Mercurial > openid
comparison src/ur/openidUser.ur @ 58:9f392276d614
Graceful handling of OpenID providers that log the user in as the wrong identifier
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Tue, 09 Aug 2011 09:53:40 -0400 |
| parents | a984dc1c8954 |
| children | 3113591ba7f0 |
comparison
equal
deleted
inserted
replaced
| 57:748dd8a2e3a2 | 58:9f392276d614 |
|---|---|
| 89 b <- currentUrlHasQueryString; | 89 b <- currentUrlHasQueryString; |
| 90 if b then | 90 if b then |
| 91 return M.afterLogout | 91 return M.afterLogout |
| 92 else | 92 else |
| 93 currentUrl | 93 currentUrl |
| 94 | |
| 95 val wrongUser = | |
| 96 error <xml>Session not authorized to act as user. Did your OpenID provider log you in as a different user than you expected? Try logging out at your provider first, then <a href={M.afterLogout}>return to the home page</a>.</xml> | |
| 94 | 97 |
| 95 fun current' tweakSession = | 98 fun current' tweakSession = |
| 96 login <- getCookie auth; | 99 login <- getCookie auth; |
| 97 case login of | 100 case login of |
| 98 Some (LoggedIn login) => | 101 Some (LoggedIn login) => |
| 110 AND identity.Identifier = {[ident]}); | 113 AND identity.Identifier = {[ident]}); |
| 111 if valid then | 114 if valid then |
| 112 tweakSession login.Session; | 115 tweakSession login.Session; |
| 113 return (Some login.User) | 116 return (Some login.User) |
| 114 else | 117 else |
| 115 error <xml>Session not authorized to act as user</xml>) | 118 clearCookie auth; |
| 119 redirect (url wrongUser)) | |
| 116 | _ => return None | 120 | _ => return None |
| 117 | 121 |
| 118 val current = current' (fn _ => return ()) | 122 val current = current' (fn _ => return ()) |
| 119 | 123 |
| 120 val renew = current' (fn id => | 124 val renew = current' (fn id => |