prosody-modules: mod_openid/mod

annotate mod_openid/mod_openid.lua @ 5511:0860497152af

mod_http_oauth2: Record hash of client_id to allow future verification RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the client. In order to do that, we must record something that can definitely tie the client to the grant. Since the full client_id is so large (why we have this client_subset function), a hash is stored instead.

author	Kim Alvefur <zash@zash.se>
date	Fri, 02 Jun 2023 10:14:16 +0200
parents	7dbde05b48a9
children

rev	line source
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	1 local usermanager = require "core.usermanager"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	2 local httpserver = require "net.httpserver"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	3 local jidutil = require "util.jid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	4 local hmac = require "hmac"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	5
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	6 local base64 = require "util.encodings".base64
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	7
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	8 local humane = require "util.serialization".serialize
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	9
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	10 -- Configuration
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	11 local base = "openid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	12 local openidns = "http://specs.openid.net/auth/2.0" -- [#4.1.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	13 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	14
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	15 local associations = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	16
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	17 local function genkey(length)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	18 -- FIXME not cryptographically secure
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	19 str = {}
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	20
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	21 for i = 1,length do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	22 local rand = math.random(33, 126)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	23 table.insert(str, string.char(rand))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	24 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	25
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	26 return table.concat(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	27 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	28
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	29 local function tokvstring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	30 -- key-value encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	31 local str = ""
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	32
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	33 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	34 str = str..k..":"..v.."\n"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	35 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	36
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	37 return str
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	38 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	39
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	40 local function newassoc(key, shared)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	41 -- TODO don't use genkey here
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	42 local handle = genkey(16)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	43 associations[handle] = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	44 associations[handle]["key"] = key
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	45 associations[handle]["shared"] = shared
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	46 associations[handle]["time"] = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	47 return handle
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	48 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	49
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	50 local function split(str, sep)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	51 local splits = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	52 str:gsub("([^.."..sep.."]*)"..sep, function(c) table.insert(splits, c) end)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	53 return splits
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	54 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	55
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	56 local function sign(response, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	57 local fields = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	58
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	59 for _,field in pairs(split(response["openid.signed"],",")) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	60 fields[field] = response["openid."..field]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	61 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	62
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	63 -- [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	64 return base64.encode(hmac.sha256(key, tokvstring(fields)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	65 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	66
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	67 local function urlencode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	68 return (string.gsub(s, "%W",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	69 function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	70 return string.format("%%%02X", string.byte(str))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	71 end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	72 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	73
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	74 local function urldecode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	75 return(string.gsub(string.gsub(s, "+", " "), "%%(%x%x)",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	76 function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	77 return string.char(tonumber(str,16))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	78 end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	79 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	80
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	81 local function utctime()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	82 local now = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	83 local diff = os.difftime(now, os.time(os.date("!*t", now)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	84 return now-diff
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	85 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	86
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	87 local function nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	88 -- generate a response nonce [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	89 local random = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	90 for i=0,10 do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	91 random = random..string.char(math.random(33,126))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	92 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	93
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	94 local timestamp = os.date("%Y-%m-%dT%H:%M:%SZ", utctime())
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	95
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	96 return timestamp..random
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	97 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	98
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	99 local function query_params(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	100 if type(query) == "string" and #query > 0 then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	101 if query:match("=") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	102 local params = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	103 for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	104 if k and v then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	105 params[urldecode(k)] = urldecode(v)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	106 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	107 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	108 return params
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	109 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	110 return urldecode(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	111 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	112 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	113 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	114
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	115 local function split_host_port(combined)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	116 local host = combined
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	117 local port = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	118 local cpos = string.find(combined, ":")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	119 if cpos ~= nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	120 host = string.sub(combined, 0, cpos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	121 port = string.sub(combined, cpos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	122 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	123
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	124 return host, port
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	125 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	126
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	127 local function toquerystring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	128 -- query string encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	129 local str = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	130
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	131 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	132 str = str..urlencode(k).."="..urlencode(v).."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	133 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	134
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	135 return string.sub(str, 0, -1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	136 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	137
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	138 local function match_realm(url, realm)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	139 -- FIXME do actual match [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	140 return true
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	141 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	142
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	143 local function handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	144 module:log("debug", "Request at OpenID provider endpoint")
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	145
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	146 local params = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	147
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	148 if method == "GET" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	149 params = query_params(request.url.query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	150 elseif method == "POST" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	151 params = query_params(body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	152 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	153 -- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	154 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	155 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	156
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	157 module:log("debug", "Request Parameters:\n"..humane(params))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	158
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	159 if params["openid.ns"] == openidns then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	160 -- OpenID 2.0 request [#5.1.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	161 if params["openid.mode"] == "associate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	162 -- Associate mode [#8]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	163 -- TODO implement association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	164
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	165 -- Error response [#8.2.4]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	166 local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	167 ["ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	168 ["session_type"] = params["openid.session_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	169 ["assoc_type"] = params["openid.assoc_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	170 ["error"] = "Association not supported... yet",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	171 ["error_code"] = "unsupported-type",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	172 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	173
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	174 local kvresponse = tokvstring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	175 module:log("debug", "OpenID Response:\n"..kvresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	176 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	177 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	178 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	179 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	180 body = kvresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	181 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	182 elseif params["openid.mode"] == "checkid_setup" or params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	183 -- Requesting authentication [#9]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	184 if not params["openid.realm"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	185 -- set realm to default value of return_to [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	186 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	187 params["openid.realm"] = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	188 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	189 -- neither was sent, error [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	190 -- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	191 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	192 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	193 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	194
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	195 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	196 -- Assure that the return_to url matches the realm [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	197 if not match_realm(params["openid.return_to"], params["openid.realm"]) then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	198 -- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	199 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	200 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	201
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	202 -- Verify the return url [#9.2.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	203 -- TODO implement return url verification
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	204 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	205
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	206 if params["openid.claimed_id"] and params["openid.identity"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	207 -- asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	208
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	209 if params["openid.identity"] == "http://specs.openid.net/auth/2.0/identifier_select" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	210 -- automatically select an identity [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	211 params["openid.identity"] = params["openid.claimed_id"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	212 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	213
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	214 if params["openid.mode"] == "checkid_setup" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	215 -- Check ID Setup mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	216 -- TODO implement: NEXT STEP
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	217 local head = "<title>Prosody OpenID : Login</title>"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	218 local body = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	219 <p>Open ID Authentication<p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	220 <p>Identifier: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	221 <p>Realm: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	222 <p>Return: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	223 <form method="POST" action="%s">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	224 Jabber ID: <input type="text" name="jid"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	225 Password: <input type="password" name="password"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	226 <input type="hidden" name="openid.return_to" value="%s"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	227 <input type="submit" value="Authenticate"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	228 </form>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	229 ]], params["openid.claimed_id"], params["openid.realm"], params["openid.return_to"], base, params["openid.return_to"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	230
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	231 return string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	232 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	233 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	234 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	235 <head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	236 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	237 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	238 </head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	239 <body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	240 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	241 </body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	242 </html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	243 ]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	244 elseif params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	245 -- Check ID Immediate mode [#9.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	246 -- TODO implement check id immediate
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	247 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	248 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	249 -- not asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	250 -- used for extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	251 -- TODO implement common extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	252 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	253 elseif params["openid.mode"] == "check_authentication" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	254 module:log("debug", "OpenID Check Authentication Mode")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	255 local assoc = associations[params["openid.assoc_handle"]]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	256 module:log("debug", "Checking Association Handle: "..params["openid.assoc_handle"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	257 if assoc and not assoc["shared"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	258 module:log("debug", "Found valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	259 local sig = sign(params, assoc["key"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	260
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	261 local is_valid = "false"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	262 if sig == params["openid.sig"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	263 is_valid = "true"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	264 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	265
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	266 module:log("debug", "Signature is: "..is_valid)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	267
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	268 openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	269 ns = openidns,
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	270 is_valid = is_valid,
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	271 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	272
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	273 -- Delete this association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	274 associations[params["openid.assoc_handle"]] = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	275 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	276 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	277 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	278 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	279 body = tokvstring(openidresponse),
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	280 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	281 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	282 module:log("debug", "No valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	283 -- TODO return error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	284 -- Invalidate the handle [#11.4.2.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	285 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	286 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	287 -- Some other mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	288 -- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	289 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	290 elseif params["password"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	291 -- User is authenticating
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	292 local user, domain = jidutil.split(params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	293 module:log("debug", "Authenticating "..params["jid"].." ("..user..","..domain..") with password: "..params["password"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	294 local valid = usermanager.validate_credentials(domain, user, params["password"], "PLAIN")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	295 if valid then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	296 module:log("debug", "Authentication Succeeded: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	297 if params["openid.return_to"] ~= "" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	298 -- TODO redirect the user to return_to with the openid response
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	299 -- included, need to handle the case if its a GET, that there are
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	300 -- existing query parameters on the return_to URL [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	301 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	302 local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	303 if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	304 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	305 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	306 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	307 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	308
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	309 local nonce = nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	310 local key = genkey(32)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	311 local assoc_handle = newassoc(key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	312
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	313 local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	314 ["openid.ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	315 ["openid.mode"] = "id_res",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	316 ["openid.op_endpoint"] = endpointurl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	317 ["openid.claimed_id"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	318 ["openid.identity"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	319 ["openid.return_to"] = params["openid.return_to"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	320 ["openid.response_nonce"] = nonce,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	321 ["openid.assoc_handle"] = assoc_handle,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	322 ["openid.signed"] = "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce", -- FIXME
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	323 ["openid.sig"] = nil,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	324 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	325
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	326 openidresponse["openid.sig"] = sign(openidresponse, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	327
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	328 queryresponse = toquerystring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	329
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	330 redirecturl = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	331 -- add the parameters to the return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	332 if redirecturl:match("?") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	333 redirecturl = redirecturl.."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	334 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	335 redirecturl = redirecturl.."?"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	336 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	337
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	338 redirecturl = redirecturl..queryresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	339
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	340 module:log("debug", "Open ID Positive Assertion Response Table:\n"..humane(openidresponse))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	341 module:log("debug", "Open ID Positive Assertion Response URL:\n"..queryresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	342 module:log("debug", "Redirecting User to:\n"..redirecturl)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	343 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	344 status = "303 See Other",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	345 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	346 Location = redirecturl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	347 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	348 body = "Redirecting to: "..redirecturl -- TODO Include a note with a hyperlink to redirect
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	349 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	350 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	351 -- TODO Do something useful is there is no return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	352 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	353 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	354 module:log("debug", "Authentication Failed: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	355 -- TODO let them try again
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	356 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	357 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	358 -- Not an Open ID request, do something useful
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	359 -- TODO
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	360 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	361
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	362 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	363 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	364
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	365 local function handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	366 module:log("debug", "Request at OpenID identifier")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	367 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	368
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	369 local user_name = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	370 local user_domain = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	371 local apos = string.find(id, "@")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	372 if apos == nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	373 user_name = id
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	374 user_domain = host
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	375 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	376 user_name = string.sub(id, 0, apos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	377 user_domain = string.sub(id, apos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	378 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	379
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	380 user, domain = jidutil.split(id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	381
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	382 local exists = usermanager.user_exists(user_name, user_domain)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	383
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	384 if not exists then
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	385 return response_404
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	386 end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	387
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	388 local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	389 if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	390 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	391 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	392 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	393 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	394
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	395 local head = string.format("<title>Prosody OpenID : %s@%s</title>", user_name, user_domain)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	396 -- OpenID HTML discovery [#7.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	397 head = head .. string.format('<link rel="openid2.provider" href="%s" />', endpointurl)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	398
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	399 local content = 'request.url.path: ' .. request.url.path .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	400 content = content .. 'host+port: ' .. request.headers.host .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	401 content = content .. 'host: ' .. tostring(host) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	402 content = content .. 'port: ' .. tostring(port) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	403 content = content .. 'user_name: ' .. user_name .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	404 content = content .. 'user_domain: ' .. user_domain .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	405 content = content .. 'exists: ' .. tostring(exists) .. '<br/>'
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	406
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	407 local body = string.format('<p>%s</p>', content)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	408
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	409 local data = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	410 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	411 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	412 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	413 <head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	414 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	415 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	416 </head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	417 <body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	418 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	419 </body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	420 </html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	421 ]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	422 return data;
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	423 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	424
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	425 local function handle_request(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	426 module:log("debug", "Received request")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	427
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	428 -- Make sure the host is enabled
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	429 local host = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	430 if not hosts[host] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	431 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	432 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	433
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	434 if request.url.path == "/"..base then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	435 -- OpenID Provider Endpoint
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	436 return handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	437 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	438 local id = request.url.path:match("^/"..base.."/(.+)$")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	439 if id then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	440 -- OpenID Identifier
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	441 return handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	442 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	443 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	444 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	445 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	446 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	447
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	448 httpserver.new{ port = 5280, base = base, handler = handle_request, ssl = false}

Mercurial > prosody-modules

annotate mod_openid/mod_openid.lua @ 5511:0860497152af