Class: Pasaporte::Controllers::Openid

Inherits:
Object
  • Object
show all
Includes:
OpenID::Server
Defined in:
lib/pasaporte.rb

Overview

Performs the actual OpenID tasks. POST is for the requesting party, GET is for the browser

Defined Under Namespace

Classes: Denied, Err, NeedsApproval, NoOpenidRequest, SwitchUser

Instance Method Summary collapse

Instance Method Details

#get_with_nickObject 



258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
 
# File 'lib/pasaporte.rb', line 258

def get_with_nick
  require_plain!
  begin
    @oid_request = openid_request_from_input_or_session
    
    LOGGER.info "OpenID: user #{@nickname} must not be throttled"
    deny_throttled!
    
    LOGGER.info "OpenID: nick must match the identity URL"
    check_nickname_matches_identity_url

    LOGGER.info "OpenID: identity must reside on our server"
    check_identity_lives_here
    
    LOGGER.info "OpenID: user must be logged in"
    check_logged_in
    
    @profile = profile_by_nickname(@nickname)
    
    LOGGER.info "OpenID: trust root is on the approvals list"
    check_if_previously_approved
    
    LOGGER.info "OpenID: OpenID verified, redirecting"
    
    succesful_resp = @oid_request.answer(true)
    add_sreg(@oid_request, succesful_resp)
    send_openid_response(succesful_resp)
  rescue NoOpenidRequest
    return 'This is an OpenID server endpoint.'
  rescue ProtocolError => e
    LOGGER.error "OpenID: Cannot decode the OpenID request - #{e.message}"
    return "Something went wrong processing your request"
  rescue SwitchUser => e
    # Force a session save, remove the current user from the session and throw
    # to the login page for the user to switch  to
    @state.nickname = nil
    force_session_save!
    LOGGER.warn "OpenID: suspend - need to switch user first"
    @oid_request.immediate ? ask_user_to_approve : (raise e)
  rescue PleaseLogin => e
    # There is a subtlety here. If the user had NO session before entering
    # this, he will get a new SID upon arriving at the signon page and thus
    # will loose his openid request
    force_session_save!
    LOGGER.warn "OpenID: suspend - the user needs to login first, saving session"
    @oid_request.immediate ? ask_user_to_approve : (raise e)
  rescue NeedsApproval
    LOGGER.warn "OpenID: suspend - the URL needs approval first"
    ask_user_to_approve
  rescue Denied => d
    LOGGER.warn "OpenID: deny OpenID to #{@nickname} - #{d.message}"
    send_openid_response(@oid_request.answer(false))
  rescue Secure::Throttled => e
    LOGGER.warn "OpenID: deny OpenID to #{@nickname} - user is throttled"
    send_openid_response(@oid_request.answer(false))
  end
end

#post_with_nickObject

Raises:

  • (ProtocolError) 


316
317
318
319
320
321
322
323
324
 
# File 'lib/pasaporte.rb', line 316

def post_with_nick
  require_plain!
  req = openid_server.decode_request(input)
  raise ProtocolError, "The decoded request was nil" if req.nil?
  # Check for dumb mode HIER!
  resp = openid_server.handle_request(req)
  # we need to preserve the session on POST actions
  send_openid_response(resp, true)
end