4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# File 'lib/hancock-client/sso.rb', line 4
def self.registered(app)
app.use(Rack::OpenID, OpenID::Store::Filesystem.new("#{Dir.tmpdir}/openid"))
app.helpers Hancock::Client::Helpers::Rack
app.before do
next if request.path_info == '/sso/login'
next if request.path_info == '/sso/logout'
next if excluded_path?
next if sso_logged_in?
throw(:halt, [302, {'Location' => '/sso/login'}, ''])
end
app.get '/sso/login' do
if contact_id = params['id']
response['WWW-Authenticate'] = Rack::OpenID.(
:identifier => "#{options.sso_url}/users/#{contact_id}",
:trust_root => absolute_url('/sso/login')
)
throw :halt, [401, 'got openid?']
elsif openid = request.env["rack.openid.response"]
if openid.status == :success
if contact_id = openid.display_identifier.split("/").last
sreg_params = openid.message.get_args("http://openid.net/extensions/sreg/1.1")
sso_login_as(contact_id, sreg_params)
redirect '/'
else
raise "No contact could be found for #{openid.display_identifier}"
end
else
throw :halt, [503, "Error: #{openid.status}"]
end
else
redirect "#{options.sso_url}/login?return_to=#{absolute_url('/sso/login')}"
end
end
app.get '/sso/logout' do
session.clear
redirect "#{options.sso_url}/logout"
end
end
|