annotate src/ur/openidUser.ur @ 51:a984dc1c8954

Merge
author Adam Chlipala <adam@chlipala.net>
date Sun, 24 Jul 2011 10:51:35 -0400
parents 328a429dfedb 9c83592de908
children 9f392276d614
rev   line source
adam@26 1 style provider
adam@26 2
adam@26 3 style aol
adam@26 4 style google
adam@26 5 style myspace
adam@26 6 style yahoo
adam@26 7
adam@28 8 datatype choose_result a = Success of a | Failure of string
adam@28 9
kkallio@35 10 signature CTLDISPLAY = sig
kkallio@35 11 val formatUser : xbody -> xbody
greenrd@48 12 val formatLogout : ($([]) -> transaction page) -> xbody
kkallio@35 13 val formatSignup : url -> xbody
kkallio@35 14 val formatLogon : ({User : string} -> transaction page) -> xbody
kkallio@35 15 end
kkallio@35 16
kkallio@35 17 structure DefaultDisplay : CTLDISPLAY = struct
kkallio@35 18 fun formatUser user =
adam@37 19 <xml>You are logged in as {user}.</xml>
kkallio@35 20
greenrd@48 21 fun formatLogout handler =
greenrd@48 22 <xml>
greenrd@48 23 <form><submit value="Logout" action={handler}/></form>
greenrd@48 24 </xml>
kkallio@35 25
kkallio@35 26 fun formatSignup url =
kkallio@35 27 <xml><a href={url}>Sign Up</a></xml>
kkallio@35 28
kkallio@35 29 fun formatLogon handler =
kkallio@35 30 <xml>
kkallio@35 31 <form><textbox{#User}/><submit value="Log In" action={handler}/></form>
kkallio@35 32 </xml>
kkallio@35 33 end
kkallio@35 34
kkallio@35 35
adam@16 36 functor Make(M: sig
adam@16 37 con cols :: {Type}
adam@16 38 constraint [Id] ~ cols
adam@17 39 val folder : folder cols
adam@17 40 val inj : $(map sql_injectable cols)
adam@17 41
adam@17 42 type creationState
adam@17 43 type creationData
adam@17 44 val creationState : transaction creationState
adam@17 45 val render : creationState -> xtable
adam@20 46 val ready : creationState -> signal bool
adam@17 47 val tabulate : creationState -> signal creationData
adam@28 48 val choose : sql_table ([Id = string] ++ cols) [Pkey = [Id]] -> creationData -> transaction (choose_result $cols)
adam@16 49
adam@16 50 val sessionLifetime : int
adam@16 51 val afterLogout : url
adam@16 52 val secureCookies : bool
adam@16 53 val association : Openid.association_mode
adam@16 54 val realm : option string
adam@17 55 val formClass : css_class
adam@23 56 val fakeId : option string
kkallio@31 57
kkallio@35 58 structure CtlDisplay : CTLDISPLAY
adam@16 59 end) = struct
adam@16 60
adam@16 61 type user = string
adam@28 62 val eq_user = _
adam@28 63 val read_user = _
adam@16 64 val show_user = _
adam@16 65 val inj_user = _
adam@16 66
adam@16 67 table user : ([Id = user] ++ M.cols)
adam@16 68 PRIMARY KEY Id
adam@16 69
adam@16 70 table identity : {User : user, Identifier : string}
adam@16 71 PRIMARY KEY (User, Identifier)
adam@16 72
adam@16 73 sequence sessionIds
adam@16 74
adam@16 75 table session : {Id : int, Key : int, Identifier : option string, Expires : time}
adam@16 76 PRIMARY KEY Id
adam@16 77
adam@22 78 datatype authMode =
adam@22 79 SigningUp of {Session : int, Key : int}
adam@22 80 | LoggedIn of {User : user, Session : int, Key : int}
adam@22 81
adam@22 82 cookie auth : authMode
adam@16 83
adam@17 84 val currentUrl =
adam@17 85 b <- currentUrlHasPost;
adam@17 86 if b then
adam@17 87 return M.afterLogout
adam@17 88 else
adam@45 89 b <- currentUrlHasQueryString;
adam@45 90 if b then
adam@45 91 return M.afterLogout
adam@45 92 else
adam@45 93 currentUrl
adam@17 94
adam@50 95 fun current' tweakSession =
adam@22 96 login <- getCookie auth;
adam@16 97 case login of
adam@22 98 Some (LoggedIn login) =>
adam@22 99 (ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
adam@22 100 FROM session
adam@22 101 WHERE session.Id = {[login.Session]}
adam@22 102 AND session.Key = {[login.Key]});
adam@22 103 case ident of
adam@22 104 None => return None
adam@22 105 | Some None => return None
adam@22 106 | Some (Some ident) =>
adam@22 107 valid <- oneRowE1 (SELECT COUNT( * ) > 0
adam@22 108 FROM identity
adam@22 109 WHERE identity.User = {[login.User]}
adam@22 110 AND identity.Identifier = {[ident]});
adam@22 111 if valid then
adam@50 112 tweakSession login.Session;
adam@22 113 return (Some login.User)
adam@22 114 else
adam@22 115 error <xml>Session not authorized to act as user</xml>)
adam@22 116 | _ => return None
adam@16 117
adam@50 118 val current = current' (fn _ => return ())
adam@50 119
adam@50 120 val renew = current' (fn id =>
adam@50 121 now <- now;
adam@50 122 dml (UPDATE session
adam@50 123 SET Expires = {[addSeconds now M.sessionLifetime]}
adam@50 124 WHERE Id = {[id]}))
adam@50 125
adam@17 126 fun validUser s = String.length s > 0 && String.length s < 20
adam@17 127 && String.all Char.isAlnum s
adam@17 128
adam@16 129 fun main wrap =
adam@16 130 let
adam@16 131 fun logout () =
greenrd@48 132 login <- getCookie auth;
adam@22 133 clearCookie auth;
greenrd@48 134 (case login of
greenrd@48 135 Some (LoggedIn login) =>
greenrd@48 136 dml (DELETE FROM session
adam@51 137 WHERE Id = {[login.Session]}
adam@51 138 AND Key = {[login.Key]})
greenrd@48 139 | _ => return ());
adam@16 140 redirect M.afterLogout
adam@16 141
adam@46 142 fun newSession identO =
adam@46 143 ses <- nextval sessionIds;
adam@46 144 now <- now;
adam@46 145 key <- rand;
adam@46 146 dml (INSERT INTO session (Id, Key, Identifier, Expires)
adam@46 147 VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]}));
adam@46 148 return {Session = ses, Key = key}
adam@46 149
adam@17 150 fun signupDetails after =
adam@17 151 let
adam@17 152 fun finishSignup uid data =
adam@17 153 if not (validUser uid) then
adam@17 154 return (Some "That username is not valid. It must be between 1 and 19 characters long, containing only letters and numbers.")
adam@17 155 else
adam@17 156 used <- oneRowE1 (SELECT COUNT( * ) > 0
adam@17 157 FROM user
adam@17 158 WHERE user.Id = {[uid]});
adam@17 159 if used then
adam@17 160 return (Some "That username is taken. Please choose another.")
adam@17 161 else
adam@22 162 ses <- getCookie auth;
adam@17 163 case ses of
adam@17 164 None => return (Some "Missing session cookie")
adam@22 165 | Some (LoggedIn _) => return (Some "Session cookie is for already logged-in user")
adam@22 166 | Some (SigningUp ses) =>
adam@17 167 ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
adam@17 168 FROM session
adam@17 169 WHERE session.Id = {[ses.Session]}
adam@17 170 AND session.Key = {[ses.Key]});
adam@17 171 case ident of
adam@17 172 None => return (Some "Invalid session data")
adam@17 173 | Some None => return (Some "Session has no associated identifier")
adam@17 174 | Some (Some ident) =>
adam@28 175 cols <- M.choose user data;
adam@28 176 case cols of
adam@28 177 Failure s => return (Some s)
adam@28 178 | Success cols =>
adam@46 179 dml (DELETE FROM session
adam@46 180 WHERE Id = {[ses.Session]});
adam@46 181 ses <- newSession (Some ident);
adam@28 182 setCookie auth {Value = LoggedIn ({User = uid} ++ ses),
adam@28 183 Expires = None,
adam@28 184 Secure = M.secureCookies};
adam@17 185
adam@28 186 dml (insert user ({Id = (SQL {[uid]})} ++ @Sql.sqexps M.folder M.inj cols));
adam@28 187 dml (INSERT INTO identity (User, Identifier)
adam@28 188 VALUES ({[uid]}, {[ident]}));
adam@30 189 return None
adam@17 190 in
adam@17 191 uid <- source "";
adam@17 192 cs <- M.creationState;
adam@17 193
adam@17 194 wrap "Your User Details" <xml>
adam@17 195 <table class={M.formClass}>
adam@17 196 <tr> <th class={M.formClass}>Username:</th> <td><ctextbox source={uid}/></td> </tr>
adam@17 197 {M.render cs}
adam@20 198 <tr> <td><dyn signal={b <- M.ready cs;
adam@20 199 return (if b then
adam@20 200 <xml><button value="Create Account"
adam@20 201 onclick={uid <- get uid;
adam@20 202 data <- Basis.current (M.tabulate cs);
adam@20 203 res <- rpc (finishSignup uid data);
adam@20 204 case res of
adam@20 205 None => redirect (bless after)
adam@20 206 | Some msg => alert msg}/></xml>
adam@20 207 else
adam@20 208 <xml/>)}/></td> </tr>
adam@17 209 </table>
adam@17 210 </xml>
adam@17 211 end
adam@17 212
adam@16 213 fun opCallback after ses res =
adam@16 214 case res of
adam@16 215 Openid.Canceled => error <xml>You canceled the login process.</xml>
adam@16 216 | Openid.Failure s => error <xml>Login failed: {[s]}</xml>
adam@16 217 | Openid.AuthenticatedAs ident =>
adam@22 218 av <- getCookie auth;
adam@22 219 case av of
adam@22 220 Some (SigningUp signup) =>
adam@16 221 if signup.Session <> ses then
adam@16 222 error <xml>Session has changed suspiciously</xml>
adam@16 223 else
adam@16 224 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@16 225 FROM session
adam@16 226 WHERE session.Id = {[signup.Session]}
adam@16 227 AND session.Key = {[signup.Key]});
adam@16 228 if invalid then
adam@16 229 error <xml>Invalid or expired session</xml>
adam@16 230 else
adam@46 231 dml (DELETE FROM session
adam@17 232 WHERE Id = {[signup.Session]});
adam@46 233 ses <- newSession (Some ident);
adam@46 234 setCookie auth {Value = SigningUp ses,
adam@46 235 Expires = None,
adam@46 236 Secure = M.secureCookies};
adam@17 237 signupDetails after
adam@22 238 | Some (LoggedIn login) =>
adam@22 239 if login.Session <> ses then
adam@22 240 error <xml>Session has changed suspiciously</xml>
adam@22 241 else
adam@22 242 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@22 243 FROM session
adam@22 244 WHERE session.Id = {[login.Session]}
adam@22 245 AND session.Key = {[login.Key]});
adam@22 246 if invalid then
adam@22 247 error <xml>Invalid or expired session</xml>
adam@16 248 else
adam@46 249 dml (DELETE FROM session
adam@22 250 WHERE Id = {[login.Session]});
adam@46 251 ses <- newSession (Some ident);
adam@46 252 setCookie auth {Value = LoggedIn ({User = login.User} ++ ses),
adam@46 253 Expires = None,
adam@46 254 Secure = M.secureCookies};
adam@22 255 redirect (bless after)
adam@22 256 | None => error <xml>Missing session cookie</xml>
adam@16 257
adam@23 258 fun fakeCallback ident after ses =
adam@23 259 av <- getCookie auth;
adam@23 260 case av of
adam@23 261 Some (SigningUp signup) =>
adam@23 262 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@23 263 FROM session
adam@23 264 WHERE session.Id = {[signup.Session]}
adam@23 265 AND session.Key = {[signup.Key]});
adam@23 266 if invalid then
adam@23 267 error <xml>Invalid or expired session</xml>
adam@23 268 else
adam@23 269 dml (UPDATE session
adam@23 270 SET Identifier = {[Some ident]}
adam@23 271 WHERE Id = {[signup.Session]});
adam@23 272 signupDetails after
adam@23 273 | Some (LoggedIn login) =>
adam@23 274 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@23 275 FROM session
adam@23 276 WHERE session.Id = {[login.Session]}
adam@23 277 AND session.Key = {[login.Key]});
adam@23 278 if invalid then
adam@23 279 error <xml>Invalid or expired session</xml>
adam@23 280 else
adam@23 281 dml (UPDATE session
adam@23 282 SET Identifier = {[Some ident]}
adam@23 283 WHERE Id = {[login.Session]});
adam@23 284 redirect (bless after)
adam@23 285 | None => error <xml>Missing session cookie</xml>
adam@23 286
adam@17 287 fun logon after r =
adam@16 288 ident <- oneOrNoRowsE1 (SELECT (identity.Identifier)
adam@16 289 FROM identity
adam@16 290 WHERE identity.User = {[r.User]}
adam@16 291 LIMIT 1);
adam@16 292 case ident of
adam@16 293 None => error <xml>Username not found</xml>
adam@16 294 | Some ident =>
adam@46 295 ses <- newSession None;
adam@22 296 setCookie auth {Value = LoggedIn (r ++ ses),
adam@22 297 Expires = None,
adam@22 298 Secure = M.secureCookies};
adam@16 299 ses <- return ses.Session;
adam@23 300 if M.fakeId = Some ident then
adam@23 301 fakeCallback ident after ses
adam@23 302 else
adam@23 303 msg <- Openid.authenticate (opCallback after ses)
adam@23 304 {Association = M.association,
adam@23 305 Realm = M.realm,
adam@39 306 Identifier = Openid.KnownIdentifier ident};
adam@23 307 error <xml>Login with your identity provider failed: {[msg]}</xml>
adam@16 308
adam@16 309 fun doSignup after r =
adam@46 310 ses <- newSession None;
adam@22 311 setCookie auth {Value = SigningUp ses,
adam@22 312 Expires = None,
adam@22 313 Secure = M.secureCookies};
adam@16 314 ses <- return ses.Session;
adam@23 315 if M.fakeId = Some r.Identifier then
adam@23 316 fakeCallback r.Identifier after ses
adam@23 317 else
adam@23 318 msg <- Openid.authenticate (opCallback after ses)
adam@23 319 {Association = M.association,
adam@23 320 Realm = M.realm,
adam@39 321 Identifier = Openid.ChooseIdentifier r.Identifier};
adam@23 322 error <xml>Login with your identity provider failed: {[msg]}</xml>
adam@16 323
adam@22 324 fun signup after =
adam@26 325 let
adam@27 326 fun fixed cls url =
adam@26 327 let
adam@26 328 fun doFixedButton () =
adam@26 329 doSignup after {Identifier = url}
adam@26 330 in
adam@26 331 <xml><form class={provider}>
adam@27 332 <submit class={cls} value="" action={doFixedButton}/>
adam@26 333 </form></xml>
adam@26 334 end
adam@26 335 in
adam@26 336 wrap "Account Signup" <xml>
adam@26 337 <p>This web site uses the <b><a href="http://openid.net/">OpenID</a></b> standard, which lets you log in using your account from one of several popular web sites, without revealing your password to us.</p>
adam@26 338
adam@26 339 <p>You may click one of these buttons to choose to use your account from that site:</p>
adam@27 340 {fixed aol "https://openid.aol.com/"}
adam@27 341 {fixed google "https://www.google.com/accounts/o8/id"}
adam@27 342 {fixed myspace "https://www.myspace.com/openid"}
adam@27 343 {fixed yahoo "https://me.yahoo.com/"}
adam@26 344
adam@26 345 <p>Visitors familiar with the details of OpenID may also enter their own identifiers:</p>
adam@26 346 <form>
adam@26 347 OpenID Identifier: <textbox{#Identifier}/><br/>
adam@26 348 <submit value="Sign Up" action={doSignup after}/>
adam@26 349 </form>
adam@26 350 </xml>
adam@26 351 end
adam@16 352 in
adam@16 353 cur <- current;
adam@17 354 here <- currentUrl;
kkallio@35 355
adam@16 356 case cur of
kkallio@35 357 Some cur => return {Status = (M.CtlDisplay.formatUser <xml>{[cur]}</xml>),
greenrd@48 358 Other = {Url = None,
greenrd@48 359 Xml = (M.CtlDisplay.formatLogout logout)}}
kkallio@35 360 | None => return {Status = (M.CtlDisplay.formatLogon (logon (show here))),
greenrd@48 361 Other = {Url = Some (url (signup (show here))),
kkallio@35 362 Xml = (M.CtlDisplay.formatSignup (url (signup (show here))))}}
adam@16 363 end
adam@16 364
adam@16 365 task periodic 60 = fn () => dml (DELETE FROM session
adam@21 366 WHERE Expires < CURRENT_TIMESTAMP)
adam@16 367
adam@16 368 end