|
adam@26
|
1 style provider
|
|
adam@26
|
2
|
|
adam@26
|
3 style aol
|
|
adam@26
|
4 style google
|
|
adam@26
|
5 style myspace
|
|
adam@26
|
6 style yahoo
|
|
adam@26
|
7
|
|
adam@28
|
8 datatype choose_result a = Success of a | Failure of string
|
|
adam@28
|
9
|
|
adam@16
|
10 functor Make(M: sig
|
|
adam@16
|
11 con cols :: {Type}
|
|
adam@16
|
12 constraint [Id] ~ cols
|
|
adam@17
|
13 val folder : folder cols
|
|
adam@17
|
14 val inj : $(map sql_injectable cols)
|
|
adam@17
|
15
|
|
adam@17
|
16 type creationState
|
|
adam@17
|
17 type creationData
|
|
adam@17
|
18 val creationState : transaction creationState
|
|
adam@17
|
19 val render : creationState -> xtable
|
|
adam@20
|
20 val ready : creationState -> signal bool
|
|
adam@17
|
21 val tabulate : creationState -> signal creationData
|
|
adam@28
|
22 val choose : sql_table ([Id = string] ++ cols) [Pkey = [Id]] -> creationData -> transaction (choose_result $cols)
|
|
adam@16
|
23
|
|
adam@16
|
24 val sessionLifetime : int
|
|
adam@16
|
25 val afterLogout : url
|
|
adam@16
|
26 val secureCookies : bool
|
|
adam@16
|
27 val association : Openid.association_mode
|
|
adam@16
|
28 val realm : option string
|
|
adam@17
|
29 val formClass : css_class
|
|
adam@23
|
30 val fakeId : option string
|
|
adam@16
|
31 end) = struct
|
|
adam@16
|
32
|
|
adam@16
|
33 type user = string
|
|
adam@28
|
34 val eq_user = _
|
|
adam@28
|
35 val read_user = _
|
|
adam@16
|
36 val show_user = _
|
|
adam@16
|
37 val inj_user = _
|
|
adam@16
|
38
|
|
adam@16
|
39 table user : ([Id = user] ++ M.cols)
|
|
adam@16
|
40 PRIMARY KEY Id
|
|
adam@16
|
41
|
|
adam@16
|
42 table identity : {User : user, Identifier : string}
|
|
adam@16
|
43 PRIMARY KEY (User, Identifier)
|
|
adam@16
|
44
|
|
adam@16
|
45 sequence sessionIds
|
|
adam@16
|
46
|
|
adam@16
|
47 table session : {Id : int, Key : int, Identifier : option string, Expires : time}
|
|
adam@16
|
48 PRIMARY KEY Id
|
|
adam@16
|
49
|
|
adam@22
|
50 datatype authMode =
|
|
adam@22
|
51 SigningUp of {Session : int, Key : int}
|
|
adam@22
|
52 | LoggedIn of {User : user, Session : int, Key : int}
|
|
adam@22
|
53
|
|
adam@22
|
54 cookie auth : authMode
|
|
adam@16
|
55
|
|
adam@17
|
56 val currentUrl =
|
|
adam@17
|
57 b <- currentUrlHasPost;
|
|
adam@17
|
58 if b then
|
|
adam@17
|
59 return M.afterLogout
|
|
adam@17
|
60 else
|
|
adam@17
|
61 currentUrl
|
|
adam@17
|
62
|
|
adam@16
|
63 val current =
|
|
adam@22
|
64 login <- getCookie auth;
|
|
adam@16
|
65 case login of
|
|
adam@22
|
66 Some (LoggedIn login) =>
|
|
adam@22
|
67 (ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
|
|
adam@22
|
68 FROM session
|
|
adam@22
|
69 WHERE session.Id = {[login.Session]}
|
|
adam@22
|
70 AND session.Key = {[login.Key]});
|
|
adam@22
|
71 case ident of
|
|
adam@22
|
72 None => return None
|
|
adam@22
|
73 | Some None => return None
|
|
adam@22
|
74 | Some (Some ident) =>
|
|
adam@22
|
75 valid <- oneRowE1 (SELECT COUNT( * ) > 0
|
|
adam@22
|
76 FROM identity
|
|
adam@22
|
77 WHERE identity.User = {[login.User]}
|
|
adam@22
|
78 AND identity.Identifier = {[ident]});
|
|
adam@22
|
79 if valid then
|
|
adam@22
|
80 return (Some login.User)
|
|
adam@22
|
81 else
|
|
adam@22
|
82 error <xml>Session not authorized to act as user</xml>)
|
|
adam@22
|
83 | _ => return None
|
|
adam@16
|
84
|
|
adam@17
|
85 fun validUser s = String.length s > 0 && String.length s < 20
|
|
adam@17
|
86 && String.all Char.isAlnum s
|
|
adam@17
|
87
|
|
adam@16
|
88 fun main wrap =
|
|
adam@16
|
89 let
|
|
adam@16
|
90 fun logout () =
|
|
adam@22
|
91 clearCookie auth;
|
|
adam@16
|
92 redirect M.afterLogout
|
|
adam@16
|
93
|
|
adam@17
|
94 fun signupDetails after =
|
|
adam@17
|
95 let
|
|
adam@17
|
96 fun finishSignup uid data =
|
|
adam@17
|
97 if not (validUser uid) then
|
|
adam@17
|
98 return (Some "That username is not valid. It must be between 1 and 19 characters long, containing only letters and numbers.")
|
|
adam@17
|
99 else
|
|
adam@17
|
100 used <- oneRowE1 (SELECT COUNT( * ) > 0
|
|
adam@17
|
101 FROM user
|
|
adam@17
|
102 WHERE user.Id = {[uid]});
|
|
adam@17
|
103 if used then
|
|
adam@17
|
104 return (Some "That username is taken. Please choose another.")
|
|
adam@17
|
105 else
|
|
adam@22
|
106 ses <- getCookie auth;
|
|
adam@17
|
107 case ses of
|
|
adam@17
|
108 None => return (Some "Missing session cookie")
|
|
adam@22
|
109 | Some (LoggedIn _) => return (Some "Session cookie is for already logged-in user")
|
|
adam@22
|
110 | Some (SigningUp ses) =>
|
|
adam@17
|
111 ident <- oneOrNoRowsE1 (SELECT (session.Identifier)
|
|
adam@17
|
112 FROM session
|
|
adam@17
|
113 WHERE session.Id = {[ses.Session]}
|
|
adam@17
|
114 AND session.Key = {[ses.Key]});
|
|
adam@17
|
115 case ident of
|
|
adam@17
|
116 None => return (Some "Invalid session data")
|
|
adam@17
|
117 | Some None => return (Some "Session has no associated identifier")
|
|
adam@17
|
118 | Some (Some ident) =>
|
|
adam@28
|
119 cols <- M.choose user data;
|
|
adam@28
|
120 case cols of
|
|
adam@28
|
121 Failure s => return (Some s)
|
|
adam@28
|
122 | Success cols =>
|
|
adam@28
|
123 setCookie auth {Value = LoggedIn ({User = uid} ++ ses),
|
|
adam@28
|
124 Expires = None,
|
|
adam@28
|
125 Secure = M.secureCookies};
|
|
adam@17
|
126
|
|
adam@28
|
127 dml (insert user ({Id = (SQL {[uid]})} ++ @Sql.sqexps M.folder M.inj cols));
|
|
adam@28
|
128 dml (INSERT INTO identity (User, Identifier)
|
|
adam@28
|
129 VALUES ({[uid]}, {[ident]}));
|
|
adam@28
|
130 redirect (bless after)
|
|
adam@17
|
131 in
|
|
adam@17
|
132 uid <- source "";
|
|
adam@17
|
133 cs <- M.creationState;
|
|
adam@17
|
134
|
|
adam@17
|
135 wrap "Your User Details" <xml>
|
|
adam@17
|
136 <table class={M.formClass}>
|
|
adam@17
|
137 <tr> <th class={M.formClass}>Username:</th> <td><ctextbox source={uid}/></td> </tr>
|
|
adam@17
|
138 {M.render cs}
|
|
adam@20
|
139 <tr> <td><dyn signal={b <- M.ready cs;
|
|
adam@20
|
140 return (if b then
|
|
adam@20
|
141 <xml><button value="Create Account"
|
|
adam@20
|
142 onclick={uid <- get uid;
|
|
adam@20
|
143 data <- Basis.current (M.tabulate cs);
|
|
adam@20
|
144 res <- rpc (finishSignup uid data);
|
|
adam@20
|
145 case res of
|
|
adam@20
|
146 None => redirect (bless after)
|
|
adam@20
|
147 | Some msg => alert msg}/></xml>
|
|
adam@20
|
148 else
|
|
adam@20
|
149 <xml/>)}/></td> </tr>
|
|
adam@17
|
150 </table>
|
|
adam@17
|
151 </xml>
|
|
adam@17
|
152 end
|
|
adam@17
|
153
|
|
adam@16
|
154 fun opCallback after ses res =
|
|
adam@16
|
155 case res of
|
|
adam@16
|
156 Openid.Canceled => error <xml>You canceled the login process.</xml>
|
|
adam@16
|
157 | Openid.Failure s => error <xml>Login failed: {[s]}</xml>
|
|
adam@16
|
158 | Openid.AuthenticatedAs ident =>
|
|
adam@22
|
159 av <- getCookie auth;
|
|
adam@22
|
160 case av of
|
|
adam@22
|
161 Some (SigningUp signup) =>
|
|
adam@16
|
162 if signup.Session <> ses then
|
|
adam@16
|
163 error <xml>Session has changed suspiciously</xml>
|
|
adam@16
|
164 else
|
|
adam@16
|
165 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
|
|
adam@16
|
166 FROM session
|
|
adam@16
|
167 WHERE session.Id = {[signup.Session]}
|
|
adam@16
|
168 AND session.Key = {[signup.Key]});
|
|
adam@16
|
169 if invalid then
|
|
adam@16
|
170 error <xml>Invalid or expired session</xml>
|
|
adam@16
|
171 else
|
|
adam@17
|
172 dml (UPDATE session
|
|
adam@17
|
173 SET Identifier = {[Some ident]}
|
|
adam@17
|
174 WHERE Id = {[signup.Session]});
|
|
adam@17
|
175 signupDetails after
|
|
adam@22
|
176 | Some (LoggedIn login) =>
|
|
adam@22
|
177 if login.Session <> ses then
|
|
adam@22
|
178 error <xml>Session has changed suspiciously</xml>
|
|
adam@22
|
179 else
|
|
adam@22
|
180 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
|
|
adam@22
|
181 FROM session
|
|
adam@22
|
182 WHERE session.Id = {[login.Session]}
|
|
adam@22
|
183 AND session.Key = {[login.Key]});
|
|
adam@22
|
184 if invalid then
|
|
adam@22
|
185 error <xml>Invalid or expired session</xml>
|
|
adam@16
|
186 else
|
|
adam@22
|
187 dml (UPDATE session
|
|
adam@22
|
188 SET Identifier = {[Some ident]}
|
|
adam@22
|
189 WHERE Id = {[login.Session]});
|
|
adam@22
|
190 redirect (bless after)
|
|
adam@22
|
191 | None => error <xml>Missing session cookie</xml>
|
|
adam@16
|
192
|
|
adam@23
|
193 fun fakeCallback ident after ses =
|
|
adam@23
|
194 av <- getCookie auth;
|
|
adam@23
|
195 case av of
|
|
adam@23
|
196 Some (SigningUp signup) =>
|
|
adam@23
|
197 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
|
|
adam@23
|
198 FROM session
|
|
adam@23
|
199 WHERE session.Id = {[signup.Session]}
|
|
adam@23
|
200 AND session.Key = {[signup.Key]});
|
|
adam@23
|
201 if invalid then
|
|
adam@23
|
202 error <xml>Invalid or expired session</xml>
|
|
adam@23
|
203 else
|
|
adam@23
|
204 dml (UPDATE session
|
|
adam@23
|
205 SET Identifier = {[Some ident]}
|
|
adam@23
|
206 WHERE Id = {[signup.Session]});
|
|
adam@23
|
207 signupDetails after
|
|
adam@23
|
208 | Some (LoggedIn login) =>
|
|
adam@23
|
209 invalid <- oneRowE1 (SELECT COUNT( * ) = 0
|
|
adam@23
|
210 FROM session
|
|
adam@23
|
211 WHERE session.Id = {[login.Session]}
|
|
adam@23
|
212 AND session.Key = {[login.Key]});
|
|
adam@23
|
213 if invalid then
|
|
adam@23
|
214 error <xml>Invalid or expired session</xml>
|
|
adam@23
|
215 else
|
|
adam@23
|
216 dml (UPDATE session
|
|
adam@23
|
217 SET Identifier = {[Some ident]}
|
|
adam@23
|
218 WHERE Id = {[login.Session]});
|
|
adam@23
|
219 redirect (bless after)
|
|
adam@23
|
220 | None => error <xml>Missing session cookie</xml>
|
|
adam@23
|
221
|
|
adam@16
|
222 fun newSession () =
|
|
adam@16
|
223 ses <- nextval sessionIds;
|
|
adam@16
|
224 now <- now;
|
|
adam@16
|
225 key <- rand;
|
|
adam@16
|
226 dml (INSERT INTO session (Id, Key, Identifier, Expires)
|
|
adam@16
|
227 VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]}));
|
|
adam@16
|
228 return {Session = ses, Key = key}
|
|
adam@16
|
229
|
|
adam@17
|
230 fun logon after r =
|
|
adam@16
|
231 ident <- oneOrNoRowsE1 (SELECT (identity.Identifier)
|
|
adam@16
|
232 FROM identity
|
|
adam@16
|
233 WHERE identity.User = {[r.User]}
|
|
adam@16
|
234 LIMIT 1);
|
|
adam@16
|
235 case ident of
|
|
adam@16
|
236 None => error <xml>Username not found</xml>
|
|
adam@16
|
237 | Some ident =>
|
|
adam@16
|
238 ses <- newSession ();
|
|
adam@22
|
239 setCookie auth {Value = LoggedIn (r ++ ses),
|
|
adam@22
|
240 Expires = None,
|
|
adam@22
|
241 Secure = M.secureCookies};
|
|
adam@16
|
242 ses <- return ses.Session;
|
|
adam@23
|
243 if M.fakeId = Some ident then
|
|
adam@23
|
244 fakeCallback ident after ses
|
|
adam@23
|
245 else
|
|
adam@23
|
246 msg <- Openid.authenticate (opCallback after ses)
|
|
adam@23
|
247 {Association = M.association,
|
|
adam@23
|
248 Realm = M.realm,
|
|
adam@23
|
249 Identifier = ident};
|
|
adam@23
|
250 error <xml>Login with your identity provider failed: {[msg]}</xml>
|
|
adam@16
|
251
|
|
adam@16
|
252 fun doSignup after r =
|
|
adam@16
|
253 ses <- newSession ();
|
|
adam@22
|
254 setCookie auth {Value = SigningUp ses,
|
|
adam@22
|
255 Expires = None,
|
|
adam@22
|
256 Secure = M.secureCookies};
|
|
adam@16
|
257 ses <- return ses.Session;
|
|
adam@23
|
258 if M.fakeId = Some r.Identifier then
|
|
adam@23
|
259 fakeCallback r.Identifier after ses
|
|
adam@23
|
260 else
|
|
adam@23
|
261 msg <- Openid.authenticate (opCallback after ses)
|
|
adam@23
|
262 {Association = M.association,
|
|
adam@23
|
263 Realm = M.realm,
|
|
adam@23
|
264 Identifier = r.Identifier};
|
|
adam@23
|
265 error <xml>Login with your identity provider failed: {[msg]}</xml>
|
|
adam@16
|
266
|
|
adam@22
|
267 fun signup after =
|
|
adam@26
|
268 let
|
|
adam@27
|
269 fun fixed cls url =
|
|
adam@26
|
270 let
|
|
adam@26
|
271 fun doFixedButton () =
|
|
adam@26
|
272 doSignup after {Identifier = url}
|
|
adam@26
|
273 in
|
|
adam@26
|
274 <xml><form class={provider}>
|
|
adam@27
|
275 <submit class={cls} value="" action={doFixedButton}/>
|
|
adam@26
|
276 </form></xml>
|
|
adam@26
|
277 end
|
|
adam@26
|
278 in
|
|
adam@26
|
279 wrap "Account Signup" <xml>
|
|
adam@26
|
280 <p>This web site uses the <b><a href="http://openid.net/">OpenID</a></b> standard, which lets you log in using your account from one of several popular web sites, without revealing your password to us.</p>
|
|
adam@26
|
281
|
|
adam@26
|
282 <p>You may click one of these buttons to choose to use your account from that site:</p>
|
|
adam@27
|
283 {fixed aol "https://openid.aol.com/"}
|
|
adam@27
|
284 {fixed google "https://www.google.com/accounts/o8/id"}
|
|
adam@27
|
285 {fixed myspace "https://www.myspace.com/openid"}
|
|
adam@27
|
286 {fixed yahoo "https://me.yahoo.com/"}
|
|
adam@26
|
287
|
|
adam@26
|
288 <p>Visitors familiar with the details of OpenID may also enter their own identifiers:</p>
|
|
adam@26
|
289 <form>
|
|
adam@26
|
290 OpenID Identifier: <textbox{#Identifier}/><br/>
|
|
adam@26
|
291 <submit value="Sign Up" action={doSignup after}/>
|
|
adam@26
|
292 </form>
|
|
adam@26
|
293 </xml>
|
|
adam@26
|
294 end
|
|
adam@16
|
295 in
|
|
adam@16
|
296 cur <- current;
|
|
adam@17
|
297 here <- currentUrl;
|
|
adam@16
|
298 case cur of
|
|
adam@25
|
299 Some cur => return {Status = <xml>Logged in as {[cur]}.</xml>,
|
|
adam@25
|
300 Other = <xml><a link={logout ()}>Log out</a></xml>}
|
|
adam@25
|
301 | None => return {Status = <xml><form><textbox{#User}/> <submit value="Log In" action={logon (show here)}/></form></xml>,
|
|
adam@25
|
302 Other = <xml><a link={signup (show here)}>Sign up</a></xml>}
|
|
adam@16
|
303 end
|
|
adam@16
|
304
|
|
adam@16
|
305 task periodic 60 = fn () => dml (DELETE FROM session
|
|
adam@21
|
306 WHERE Expires < CURRENT_TIMESTAMP)
|
|
adam@16
|
307
|
|
adam@16
|
308 end
|
