Mercurial > openid
changeset 49:9c83592de908
Merge
| author | Robin Green <greenrd@greenrd.org> |
|---|---|
| date | Mon, 04 Jul 2011 17:29:13 +0100 |
| parents | 3f475c6fb168 72e942423f26 |
| children | a984dc1c8954 |
| files | src/ur/openidUser.ur |
| diffstat | 1 files changed, 28 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ur/openidUser.ur Mon Jul 04 14:08:00 2011 +0100 +++ b/src/ur/openidUser.ur Mon Jul 04 17:29:13 2011 +0100 @@ -86,7 +86,11 @@ if b then return M.afterLogout else - currentUrl + b <- currentUrlHasQueryString; + if b then + return M.afterLogout + else + currentUrl val current = login <- getCookie auth; @@ -126,6 +130,14 @@ | _ => return ()); redirect M.afterLogout + fun newSession identO = + ses <- nextval sessionIds; + now <- now; + key <- rand; + dml (INSERT INTO session (Id, Key, Identifier, Expires) + VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]})); + return {Session = ses, Key = key} + fun signupDetails after = let fun finishSignup uid data = @@ -155,6 +167,9 @@ case cols of Failure s => return (Some s) | Success cols => + dml (DELETE FROM session + WHERE Id = {[ses.Session]}); + ses <- newSession (Some ident); setCookie auth {Value = LoggedIn ({User = uid} ++ ses), Expires = None, Secure = M.secureCookies}; @@ -204,9 +219,12 @@ if invalid then error <xml>Invalid or expired session</xml> else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[signup.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = SigningUp ses, + Expires = None, + Secure = M.secureCookies}; signupDetails after | Some (LoggedIn login) => if login.Session <> ses then @@ -219,9 +237,12 @@ if invalid then error <xml>Invalid or expired session</xml> else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[login.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = LoggedIn ({User = login.User} ++ ses), + Expires = None, + Secure = M.secureCookies}; redirect (bless after) | None => error <xml>Missing session cookie</xml> @@ -254,14 +275,6 @@ redirect (bless after) | None => error <xml>Missing session cookie</xml> - fun newSession () = - ses <- nextval sessionIds; - now <- now; - key <- rand; - dml (INSERT INTO session (Id, Key, Identifier, Expires) - VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]})); - return {Session = ses, Key = key} - fun logon after r = ident <- oneOrNoRowsE1 (SELECT (identity.Identifier) FROM identity @@ -270,7 +283,7 @@ case ident of None => error <xml>Username not found</xml> | Some ident => - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = LoggedIn (r ++ ses), Expires = None, Secure = M.secureCookies}; @@ -285,7 +298,7 @@ error <xml>Login with your identity provider failed: {[msg]}</xml> fun doSignup after r = - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = SigningUp ses, Expires = None, Secure = M.secureCookies};