Mercurial > openid

comparison src/ur/openid.ur @ 14:6b2a44da71b0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Change postify to satisfy more OPs; add untested invalidate_handle support
author Adam Chlipala <adam@chlipala.net>
date Sun, 02 Jan 2011 10:33:07 -0500
parents de04a3fc6b72
children 35bc4da563dd
comparison
equal deleted inserted replaced
13:de04a3fc6b72 14:6b2a44da71b0
215 if assoc.Handle <> handle then 215 if assoc.Handle <> handle then
216 return (HandleError "Association handles don't match") 216 return (HandleError "Association handles don't match")
217 else 217 else
218 return (HandleOk {Endpoint = ep, Typ = assoc.Typ, Key = assoc.Key}) 218 return (HandleOk {Endpoint = ep, Typ = assoc.Typ, Key = assoc.Key})
219 219
220 fun verifyStateless os ep id = 220 fun verifyStateless os ep id expectInvalidation =
221 os' <- OpenidFfi.direct ep (OpenidFfi.remode os "check_authentication"); 221 os' <- OpenidFfi.direct ep (OpenidFfi.remode os "check_authentication");
222 case OpenidFfi.getOutput os' "error" of 222 case OpenidFfi.getOutput os' "error" of
223 Some msg => return (Failure ("Failure confirming message contents with OP: " ^ msg)) 223 Some msg => return (Failure ("Failure confirming message contents with OP: " ^ msg))
224 | None => 224 | None =>
225 case OpenidFfi.getOutput os' "is_valid" of 225 let
226 Some "true" => return (AuthenticatedAs id) 226 fun finish () = case OpenidFfi.getOutput os' "is_valid" of
227 | _ => return (Failure "OP does not confirm message contents") 227 Some "true" => return (AuthenticatedAs id)
228 | _ => return (Failure "OP does not confirm message contents")
229 in
230 case OpenidFfi.getOutput os' "invalidate_handle" of
231 None =>
232 if expectInvalidation then
233 return (Failure "Claimed invalidate_handle is not confirmed")
234 else
235 finish ()
236 | Some handle =>
237 dml (DELETE FROM associations
238 WHERE Endpoint = {[ep]} AND Handle = {[handle]});
239 finish ()
240 end
228 241
229 table nonces : { Endpoint : string, Nonce : string, Expires : time } 242 table nonces : { Endpoint : string, Nonce : string, Expires : time }
230 PRIMARY KEY (Endpoint, Nonce) 243 PRIMARY KEY (Endpoint, Nonce)
231 244
232 fun timeOfNonce s = 245 fun timeOfNonce s =
335 | None => 348 | None =>
336 errO <- verifyHandle os id; 349 errO <- verifyHandle os id;
337 case errO of 350 case errO of
338 HandleError s => after (Failure s) 351 HandleError s => after (Failure s)
339 | NoAssociation ep => 352 | NoAssociation ep =>
340 r <- verifyStateless os ep id; 353 r <- verifyStateless os ep id False;
341 after r 354 after r
342 | HandleOk {Endpoint = ep, Typ = atype, Key = key} => 355 | HandleOk {Endpoint = ep, Typ = atype, Key = key} =>
343 errO <- verifyNonce os ep; 356 case OpenidFfi.getOutput os "openid.invalidate_handle" of
344 case errO of 357 Some _ =>
345 Some s => after (Failure s) 358 r <- verifyStateless os ep id True;
359 after r
346 | None => 360 | None =>
347 errO <- verifySig os atype key; 361 errO <- verifyNonce os ep;
348 case errO of 362 case errO of
349 Some s => after (Failure s) 363 Some s => after (Failure s)
350 | None => after (AuthenticatedAs id)) 364 | None =>
365 errO <- verifySig os atype key;
366 case errO of
367 Some s => after (Failure s)
368 | None => after (AuthenticatedAs id))
351 | _ => after (Failure ("Unexpected openid.mode: " ^ mode)) 369 | _ => after (Failure ("Unexpected openid.mode: " ^ mode))
352 370
353 and verifyReturnTo os = 371 and verifyReturnTo os =
354 case OpenidFfi.getOutput os "openid.return_to" of 372 case OpenidFfi.getOutput os "openid.return_to" of
355 None => return (Some "Missing return_to in OP response") 373 None => return (Some "Missing return_to in OP response")