diff src/ur/openid.ur @ 11:e637249abfd2

Test with RP-side nonces
author Adam Chlipala <adam@chlipala.net>
date Wed, 29 Dec 2010 16:25:32 -0500
parents 194577b60771
children c778455fe570
line wrap: on
line diff
--- a/src/ur/openid.ur	Wed Dec 29 14:38:56 2010 -0500
+++ b/src/ur/openid.ur	Wed Dec 29 16:25:32 2010 -0500
@@ -1,6 +1,6 @@
 val discoveryExpiry = 3600
-val nonceExpiry = 3600
-val nonceSkew = 3600
+val nonceExpiry = 600
+val nonceSkew = 600
 
 task initialize = fn () => OpenidFfi.init
 
@@ -227,7 +227,7 @@
             if tm < addSeconds now (-nonceExpiry) then
                 return (Some "Nonce timestamp is too old")
             else if tm > addSeconds now nonceSkew then
-                return (Some ("Nonce timestamp is too far in the future: " ^ show tm ^ " (from " ^ nonce ^ ")"))
+                return (Some "Nonce timestamp is too far in the future")
             else
                 b <- oneRowE1 (SELECT COUNT( * ) > 0
                                FROM nonces
@@ -291,9 +291,11 @@
 
 datatype authentication = AuthenticatedAs of string | Canceled | Failure of string
 
+sequence nextNonce
+
 fun authenticate after r =
     let
-        fun returnTo (qs : option queryString) =
+        fun returnTo myNonce (qs : option queryString) =
             case qs of
                 None => after (Failure "Empty query string for OpenID callback")
               | Some qs =>
@@ -314,7 +316,7 @@
                                  case errO of
                                      HandleError s => after (Failure s)
                                    | HandleOk {Endpoint = ep, Typ = atype, Key = key} =>
-                                     errO <- verifyReturnTo os;
+                                     errO <- verifyReturnTo os myNonce;
                                      case errO of
                                          Some s => after (Failure s)
                                        | None =>
@@ -328,11 +330,11 @@
                                                | None => after (AuthenticatedAs id))
                           | _ => after (Failure ("Unexpected openid.mode: " ^ mode))
 
-        and verifyReturnTo os =
+        and verifyReturnTo os myNonce =
             case OpenidFfi.getOutput os "openid.return_to" of
                 None => return (Some "Missing return_to in OP response")
               | Some rt =>
-                if rt <> show (effectfulUrl returnTo) then
+                if rt <> show (effectfulUrl (returnTo myNonce)) then
                     return (Some "Wrong return_to in OP response")
                 else
                     return None
@@ -346,9 +348,10 @@
                 AssError msg => return ("Association failure: " ^ msg)
               | AssAlternate _ => return "Association failure: server didn't accept its own alternate association modes"
               | Association assoc =>
+                myNonce <- nextval nextNonce;
                 redirect (bless (dy ^ "?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=checkid_setup&openid.claimed_id="
                                  ^ r.Identifier ^ "&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle="
-                                 ^ assoc.Handle ^ "&openid.return_to=" ^ show (effectfulUrl returnTo)))
+                                 ^ assoc.Handle ^ "&openid.return_to=" ^ show (effectfulUrl (returnTo myNonce))))
     end
 
 task periodic 1 = fn () =>