Mercurial > openid
comparison src/ur/openidUser.ur @ 58:9f392276d614
Graceful handling of OpenID providers that log the user in as the wrong identifier
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Tue, 09 Aug 2011 09:53:40 -0400 |
parents | a984dc1c8954 |
children | 3113591ba7f0 |
comparison
equal
deleted
inserted
replaced
57:748dd8a2e3a2 | 58:9f392276d614 |
---|---|
89 b <- currentUrlHasQueryString; | 89 b <- currentUrlHasQueryString; |
90 if b then | 90 if b then |
91 return M.afterLogout | 91 return M.afterLogout |
92 else | 92 else |
93 currentUrl | 93 currentUrl |
94 | |
95 val wrongUser = | |
96 error <xml>Session not authorized to act as user. Did your OpenID provider log you in as a different user than you expected? Try logging out at your provider first, then <a href={M.afterLogout}>return to the home page</a>.</xml> | |
94 | 97 |
95 fun current' tweakSession = | 98 fun current' tweakSession = |
96 login <- getCookie auth; | 99 login <- getCookie auth; |
97 case login of | 100 case login of |
98 Some (LoggedIn login) => | 101 Some (LoggedIn login) => |
110 AND identity.Identifier = {[ident]}); | 113 AND identity.Identifier = {[ident]}); |
111 if valid then | 114 if valid then |
112 tweakSession login.Session; | 115 tweakSession login.Session; |
113 return (Some login.User) | 116 return (Some login.User) |
114 else | 117 else |
115 error <xml>Session not authorized to act as user</xml>) | 118 clearCookie auth; |
119 redirect (url wrongUser)) | |
116 | _ => return None | 120 | _ => return None |
117 | 121 |
118 val current = current' (fn _ => return ()) | 122 val current = current' (fn _ => return ()) |
119 | 123 |
120 val renew = current' (fn id => | 124 val renew = current' (fn id => |