Apache2-Controller
view release on metacpan or search on metacpan
lib/Apache2/Controller/Auth/OpenID.pm view on Meta::CPAN
# stash string in package to avoid closure circle on this req's %conf.
# we provide some hardcoded junk if they didn't use the directive
# to specify or generate some.
$consumer_secret_string = $conf{consumer_secret};
DEBUG "Setting up CSR with secret string '$consumer_secret_string'";
$openid_csr = Net::OpenID::Consumer->new(
ua => $conf{lwp_class}->new(%{ $conf{lwp_opts} }),
cache => $cache,
consumer_secret => sub {
my ($time) = @_;
return sha224_base64("$time-$consumer_secret_string");
},
debug => \&DEBUG,
args => sub {
my ($param_name) = @_;
return wantarray
? @{ $params_hash{$param_name} }
: $params_hash{$param_name}[0];
},
);
}
# we have to populate a package space variable params_hash
# with the params contents, so we won't create a closure
# that includes the request object when we construct the
# params subroutine for the openid csr object
my @param_names = $self->param;
%params_hash = map {
my @vals = $self->param($_);
($_ => \@vals);
} @param_names;
DEBUG sub {
"params:\n".Dump(\%params_hash);
};
my $openid_url = $self->param('openid_url') || $sess->{a2c}{openid}{openid_url};
if ($openid_url) {
# if there is a param 'openid.identity' from a redirect
# from the openid server, make sure it is the same as
# the one we thing we're logging in for, else redirect to login
if (my $id_from_server = $self->param('openid.identity')) {
if ($openid_url ne $id_from_server) {
DEBUG "openid_url '$openid_url' does not match "
. "id from server '$id_from_server', redirect to login";
return $self->redirect_to($conf{login});
}
}
# save the openid url in the session
$sess->{a2c}{openid}{openid_url} = $openid_url;
}
else {
DEBUG "no openid url detected, redirecting to login page";
return $self->redirect_to($conf{login});
}
$openid_url = $self->{openid_url} = $self->openid_url_normalize($openid_url);
# first verify that we know about this openid url, and redirect to
# the registration page if we don't
DEBUG "looking for uname from openid table using openid_url '$openid_url'";
my $uname = $self->get_uname($openid_url);
if (!$uname) {
DEBUG("no uname! ... ".(defined $uname ? "'$uname'" : '[undef]'));
return $self->redirect_to($conf{register});
}
$self->{uname} = $uname;
DEBUG "Trying authentication for known user: $uname, $openid_url";
# okay, handle the authentication
my $claimed_id;
my $allow_login = $conf{allow_login};
if (!$allow_login) {
$claimed_id = ($openid_csr->claimed_identity($openid_url) || '');
DEBUG sub {"claimed_id: ".(defined $claimed_id ? $claimed_id : '[undef]')};
# if claimed id found, make sure session csr errors are cleared
if ($claimed_id) {
delete @{ $sess->{a2c}{openid} }{qw( errtext errcode )};
}
# otherwise put the errors in the session and redirect to login
else {
my ($errtext, $errcode) = $self->_save_errs_in_sess($openid_csr);
DEBUG "Claimed ID '$self->{openid_url}' is not an OpenID: "
. "($errcode) '$errtext'";
$self->redirect_to($conf{login});
}
}
my $vident;
DEBUG "proceeding with authentication for uri '$uri'...";
# we have to do this again?
$openid_csr->args(sub { return $self->param(@_) });
if ($allow_login || ($vident = $openid_csr->verified_identity)) {
my $verified_url = $allow_login ? $openid_url : $vident->url;
DEBUG sub { "verifd ident: ".(defined $vident ? "'$vident'" : '[undef]') };
$openid_url = $self->openid_url_normalize($verified_url);
my $connection = $self->connection;
my $openid_sess = $sess->{a2c}{openid} ||= { };
# update the session
$openid_sess->{logged_in} = 1;
$openid_sess->{last_accessed_time} = time;
$openid_sess->{remote_host} = $connection->get_remote_host();
$openid_sess->{remote_ip} = $connection->remote_ip();
$openid_sess->{openid_url} = $openid_url;
# restore the saved query params and post body
( run in 1.358 second using v1.01-cache-2.11-cpan-13bb782fe5a )