39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# File 'lib/sinatra/hancock/openid_server.rb', line 39
def self.registered(app)
app.send(:include, Sinatra::Hancock::OpenIDServer::Helpers)
app.template(:yadis) { openid_server_template('yadis') }
app.get '/sso/xrds' do
response.['Content-Type'] = 'application/xrds+xml'
@types = [ OpenID::OPENID_IDP_2_0_TYPE ]
erb :yadis, :layout => false
end
app.get '/sso/users/:id' do
@types = [ OpenID::OPENID_2_0_TYPE, OpenID::SREG_URI ]
response.['Content-Type'] = 'application/xrds+xml'
response.['X-XRDS-Location'] = absolute_url("/sso/users/#{params['id']}")
erb :yadis, :layout => false
end
[:get, :post].each do |meth|
app.send(meth, '/sso') do
begin
oidreq = server.decode_request(params)
rescue OpenID::Server::ProtocolError => e
oidreq = session[:hancock_server_last_oidreq]
end
throw(:halt, [400, 'Bad Request']) unless oidreq
oidresp = nil
if oidreq.kind_of?(OpenID::Server::CheckIDRequest)
session[:hancock_server_last_oidreq] = oidreq
session[:hancock_server_return_to] = absolute_url('/sso')
ensure_authenticated
unless oidreq.identity == url_for_user
forbidden!
end
forbidden! unless ::Hancock::Consumer.allowed?(oidreq.trust_root)
oidresp = oidreq.answer(true, nil, oidreq.identity)
sreg_data = {
'last_name' => session_user.last_name,
'first_name' => session_user.first_name,
'email' => session_user.email
}
sregresp = OpenID::SReg::Response.new(sreg_data)
oidresp.add_extension(sregresp)
else
oidresp = server.handle_request(oidreq) end
render_response(oidresp)
end
end
end
|