Mercurial > openid
changeset 58:9f392276d614
Graceful handling of OpenID providers that log the user in as the wrong identifier
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Tue, 09 Aug 2011 09:53:40 -0400 |
parents | 748dd8a2e3a2 |
children | 3113591ba7f0 |
files | src/ur/openidUser.ur tests/utest.ur |
diffstat | 2 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ur/openidUser.ur Wed Aug 03 08:17:21 2011 -0400 +++ b/src/ur/openidUser.ur Tue Aug 09 09:53:40 2011 -0400 @@ -92,6 +92,9 @@ else currentUrl + val wrongUser = + error <xml>Session not authorized to act as user. Did your OpenID provider log you in as a different user than you expected? Try logging out at your provider first, then <a href={M.afterLogout}>return to the home page</a>.</xml> + fun current' tweakSession = login <- getCookie auth; case login of @@ -112,7 +115,8 @@ tweakSession login.Session; return (Some login.User) else - error <xml>Session not authorized to act as user</xml>) + clearCookie auth; + redirect (url wrongUser)) | _ => return None val current = current' (fn _ => return ())
--- a/tests/utest.ur Wed Aug 03 08:17:21 2011 -0400 +++ b/tests/utest.ur Tue Aug 09 09:53:40 2011 -0400 @@ -8,7 +8,7 @@ val secureCookies = False val association = Openid.Stateful {AssociationType = Openid.HMAC_SHA256, AssociationSessionType = Openid.NoEncryption} - val realm = None + val realm = Some "http://localhost:8080/" val creationState = n <- source "";