", "Open ID Positive Assertion Response URL:\n"..queryresponse)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
342 module:log("debug", "Redirecting User to:\n"..redirecturl)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
343 return {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
344 status = "303 See Other",
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
345 headers = {
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
346 Location = redirecturl,
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
347 },
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
348 body = "Redirecting to: "..redirecturl -- TODO Include a note with a hyperlink to redirect
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
349 }
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
350 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
351 -- TODO Do something useful is there is no return_to
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
352 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
353 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
354 module:log("debug", "Authentication Failed: "..params["jid"])
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
355 -- TODO let them try again
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
356 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
357 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
358 -- Not an Open ID request, do something useful
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
359 -- TODO
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
360 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
361
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
362 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
363 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
364
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
365 local function handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
366 module:log("debug", "Request at OpenID identifier")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
367 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
368
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
369 local user_name = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
370 local user_domain = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
371 local apos = string.find(id, "@")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
372 if apos == nil then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
373 user_name = id
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
374 user_domain = host
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
375 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
376 user_name = string.sub(id, 0, apos-1)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
377 user_domain = string.sub(id, apos+1)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
378 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
379
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
380 user, domain = jidutil.split(id)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
381
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
382 local exists = usermanager.user_exists(user_name, user_domain)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
383
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
384 if not exists then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
385 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
386 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
387
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
388 local endpointurl = ""
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
389 if port == '' then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
390 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
391 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
392 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
393 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
394
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
395 local head = string.format("<title>Prosody OpenID : %s@%s</title>", user_name, user_domain)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
396 -- OpenID HTML discovery [#7.3]
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
397 head = head .. string.format('<link rel="openid2.provider" href="%s" />', endpointurl)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
398
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
399 local content = 'request.url.path: ' .. request.url.path .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
400 content = content .. 'host+port: ' .. request.headers.host .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
401 content = content .. 'host: ' .. tostring(host) .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
402 content = content .. 'port: ' .. tostring(port) .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
403 content = content .. 'user_name: ' .. user_name .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
404 content = content .. 'user_domain: ' .. user_domain .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
405 content = content .. 'exists: ' .. tostring(exists) .. '<br/>'
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
406
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
407 local body = string.format('<p>%s</p>', content)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
408
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
409 local data = string.format([[
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
410 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
411 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
412 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
413 <head>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
414 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
415 %s
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
416 </head>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
417 <body>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
418 %s
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
419 </body>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
420 </html>
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
421 ]], head, body)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
422 return data;
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
423 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
424
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
425 local function handle_request(method, body, request)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
426 module:log("debug", "Received request")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
427
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
428 -- Make sure the host is enabled
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
429 local host = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
430 if not hosts[host] then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
431 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
432 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
433
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
434 if request.url.path == "/"..base then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
435 -- OpenID Provider Endpoint
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
436 return handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
437 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
438 local id = request.url.path:match("^/"..base.."/(.+)$")
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
439 if id then
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
440 -- OpenID Identifier
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
441 return handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
442 else
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
443 return response_404
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
444 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
445 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
446 end
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
447
723fd785815f mod_openid: Initial commit
Dwayne Bent <dbb.0@liqd.org>
parents:
diff changeset
448 httpserver.new{ port = 5280, base = base, handler = handle_request, ssl = false}