Ur/Web OpenID Library: src/ur/openidUser.ur annotate

annotate src/ur/openidUser.ur @ 47:ba203b170476

Use uw_streq(); update to newer Autoconf

author	Adam Chlipala <adam@chlipala.net>
date	Tue, 19 Jul 2011 09:27:10 -0400
parents	72e942423f26
children	9c83592de908 328a429dfedb

rev	line source
adam@26	1 style provider
adam@26	2
adam@26	3 style aol
adam@26	4 style google
adam@26	5 style myspace
adam@26	6 style yahoo
adam@26	7
adam@28	8 datatype choose_result a = Success of a \| Failure of string
adam@28	9
kkallio@35	10 signature CTLDISPLAY = sig
kkallio@35	11 val formatUser : xbody -> xbody
kkallio@35	12 val formatLogout : url -> xbody
kkallio@35	13 val formatSignup : url -> xbody
kkallio@35	14 val formatLogon : ({User : string} -> transaction page) -> xbody
kkallio@35	15 end
kkallio@35	16
kkallio@35	17 structure DefaultDisplay : CTLDISPLAY = struct
kkallio@35	18 fun formatUser user =
adam@37	19 <xml>You are logged in as {user}.</xml>
kkallio@35	20
kkallio@35	21 fun formatLogout url =
kkallio@35	22 <xml><a href={url}>Log Out</a></xml>
kkallio@35	23
kkallio@35	24 fun formatSignup url =
kkallio@35	25 <xml><a href={url}>Sign Up</a></xml>
kkallio@35	26
kkallio@35	27 fun formatLogon handler =
kkallio@35	28 <xml>
kkallio@35	29 <form><textbox{#User}/><submit value="Log In" action={handler}/></form>
kkallio@35	30 </xml>
kkallio@35	31 end
kkallio@35	32
kkallio@35	33
adam@16	34 functor Make(M: sig
adam@16	35 con cols :: {Type}
adam@16	36 constraint [Id] ~ cols
adam@17	37 val folder : folder cols
adam@17	38 val inj : $(map sql_injectable cols)
adam@17	39
adam@17	40 type creationState
adam@17	41 type creationData
adam@17	42 val creationState : transaction creationState
adam@17	43 val render : creationState -> xtable
adam@20	44 val ready : creationState -> signal bool
adam@17	45 val tabulate : creationState -> signal creationData
adam@28	46 val choose : sql_table ([Id = string] ++ cols) [Pkey = [Id]] -> creationData -> transaction (choose_result $cols)
adam@16	47
adam@16	48 val sessionLifetime : int
adam@16	49 val afterLogout : url
adam@16	50 val secureCookies : bool
adam@16	51 val association : Openid.association_mode
adam@16	52 val realm : option string
adam@17	53 val formClass : css_class
adam@23	54 val fakeId : option string
kkallio@31	55
kkallio@35	56 structure CtlDisplay : CTLDISPLAY
adam@16	57 end) = struct
adam@16	58
adam@16	59 type user = string
adam@28	60 val eq_user = _
adam@28	61 val read_user = _
adam@16	62 val show_user = _
adam@16	63 val inj_user = _
adam@16	64
adam@16	65 table user : ([Id = user] ++ M.cols)
adam@16	66 PRIMARY KEY Id
adam@16	67
adam@16	68 table identity : {User : user, Identifier : string}
adam@16	69 PRIMARY KEY (User, Identifier)
adam@16	70
adam@16	71 sequence sessionIds
adam@16	72
adam@16	73 table session : {Id : int, Key : int, Identifier : option string, Expires : time}
adam@16	74 PRIMARY KEY Id
adam@16	75
adam@22	76 datatype authMode =
adam@22	77 SigningUp of {Session : int, Key : int}
adam@22	78 \| LoggedIn of {User : user, Session : int, Key : int}
adam@22	79
adam@22	80 cookie auth : authMode
adam@16	81
adam@17	82 val currentUrl =
adam@17	83 b <- currentUrlHasPost;
adam@17	84 if b then
adam@17	85 return M.afterLogout
adam@17	86 else
adam@45	87 b <- currentUrlHasQueryString;
adam@45	88 if b then
adam@45	89 return M.afterLogout
adam@45	90 else
adam@45	91 currentUrl
adam@17	92
adam@16	93 val current =
adam@22	94 login <- getCookie auth;
adam@16	95 case login of
adam@22	96 Some (LoggedIn login) =>
adam@22	97 (ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
adam@22	98 FROM session
adam@22	99 WHERE session.Id = {[login.Session]}
adam@22	100 AND session.Key = {[login.Key]});
adam@22	101 case ident of
adam@22	102 None => return None
adam@22	103 \| Some None => return None
adam@22	104 \| Some (Some ident) =>
adam@22	105 valid <- oneRowE1 (SELECT COUNT( * ) > 0
adam@22	106 FROM identity
adam@22	107 WHERE identity.User = {[login.User]}
adam@22	108 AND identity.Identifier = {[ident]});
adam@22	109 if valid then
adam@22	110 return (Some login.User)
adam@22	111 else
adam@22	112 error <xml>Session not authorized to act as user</xml>)
adam@22	113 \| _ => return None
adam@16	114
adam@17	115 fun validUser s = String.length s > 0 && String.length s < 20
adam@17	116 && String.all Char.isAlnum s
adam@17	117
adam@16	118 fun main wrap =
adam@16	119 let
adam@16	120 fun logout () =
adam@22	121 clearCookie auth;
adam@16	122 redirect M.afterLogout
adam@16	123
adam@46	124 fun newSession identO =
adam@46	125 ses <- nextval sessionIds;
adam@46	126 now <- now;
adam@46	127 key <- rand;
adam@46	128 dml (INSERT INTO session (Id, Key, Identifier, Expires)
adam@46	129 VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]}));
adam@46	130 return {Session = ses, Key = key}
adam@46	131
adam@17	132 fun signupDetails after =
adam@17	133 let
adam@17	134 fun finishSignup uid data =
adam@17	135 if not (validUser uid) then
adam@17	136 return (Some "That username is not valid. It must be between 1 and 19 characters long, containing only letters and numbers.")
adam@17	137 else
adam@17	138 used <- oneRowE1 (SELECT COUNT( * ) > 0
adam@17	139 FROM user
adam@17	140 WHERE user.Id = {[uid]});
adam@17	141 if used then
adam@17	142 return (Some "That username is taken. Please choose another.")
adam@17	143 else
adam@22	144 ses <- getCookie auth;
adam@17	145 case ses of
adam@17	146 None => return (Some "Missing session cookie")
adam@22	147 \| Some (LoggedIn _) => return (Some "Session cookie is for already logged-in user")
adam@22	148 \| Some (SigningUp ses) =>
adam@17	149 ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
adam@17	150 FROM session
adam@17	151 WHERE session.Id = {[ses.Session]}
adam@17	152 AND session.Key = {[ses.Key]});
adam@17	153 case ident of
adam@17	154 None => return (Some "Invalid session data")
adam@17	155 \| Some None => return (Some "Session has no associated identifier")
adam@17	156 \| Some (Some ident) =>
adam@28	157 cols <- M.choose user data;
adam@28	158 case cols of
adam@28	159 Failure s => return (Some s)
adam@28	160 \| Success cols =>
adam@46	161 dml (DELETE FROM session
adam@46	162 WHERE Id = {[ses.Session]});
adam@46	163 ses <- newSession (Some ident);
adam@28	164 setCookie auth {Value = LoggedIn ({User = uid} ++ ses),
adam@28	165 Expires = None,
adam@28	166 Secure = M.secureCookies};
adam@17	167
adam@28	168 dml (insert user ({Id = (SQL {[uid]})} ++ @Sql.sqexps M.folder M.inj cols));
adam@28	169 dml (INSERT INTO identity (User, Identifier)
adam@28	170 VALUES ({[uid]}, {[ident]}));
adam@30	171 return None
adam@17	172 in
adam@17	173 uid <- source "";
adam@17	174 cs <- M.creationState;
adam@17	175
adam@17	176 wrap "Your User Details" <xml>
adam@17	177 <table class={M.formClass}>
adam@17	178 <tr> <th class={M.formClass}>Username:</th> <td><ctextbox source={uid}/></td> </tr>
adam@17	179 {M.render cs}
adam@20	180 <tr> <td><dyn signal={b <- M.ready cs;
adam@20	181 return (if b then
adam@20	182 <xml><button value="Create Account"
adam@20	183 onclick={uid <- get uid;
adam@20	184 data <- Basis.current (M.tabulate cs);
adam@20	185 res <- rpc (finishSignup uid data);
adam@20	186 case res of
adam@20	187 None => redirect (bless after)
adam@20	188 \| Some msg => alert msg}/></xml>
adam@20	189 else
adam@20	190 <xml/>)}/></td> </tr>
adam@17	191 </table>
adam@17	192 </xml>
adam@17	193 end
adam@17	194
adam@16	195 fun opCallback after ses res =
adam@16	196 case res of
adam@16	197 Openid.Canceled => error <xml>You canceled the login process.</xml>
adam@16	198 \| Openid.Failure s => error <xml>Login failed: {[s]}</xml>
adam@16	199 \| Openid.AuthenticatedAs ident =>
adam@22	200 av <- getCookie auth;
adam@22	201 case av of
adam@22	202 Some (SigningUp signup) =>
adam@16	203 if signup.Session <> ses then
adam@16	204 error <xml>Session has changed suspiciously</xml>
adam@16	205 else
adam@16	206 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@16	207 FROM session
adam@16	208 WHERE session.Id = {[signup.Session]}
adam@16	209 AND session.Key = {[signup.Key]});
adam@16	210 if invalid then
adam@16	211 error <xml>Invalid or expired session</xml>
adam@16	212 else
adam@46	213 dml (DELETE FROM session
adam@17	214 WHERE Id = {[signup.Session]});
adam@46	215 ses <- newSession (Some ident);
adam@46	216 setCookie auth {Value = SigningUp ses,
adam@46	217 Expires = None,
adam@46	218 Secure = M.secureCookies};
adam@17	219 signupDetails after
adam@22	220 \| Some (LoggedIn login) =>
adam@22	221 if login.Session <> ses then
adam@22	222 error <xml>Session has changed suspiciously</xml>
adam@22	223 else
adam@22	224 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@22	225 FROM session
adam@22	226 WHERE session.Id = {[login.Session]}
adam@22	227 AND session.Key = {[login.Key]});
adam@22	228 if invalid then
adam@22	229 error <xml>Invalid or expired session</xml>
adam@16	230 else
adam@46	231 dml (DELETE FROM session
adam@22	232 WHERE Id = {[login.Session]});
adam@46	233 ses <- newSession (Some ident);
adam@46	234 setCookie auth {Value = LoggedIn ({User = login.User} ++ ses),
adam@46	235 Expires = None,
adam@46	236 Secure = M.secureCookies};
adam@22	237 redirect (bless after)
adam@22	238 \| None => error <xml>Missing session cookie</xml>
adam@16	239
adam@23	240 fun fakeCallback ident after ses =
adam@23	241 av <- getCookie auth;
adam@23	242 case av of
adam@23	243 Some (SigningUp signup) =>
adam@23	244 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@23	245 FROM session
adam@23	246 WHERE session.Id = {[signup.Session]}
adam@23	247 AND session.Key = {[signup.Key]});
adam@23	248 if invalid then
adam@23	249 error <xml>Invalid or expired session</xml>
adam@23	250 else
adam@23	251 dml (UPDATE session
adam@23	252 SET Identifier = {[Some ident]}
adam@23	253 WHERE Id = {[signup.Session]});
adam@23	254 signupDetails after
adam@23	255 \| Some (LoggedIn login) =>
adam@23	256 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
adam@23	257 FROM session
adam@23	258 WHERE session.Id = {[login.Session]}
adam@23	259 AND session.Key = {[login.Key]});
adam@23	260 if invalid then
adam@23	261 error <xml>Invalid or expired session</xml>
adam@23	262 else
adam@23	263 dml (UPDATE session
adam@23	264 SET Identifier = {[Some ident]}
adam@23	265 WHERE Id = {[login.Session]});
adam@23	266 redirect (bless after)
adam@23	267 \| None => error <xml>Missing session cookie</xml>
adam@23	268
adam@17	269 fun logon after r =
adam@16	270 ident <- oneOrNoRowsE1 (SELECT (identity.Identifier)
adam@16	271 FROM identity
adam@16	272 WHERE identity.User = {[r.User]}
adam@16	273 LIMIT 1);
adam@16	274 case ident of
adam@16	275 None => error <xml>Username not found</xml>
adam@16	276 \| Some ident =>
adam@46	277 ses <- newSession None;
adam@22	278 setCookie auth {Value = LoggedIn (r ++ ses),
adam@22	279 Expires = None,
adam@22	280 Secure = M.secureCookies};
adam@16	281 ses <- return ses.Session;
adam@23	282 if M.fakeId = Some ident then
adam@23	283 fakeCallback ident after ses
adam@23	284 else
adam@23	285 msg <- Openid.authenticate (opCallback after ses)
adam@23	286 {Association = M.association,
adam@23	287 Realm = M.realm,
adam@39	288 Identifier = Openid.KnownIdentifier ident};
adam@23	289 error <xml>Login with your identity provider failed: {[msg]}</xml>
adam@16	290
adam@16	291 fun doSignup after r =
adam@46	292 ses <- newSession None;
adam@22	293 setCookie auth {Value = SigningUp ses,
adam@22	294 Expires = None,
adam@22	295 Secure = M.secureCookies};
adam@16	296 ses <- return ses.Session;
adam@23	297 if M.fakeId = Some r.Identifier then
adam@23	298 fakeCallback r.Identifier after ses
adam@23	299 else
adam@23	300 msg <- Openid.authenticate (opCallback after ses)
adam@23	301 {Association = M.association,
adam@23	302 Realm = M.realm,
adam@39	303 Identifier = Openid.ChooseIdentifier r.Identifier};
adam@23	304 error <xml>Login with your identity provider failed: {[msg]}</xml>
adam@16	305
adam@22	306 fun signup after =
adam@26	307 let
adam@27	308 fun fixed cls url =
adam@26	309 let
adam@26	310 fun doFixedButton () =
adam@26	311 doSignup after {Identifier = url}
adam@26	312 in
adam@26	313 <xml><form class={provider}>
adam@27	314 <submit class={cls} value="" action={doFixedButton}/>
adam@26	315 </form></xml>
adam@26	316 end
adam@26	317 in
adam@26	318 wrap "Account Signup" <xml>
adam@26	319 <p>This web site uses the <b><a href="http://openid.net/">OpenID</a></b> standard, which lets you log in using your account from one of several popular web sites, without revealing your password to us.</p>
adam@26	320
adam@26	321 <p>You may click one of these buttons to choose to use your account from that site:</p>
adam@27	322 {fixed aol "https://openid.aol.com/"}
adam@27	323 {fixed google "https://www.google.com/accounts/o8/id"}
adam@27	324 {fixed myspace "https://www.myspace.com/openid"}
adam@27	325 {fixed yahoo "https://me.yahoo.com/"}
adam@26	326
adam@26	327 <p>Visitors familiar with the details of OpenID may also enter their own identifiers:</p>
adam@26	328 <form>
adam@26	329 OpenID Identifier: <textbox{#Identifier}/><br/>
adam@26	330 <submit value="Sign Up" action={doSignup after}/>
adam@26	331 </form>
adam@26	332 </xml>
adam@26	333 end
adam@16	334 in
adam@16	335 cur <- current;
adam@17	336 here <- currentUrl;
kkallio@35	337
adam@16	338 case cur of
kkallio@35	339 Some cur => return {Status = (M.CtlDisplay.formatUser <xml>{[cur]}</xml>),
kkallio@35	340 Other = {Url = (url (logout ())),
kkallio@35	341 Xml = (M.CtlDisplay.formatLogout (url (logout ())))}}
kkallio@35	342 \| None => return {Status = (M.CtlDisplay.formatLogon (logon (show here))),
kkallio@35	343 Other = {Url = (url (signup (show here))),
kkallio@35	344 Xml = (M.CtlDisplay.formatSignup (url (signup (show here))))}}
adam@16	345 end
adam@16	346
adam@16	347 task periodic 60 = fn () => dml (DELETE FROM session
adam@21	348 WHERE Expires < CURRENT_TIMESTAMP)
adam@16	349
adam@16	350 end

Mercurial > openid

annotate src/ur/openidUser.ur @ 47:ba203b170476