func callbackHandler(w http.ResponseWriter, r *http.Request) { fullUrl := "http://localhost:8080" + r.URL.String() log.Print(fullUrl) id, err := openid.Verify( fullUrl, discoveryCache, nonceStore) if err == nil { p := make(map[string]string) log.Println(id) p["user"] = id["user"] if t, err := template.ParseFiles(dataDir + "index.html"); err == nil { t.Execute(w, p) } else { log.Println("WTF") log.Print(err) } } else { log.Println("WTF2") log.Print(err) } }
func (oid *OpenID) Callback(w http.ResponseWriter, r *http.Request) { // verify the response fullURL := fmt.Sprintf("https://%v%v", oid.responseHost(r), r.URL.String()) _, err := openid.Verify(fullURL, oid.discoveryCache, oid.nonceStore) if err != nil { oid.respError(w, "Unauthorized", http.StatusUnauthorized, fmt.Errorf("OpenID verification failed: %v", err)) return } // verified then find the original stored url and redirect the use back to their original request values, err := url.ParseQuery(r.URL.RawQuery) if err != nil { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("Failed to parse URL query string: %v", r.URL)) return } returnTo := values.Get("openid.return_to") if returnTo == "" { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("openid.return_to not set in callback: %v", values)) return } cbuuid := values.Get("cbuuid") if cbuuid == "" { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("cbuuid not set in callback: %v", values)) return } originalUrl, ok := oid.urlStore[cbuuid] if !ok { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("cbuuid %v not found in local store", cbuuid)) return } // We're done with the callback, remove it. // TODO: we should use an expiring kv store for these to prevent DoS. delete(oid.urlStore, cbuuid) _, ok = values["openid.sreg.email"] if !ok { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("openid.sreq.email missing from OpenID response")) return } session, err := oid.sessionStore.Get(r, oid.realm) if err != nil { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("Failed to get session: %v", err)) return } session.Options = &sessions.Options{ Path: "/", MaxAge: 86400 * 7, // One week Secure: true, // Enforce https, same-origin policy HttpOnly: true, // http://blog.codinghorror.com/protecting-your-cookies-httponly/ } for k, v := range values { session.Values[k] = v } err = sessions.Save(r, w) if err != nil { oid.respError(w, "Server error", http.StatusInternalServerError, fmt.Errorf("Failed to save session: %v", err)) return } http.Redirect(w, r, originalUrl, http.StatusSeeOther) }