Exemple #1
0
func callbackHandler(w http.ResponseWriter, r *http.Request) {
	fullUrl := "http://localhost:8080" + r.URL.String()
	log.Print(fullUrl)
	id, err := openid.Verify(
		fullUrl,
		discoveryCache, nonceStore)
	if err == nil {
		p := make(map[string]string)
		log.Println(id)
		p["user"] = id["user"]
		if t, err := template.ParseFiles(dataDir + "index.html"); err == nil {
			t.Execute(w, p)
		} else {
			log.Println("WTF")
			log.Print(err)
		}
	} else {
		log.Println("WTF2")
		log.Print(err)
	}
}
Exemple #2
0
func (oid *OpenID) Callback(w http.ResponseWriter, r *http.Request) {
	// verify the response
	fullURL := fmt.Sprintf("https://%v%v", oid.responseHost(r), r.URL.String())
	_, err := openid.Verify(fullURL, oid.discoveryCache, oid.nonceStore)
	if err != nil {
		oid.respError(w, "Unauthorized", http.StatusUnauthorized,
			fmt.Errorf("OpenID verification failed: %v", err))
		return
	}

	// verified then find the original stored url and redirect the use back to their original request
	values, err := url.ParseQuery(r.URL.RawQuery)
	if err != nil {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("Failed to parse URL query string: %v", r.URL))
		return
	}

	returnTo := values.Get("openid.return_to")
	if returnTo == "" {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("openid.return_to not set in callback: %v", values))
		return
	}

	cbuuid := values.Get("cbuuid")
	if cbuuid == "" {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("cbuuid not set in callback: %v", values))
		return
	}

	originalUrl, ok := oid.urlStore[cbuuid]
	if !ok {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("cbuuid %v not found in local store", cbuuid))
		return
	}

	// We're done with the callback, remove it.
	// TODO: we should use an expiring kv store for these to prevent DoS.
	delete(oid.urlStore, cbuuid)

	_, ok = values["openid.sreg.email"]
	if !ok {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("openid.sreq.email missing from OpenID response"))
		return
	}

	session, err := oid.sessionStore.Get(r, oid.realm)
	if err != nil {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("Failed to get session: %v", err))
		return
	}

	session.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   86400 * 7, // One week
		Secure:   true,      // Enforce https, same-origin policy
		HttpOnly: true,      // http://blog.codinghorror.com/protecting-your-cookies-httponly/
	}
	for k, v := range values {
		session.Values[k] = v
	}
	err = sessions.Save(r, w)
	if err != nil {
		oid.respError(w, "Server error", http.StatusInternalServerError,
			fmt.Errorf("Failed to save session: %v", err))
		return
	}

	http.Redirect(w, r, originalUrl, http.StatusSeeOther)
}