# HG changeset patch # User Adam Chlipala # Date 1312898020 14400 # Node ID 9f392276d61496a2db3319b2a7a0c863c7403c19 # Parent 748dd8a2e3a2ee58c46ae4cb8b9fb5cae7a30647 Graceful handling of OpenID providers that log the user in as the wrong identifier diff -r 748dd8a2e3a2 -r 9f392276d614 src/ur/openidUser.ur --- a/src/ur/openidUser.ur Wed Aug 03 08:17:21 2011 -0400 +++ b/src/ur/openidUser.ur Tue Aug 09 09:53:40 2011 -0400 @@ -92,6 +92,9 @@ else currentUrl + val wrongUser = + error Session not authorized to act as user. Did your OpenID provider log you in as a different user than you expected? Try logging out at your provider first, then return to the home page. + fun current' tweakSession = login <- getCookie auth; case login of @@ -112,7 +115,8 @@ tweakSession login.Session; return (Some login.User) else - error Session not authorized to act as user) + clearCookie auth; + redirect (url wrongUser)) | _ => return None val current = current' (fn _ => return ()) diff -r 748dd8a2e3a2 -r 9f392276d614 tests/utest.ur --- a/tests/utest.ur Wed Aug 03 08:17:21 2011 -0400 +++ b/tests/utest.ur Tue Aug 09 09:53:40 2011 -0400 @@ -8,7 +8,7 @@ val secureCookies = False val association = Openid.Stateful {AssociationType = Openid.HMAC_SHA256, AssociationSessionType = Openid.NoEncryption} - val realm = None + val realm = Some "http://localhost:8080/" val creationState = n <- source "";