[Catalyst-commits] r6481 - in trunk/examples/OpenID/Server: lib/Catalyst/Action/OpenID lib/Catalyst/Controller lib/OpenID/Controller root/server

edenc at dev.catalyst.perl.org edenc at dev.catalyst.perl.org
Tue Jun 19 05:27:14 GMT 2007 

Author: edenc
Date: 2007-06-19 05:27:11 +0100 (Tue, 19 Jun 2007)
New Revision: 6481

Modified:
   trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Identity.pm
   trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Server.pm
   trunk/examples/OpenID/Server/lib/Catalyst/Controller/OpenID.pm
   trunk/examples/OpenID/Server/lib/OpenID/Controller/Server.pm
   trunk/examples/OpenID/Server/root/server/server.tt
Log:
refactored OpenID authentication into Controller callbacks, using C::P::SubRequest instead of forward

Modified: trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Identity.pm
===================================================================
--- trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Identity.pm	2007-06-18 12:25:10 UTC (rev 6480)
+++ trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Identity.pm	2007-06-19 04:27:11 UTC (rev 6481)
@@ -11,27 +11,25 @@
     my $self = shift;
     my ( $controller, $c, @args ) = @_;
 
-    # check identity if we're being forwarded to
-    if ( !( $c->action eq $self ) ) {
+    # check identity if we're a subrequest
+    if ( $c->stash->{is_subreq} ) {
 
         # custom identity check
         $self->NEXT::execute(@_);
-        return if exists $c->stash->{is_identity};
 
         # default identity check
-        if ( $c->user_exists ) {
-            $c->stash->{is_identity} = ( $c->user->id eq $args[0] );
+        if ( !exists $c->stash->{is_identity} && $c->user_exists ) {
+            $c->stash->{is_identity} = $c->user->id eq $args[0];
         }
-        else {
-            $c->stash->{is_identity} = 0;
-        }
 
+        $c->res->body(
+            $c->stash->{is_identity} ? 'is_identity' : 'not_identity' );
         return;
     }
 
-    my $action = $controller->_server_action;
+    my $action     = $controller->_server_action;
     my $openid_var = $self->attributes->{OPENID_VAR} || 'openid_server';
-    my $href = $c->uri_for($action)->as_string;
+    my $href       = $c->uri_for($action)->as_string;
 
     $c->stash->{$openid_var} = qq{<link rel="openid.server" href="$href" />};
 }

Modified: trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Server.pm
===================================================================
--- trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Server.pm	2007-06-18 12:25:10 UTC (rev 6480)
+++ trunk/examples/OpenID/Server/lib/Catalyst/Action/OpenID/Server.pm	2007-06-19 04:27:11 UTC (rev 6481)
@@ -9,14 +9,6 @@
 
 use base 'Catalyst::Action';
 
-sub new {
-    my $self = shift->NEXT::new(@_);
-    if ( !( exists $self->attributes->{Args} ) ) {
-        $self->attributes->{Args}[0] = 0;
-    }
-    return $self;
-}
-
 sub openid_register {
     my ( $self, $controller ) = @_;
     $controller->_server_action($self);
@@ -27,112 +19,40 @@
     my ( $controller, $c ) = @_;
 
     my $nos = Net::OpenID::Server->new(
-        get_args  => $c->req->query_parameters,
-        post_args => $c->req->body_parameters,
-        get_user  => sub {
-            return $c->user if $c->user_exists;
-            return;
-        },
-
-        # check if this id is sane
-        is_identity => sub {
-            my ( $user, $identity ) = @_;
-            return 0 unless $user;
-
-            my $base = $c->req->base;
-            ( my $identity_action = $identity ) =~ s/^$base//;
-
-            if ( $c->debug ) {
-                $c->log->debug( 'checking identity for ' . $user->id );
-            }
-
-            $c->forward("/$identity_action");
-            return $c->stash->{is_identity};
-        },
-
-        # check if the user trusts the current relying party
-        is_trusted => sub {
-            my ( $user, $trust_root, $is_identity ) = @_;
-
-            return unless defined $user;
-            return unless $is_identity;
-            return $self->is_trusted( $controller, $c, $trust_root );
-        },
-
-        # generate our half of the server secret
+        get_args      => $c->req->query_parameters,
+        post_args     => $c->req->body_parameters,
+        get_user      => sub { $controller->get_user( $c, @_ ) },
+        is_identity   => sub { $controller->is_identity( $c, @_ ) },
+        is_trusted    => sub { $controller->is_trusted( $c, @_ ) },
         server_secret => 'secret',
-
         setup_url =>
             $c->uri_for( $self, $c->req->query_parameters )->as_string
     );
+
+    # run action to populate stash for controller callbacks
+    $self->NEXT::execute(@_);
+
     my ( $type, $data ) = $nos->handle_page();
-    if ( $type eq 'redirect' ) {
+
+    if ( $c->stash->{cancel} ) {
+        $c->res->redirect(
+            $nos->cancel_return_url( return_to => $data->{return_to} ) );
+        return;
+    }
+    elsif ( $type eq 'redirect' ) {
         $c->res->redirect($data);
     }
     elsif ( $type eq 'setup' ) {
-        $self->NEXT::execute(@_);
-        $self->handle_trust( @_, $nos, $data ) if $c->user_exists;
+
+        # stash $data so the view can use it
+        $c->stash->{openid} = $data;
     }
     else {
-        if ( $c->debug ) {
-            $c->log->debug("[OpenID] setting type: $type");
-            $c->log->debug("[OpenID] setting body: $data");
-        }
-
         $c->res->content_type($type);
         $c->res->body($data);
     }
 }
 
-sub is_trusted {
-    my $self = shift;
-    my ( $controller, $c, $trust_root ) = @_;
-
-    my $stash     = $c->stash;
-    my $session   = $c->session;
-    my $trusted   = $session->{openid}{trusted};
-    my $untrusted = $session->{openid}{untrusted};
-
-    $c->log->debug(join ', ', keys %{$session->{openid}});
-    if ( exists $trusted->{$trust_root} ) {
-        $stash->{trust_consumer} = 1;
-    }
-    elsif ( exists $untrusted->{$trust_root} ) {
-        $stash->{trust_consumer} = 0;
-    }
-
-    # user hasn't been given a chance to aprove the consumer url yet
-    else {
-        $stash->{consumer_url} = $trust_root;
-    }
-
-    return $stash->{trust_consumer};
-}
-
-sub handle_trust {
-    my $self = shift;
-    my ( $controller, $c, $nos, $data ) = @_;
-
-    my $stash      = $c->stash;
-    my $session    = $c->session;
-    my $trust_root = $data->{trust_root};
-
-    # store trust for this url
-    if ( exists $stash->{trust_consumer} ) {
-        if ( $stash->{trust_consumer} ) {
-            $session->{openid}{trusted}{$trust_root} = 1;
-            $c->res->redirect( $nos->signed_return_url(%$data) );
-        }
-        else {
-            $session->{openid}{untrusted}{$trust_root} = 1;
-            $c->res->redirect(
-                $nos->cancel_return_url( return_to => $data->{return_to} ) );
-        }
-        return;
-    }
-    return 1;
-}
-
 1;    # Magic true value required at end of module
 __END__
 

Modified: trunk/examples/OpenID/Server/lib/Catalyst/Controller/OpenID.pm
===================================================================
--- trunk/examples/OpenID/Server/lib/Catalyst/Controller/OpenID.pm	2007-06-18 12:25:10 UTC (rev 6480)
+++ trunk/examples/OpenID/Server/lib/Catalyst/Controller/OpenID.pm	2007-06-19 04:27:11 UTC (rev 6481)
@@ -3,6 +3,8 @@
 use warnings;
 use strict;
 
+use Catalyst::Plugin::SubRequest;
+
 use base 'Catalyst::Controller';
 
 our $VERSION = '0.01';
@@ -13,11 +15,40 @@
     my $self   = shift;
     my $action = $self->NEXT::create_action(@_);
     if ( my $register = $action->can('openid_register') ) {
-        $register->($action, $self);
+        $register->( $action, $self );
     }
     return $action;
 }
 
+sub get_user {
+    my ( $self, $c ) = @_;
+    return $c->user if $c->user_exists;
+    return;
+}
+
+sub is_identity {
+    my ( $self, $c, $user, $identity ) = @_;
+    return 0 unless $user;
+
+    my $base = $c->req->base;
+    ( my $identity_action = $identity ) =~ s/^$base//;
+
+    my $body = $c->Catalyst::Plugin::SubRequest::subreq( "/$identity_action",
+        { is_subreq => 1 } );
+    return $c->stash->{is_identity} = 1 if $body eq 'is_identity';
+    return;
+}
+
+sub is_trusted {
+    my ( $self, $c, $user, $trust_root, $is_identity ) = @_;
+
+    return unless $user;
+    return unless $is_identity;
+
+    # Server action should have this set up by the time we get here
+    return $c->stash->{trust_consumer};
+}
+
 1;    # Magic true value required at end of module
 __END__
 

Modified: trunk/examples/OpenID/Server/lib/OpenID/Controller/Server.pm
===================================================================
--- trunk/examples/OpenID/Server/lib/OpenID/Controller/Server.pm	2007-06-18 12:25:10 UTC (rev 6480)
+++ trunk/examples/OpenID/Server/lib/OpenID/Controller/Server.pm	2007-06-19 04:27:11 UTC (rev 6481)
@@ -12,21 +12,23 @@
     my ( $self, $c ) = @_;
 
     my $params = $c->req->params;
-    if ( $c->user_exists ) {
-        $c->log->debug('user_exists');
-        if ( exists $params->{trust_consumer} ) {
-            $c->log->debug( 'trust_consumer: ' . $params->{trust_consumer} );
-            $c->log->debug( 'trust_consumer: ' . ( $params->{trust_consumer} eq 'yes' ) );
-            $c->stash->{trust_consumer}
-                = ( $params->{trust_consumer} eq 'yes' );
-        }
+
+    # set up trust for consumer url
+    if ( exists $params->{trust_consumer} ) {
+        $c->stash->{trust_consumer} = ( $params->{trust_consumer} eq 'yes' );
     }
-    elsif ( my $user = $params->{user}
+
+    # check for cancel
+    return
+        if $c->stash->{cancel} = $params->{cancel}
+        || $params->{trust_consumer} eq 'no';
+
+    # login
+    if (    !$c->user_exists
+        and my $user     = $params->{user}
         and my $password = $params->{password} )
     {
-        if ( !$c->login( $user, $password ) ) {
-            $c->stash->{bad_login} = 1;
-        }
+        $c->login( $user, $password );
     }
 }
 

Modified: trunk/examples/OpenID/Server/root/server/server.tt
===================================================================
--- trunk/examples/OpenID/Server/root/server/server.tt	2007-06-18 12:25:10 UTC (rev 6480)
+++ trunk/examples/OpenID/Server/root/server/server.tt	2007-06-19 04:27:11 UTC (rev 6481)
@@ -1,14 +1,17 @@
-[%
-IF bad_login; '<p>wrong username or password</p>'; END;
-IF c.param('user') && c.param('password') && !is_identity; "<p>you don't own this identity</p>"; END;
-%]<form action="[% c.uri_for(c.action, c.req.query_parameters).as_string %]" method="POST">
-[% IF !c.user_exists %]
-    <p><input type="text" name="user" class="openid" /></p>
-    <p><input type="password" name="password" class="openid" /></p>
-[% ELSE %]
-    <p>Would you like to share your identity with [% consumer_url %]?
+<p>Authentication for [% openid.identity %]</p>
+<form action="[% c.uri_for(c.action, c.req.query_parameters).as_string %]" method="POST">
+    <p>Would you like to share your identity with [% openid.trust_root %]?
     yes <input type="radio" name="trust_consumer" value="yes"/>
     no <input type="radio" name="trust_consumer" value="no"/></p>
+[% IF !c.user_exists || !is_identity %]
+    [% IF c.req.param('user') && c.req.param('password') %]
+    <p>Wrong user name or password!</p>
+    [% END %]
+    <p>user<br/><input type="text" name="user" class="openid" /></p>
+    <p>password<br/><input type="password" name="password" class="openid" /></p>
 [% END %]
-    <p><input type="submit" value="Sign in" /></p>
+<p>
+    <input type="submit" name="ok" value="ok" />
+    <input type="submit" name="cancel" value="cancel" />
+</p>
 </form>

More information about the Catalyst-commits mailing list