Mercurial > openid
annotate tests/utest.ur @ 46:72e942423f26
Based on a security suggestion by Robin Green, start a new session after authentication at an OP and after submission of a signup form
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Sun, 03 Jul 2011 17:52:29 -0400 |
| parents | df258dbf4739 |
| children | 9f392276d614 |
| rev | line source |
|---|---|
| adam@19 | 1 style inputs |
| adam@19 | 2 |
| adam@19 | 3 structure U = OpenidUser.Make(struct |
| adam@19 | 4 con cols = [Nam = string] |
| adam@19 | 5 |
| adam@19 | 6 val sessionLifetime = 3600 |
| adam@19 | 7 val afterLogout = bless "/main" |
| adam@19 | 8 val secureCookies = False |
| adam@19 | 9 val association = Openid.Stateful {AssociationType = Openid.HMAC_SHA256, |
| adam@19 | 10 AssociationSessionType = Openid.NoEncryption} |
| adam@19 | 11 val realm = None |
| adam@19 | 12 |
| adam@19 | 13 val creationState = |
| adam@19 | 14 n <- source ""; |
| adam@19 | 15 return {Nam = n} |
| adam@19 | 16 |
| adam@19 | 17 fun render r = <xml> |
| adam@19 | 18 <tr> <th class={inputs}>Name:</th> <td><ctextbox source={r.Nam}/></td> </tr> |
| adam@19 | 19 </xml> |
| adam@19 | 20 |
| adam@21 | 21 fun ready _ = return True |
| adam@21 | 22 |
| adam@19 | 23 fun tabulate r = |
| adam@19 | 24 n <- signal r.Nam; |
| adam@19 | 25 return {Nam = n} |
| adam@19 | 26 |
| adam@29 | 27 fun choose _ r = return (OpenidUser.Success r) |
| adam@19 | 28 |
| adam@19 | 29 val formClass = inputs |
| adam@23 | 30 |
| adam@23 | 31 val fakeId = None |
| adam@32 | 32 |
| kkallio@36 | 33 structure CtlDisplay = OpenidUser.DefaultDisplay |
| adam@19 | 34 end) |
| adam@19 | 35 |
| adam@19 | 36 fun wrap title body = |
| adam@19 | 37 userStuff <- U.main wrap; |
| adam@19 | 38 return <xml><head> |
| adam@19 | 39 <title>{[title]}</title> |
| adam@19 | 40 </head><body> |
| adam@25 | 41 {userStuff.Status}<br/> |
| kkallio@36 | 42 {userStuff.Other.Xml} |
| adam@19 | 43 |
| adam@19 | 44 <h1>{[title]}</h1> |
| adam@19 | 45 |
| adam@19 | 46 {body} |
| adam@19 | 47 </body></xml> |
| adam@19 | 48 |
| adam@19 | 49 fun main () = |
| adam@19 | 50 whoami <- U.current; |
| adam@19 | 51 wrap "Main page" (case whoami of |
| adam@19 | 52 None => <xml>I don't think you're logged in.</xml> |
| adam@19 | 53 | Some whoami => <xml>Apparently you are <b>{[whoami]}</b>!</xml>) |