prosody-modules: mod_openid/mod

annotate mod_openid/mod_openid.lua @ 473:99b246b37809

mod_ircd: fixed aff/roles last data table cleaning code.

author	Marco Cirillo <maranda@lightwitch.org>
date	Wed, 02 Nov 2011 00:25:28 +0000
parents	723fd785815f
children	7dbde05b48a9

rev	line source
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	1 local usermanager = require "core.usermanager"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	2 local httpserver = require "net.httpserver"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	3 local jidutil = require "util.jid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	4 local hmac = require "hmac"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	5
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	6 local base64 = require "util.encodings".base64
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	7
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	8 local humane = require "util.serialization".serialize
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	9
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	10 -- Configuration
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	11 local base = "openid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	12 local openidns = "http://specs.openid.net/auth/2.0" -- [#4.1.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	13 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	14
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	15 local associations = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	16
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	17 local function genkey(length)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	18 -- FIXME not cryptographically secure
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	19 str = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	20
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	21 for i = 1,length do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	22 local rand = math.random(33, 126)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	23 table.insert(str, string.char(rand))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	24 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	25
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	26 return table.concat(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	27 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	28
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	29 local function tokvstring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	30 -- key-value encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	31 local str = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	32
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	33 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	34 str = str..k..":"..v.."\n"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	35 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	36
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	37 return str
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	38 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	39
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	40 local function newassoc(key, shared)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	41 -- TODO don't use genkey here
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	42 local handle = genkey(16)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	43 associations[handle] = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	44 associations[handle]["key"] = key
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	45 associations[handle]["shared"] = shared
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	46 associations[handle]["time"] = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	47 return handle
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	48 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	49
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	50 local function split(str, sep)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	51 local splits = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	52 str:gsub("([^.."..sep.."]*)"..sep, function(c) table.insert(splits, c) end)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	53 return splits
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	54 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	55
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	56 local function sign(response, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	57 local fields = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	58
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	59 for _,field in pairs(split(response["openid.signed"],",")) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	60 fields[field] = response["openid."..field]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	61 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	62
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	63 -- [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	64 return base64.encode(hmac.sha256(key, tokvstring(fields)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	65 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	66
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	67 local function urlencode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	68 return (string.gsub(s, "%W",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	69 function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	70 return string.format("%%%02X", string.byte(str))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	71 end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	72 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	73
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	74 local function urldecode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	75 return(string.gsub(string.gsub(s, "+", " "), "%%(%x%x)",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	76 function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	77 return string.char(tonumber(str,16))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	78 end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	79 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	80
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	81 local function utctime()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	82 local now = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	83 local diff = os.difftime(now, os.time(os.date("!*t", now)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	84 return now-diff
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	85 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	86
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	87 local function nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	88 -- generate a response nonce [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	89 local random = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	90 for i=0,10 do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	91 random = random..string.char(math.random(33,126))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	92 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	93
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	94 local timestamp = os.date("%Y-%m-%dT%H:%M:%SZ", utctime())
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	95
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	96 return timestamp..random
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	97 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	98
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	99 local function query_params(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	100 if type(query) == "string" and #query > 0 then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	101 if query:match("=") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	102 local params = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	103 for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	104 if k and v then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	105 params[urldecode(k)] = urldecode(v)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	106 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	107 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	108 return params
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	109 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	110 return urldecode(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	111 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	112 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	113 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	114
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	115 local function split_host_port(combined)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	116 local host = combined
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	117 local port = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	118 local cpos = string.find(combined, ":")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	119 if cpos ~= nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	120 host = string.sub(combined, 0, cpos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	121 port = string.sub(combined, cpos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	122 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	123
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	124 return host, port
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	125 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	126
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	127 local function toquerystring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	128 -- query string encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	129 local str = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	130
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	131 for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	132 str = str..urlencode(k).."="..urlencode(v).."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	133 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	134
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	135 return string.sub(str, 0, -1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	136 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	137
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	138 local function match_realm(url, realm)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	139 -- FIXME do actual match [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	140 return true
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	141 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	142
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	143 local function handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	144 module:log("debug", "Request at OpenID provider endpoint")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	145
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	146 local params = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	147
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	148 if method == "GET" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	149 params = query_params(request.url.query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	150 elseif method == "POST" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	151 params = query_params(body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	152 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	153 -- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	154 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	155 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	156
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	157 module:log("debug", "Request Parameters:\n"..humane(params))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	158
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	159 if params["openid.ns"] == openidns then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	160 -- OpenID 2.0 request [#5.1.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	161 if params["openid.mode"] == "associate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	162 -- Associate mode [#8]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	163 -- TODO implement association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	164
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	165 -- Error response [#8.2.4]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	166 local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	167 ["ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	168 ["session_type"] = params["openid.session_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	169 ["assoc_type"] = params["openid.assoc_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	170 ["error"] = "Association not supported... yet",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	171 ["error_code"] = "unsupported-type",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	172 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	173
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	174 local kvresponse = tokvstring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	175 module:log("debug", "OpenID Response:\n"..kvresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	176 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	177 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	178 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	179 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	180 body = kvresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	181 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	182 elseif params["openid.mode"] == "checkid_setup" or params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	183 -- Requesting authentication [#9]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	184 if not params["openid.realm"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	185 -- set realm to default value of return_to [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	186 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	187 params["openid.realm"] = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	188 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	189 -- neither was sent, error [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	190 -- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	191 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	192 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	193 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	194
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	195 if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	196 -- Assure that the return_to url matches the realm [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	197 if not match_realm(params["openid.return_to"], params["openid.realm"]) then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	198 -- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	199 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	200 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	201
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	202 -- Verify the return url [#9.2.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	203 -- TODO implement return url verification
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	204 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	205
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	206 if params["openid.claimed_id"] and params["openid.identity"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	207 -- asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	208
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	209 if params["openid.identity"] == "http://specs.openid.net/auth/2.0/identifier_select" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	210 -- automatically select an identity [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	211 params["openid.identity"] = params["openid.claimed_id"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	212 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	213
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	214 if params["openid.mode"] == "checkid_setup" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	215 -- Check ID Setup mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	216 -- TODO implement: NEXT STEP
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	217 local head = "<title>Prosody OpenID : Login</title>"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	218 local body = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	219 <p>Open ID Authentication<p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	220 <p>Identifier: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	221 <p>Realm: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	222 <p>Return: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	223 <form method="POST" action="%s">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	224 Jabber ID: <input type="text" name="jid"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	225 Password: <input type="password" name="password"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	226 <input type="hidden" name="openid.return_to" value="%s"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	227 <input type="submit" value="Authenticate"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	228 </form>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	229 ]], params["openid.claimed_id"], params["openid.realm"], params["openid.return_to"], base, params["openid.return_to"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	230
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	231 return string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	232 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	233 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	234 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	235 <head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	236 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	237 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	238 </head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	239 <body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	240 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	241 </body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	242 </html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	243 ]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	244 elseif params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	245 -- Check ID Immediate mode [#9.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	246 -- TODO implement check id immediate
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	247 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	248 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	249 -- not asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	250 -- used for extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	251 -- TODO implement common extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	252 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	253 elseif params["openid.mode"] == "check_authentication" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	254 module:log("debug", "OpenID Check Authentication Mode")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	255 local assoc = associations[params["openid.assoc_handle"]]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	256 module:log("debug", "Checking Association Handle: "..params["openid.assoc_handle"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	257 if assoc and not assoc["shared"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	258 module:log("debug", "Found valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	259 local sig = sign(params, assoc["key"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	260
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	261 local is_valid = "false"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	262 if sig == params["openid.sig"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	263 is_valid = "true"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	264 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	265
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	266 module:log("debug", "Signature is: "..is_valid)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	267
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	268 openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	269 ns = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	270 is_valid = is_valid,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	271 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	272
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	273 -- Delete this association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	274 associations[params["openid.assoc_handle"]] = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	275 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	276 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	277 ["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	278 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	279 body = tokvstring(openidresponse),
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	280 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	281 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	282 module:log("debug", "No valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	283 -- TODO return error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	284 -- Invalidate the handle [#11.4.2.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	285 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	286 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	287 -- Some other mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	288 -- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	289 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	290 elseif params["password"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	291 -- User is authenticating
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	292 local user, domain = jidutil.split(params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	293 module:log("debug", "Authenticating "..params["jid"].." ("..user..","..domain..") with password: "..params["password"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	294 local valid = usermanager.validate_credentials(domain, user, params["password"], "PLAIN")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	295 if valid then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	296 module:log("debug", "Authentication Succeeded: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	297 if params["openid.return_to"] ~= "" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	298 -- TODO redirect the user to return_to with the openid response
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	299 -- included, need to handle the case if its a GET, that there are
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	300 -- existing query parameters on the return_to URL [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	301 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	302 local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	303 if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	304 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	305 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	306 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	307 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	308
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	309 local nonce = nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	310 local key = genkey(32)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	311 local assoc_handle = newassoc(key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	312
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	313 local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	314 ["openid.ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	315 ["openid.mode"] = "id_res",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	316 ["openid.op_endpoint"] = endpointurl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	317 ["openid.claimed_id"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	318 ["openid.identity"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	319 ["openid.return_to"] = params["openid.return_to"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	320 ["openid.response_nonce"] = nonce,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	321 ["openid.assoc_handle"] = assoc_handle,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	322 ["openid.signed"] = "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce", -- FIXME
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	323 ["openid.sig"] = nil,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	324 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	325
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	326 openidresponse["openid.sig"] = sign(openidresponse, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	327
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	328 queryresponse = toquerystring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	329
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	330 redirecturl = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	331 -- add the parameters to the return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	332 if redirecturl:match("?") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	333 redirecturl = redirecturl.."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	334 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	335 redirecturl = redirecturl.."?"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	336 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	337
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	338 redirecturl = redirecturl..queryresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	339
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	340 module:log("debug", "Open ID Positive Assertion Response Table:\n"..humane(openidresponse))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	341 module:log("debug", "Open ID Positive Assertion Response URL:\n"..queryresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	342 module:log("debug", "Redirecting User to:\n"..redirecturl)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	343 return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	344 status = "303 See Other",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	345 headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	346 Location = redirecturl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	347 },
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	348 body = "Redirecting to: "..redirecturl -- TODO Include a note with a hyperlink to redirect
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	349 }
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	350 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	351 -- TODO Do something useful is there is no return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	352 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	353 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	354 module:log("debug", "Authentication Failed: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	355 -- TODO let them try again
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	356 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	357 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	358 -- Not an Open ID request, do something useful
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	359 -- TODO
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	360 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	361
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	362 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	363 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	364
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	365 local function handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	366 module:log("debug", "Request at OpenID identifier")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	367 local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	368
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	369 local user_name = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	370 local user_domain = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	371 local apos = string.find(id, "@")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	372 if apos == nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	373 user_name = id
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	374 user_domain = host
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	375 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	376 user_name = string.sub(id, 0, apos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	377 user_domain = string.sub(id, apos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	378 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	379
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	380 user, domain = jidutil.split(id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	381
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	382 local exists = usermanager.user_exists(user_name, user_domain)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	383
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	384 if not exists then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	385 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	386 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	387
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	388 local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	389 if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	390 endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	391 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	392 endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	393 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	394
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	395 local head = string.format("<title>Prosody OpenID : %s@%s</title>", user_name, user_domain)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	396 -- OpenID HTML discovery [#7.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	397 head = head .. string.format('<link rel="openid2.provider" href="%s" />', endpointurl)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	398
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	399 local content = 'request.url.path: ' .. request.url.path .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	400 content = content .. 'host+port: ' .. request.headers.host .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	401 content = content .. 'host: ' .. tostring(host) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	402 content = content .. 'port: ' .. tostring(port) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	403 content = content .. 'user_name: ' .. user_name .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	404 content = content .. 'user_domain: ' .. user_domain .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	405 content = content .. 'exists: ' .. tostring(exists) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	406
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	407 local body = string.format('<p>%s</p>', content)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	408
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	409 local data = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	410 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	411 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	412 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	413 <head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	414 <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	415 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	416 </head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	417 <body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	418 %s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	419 </body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	420 </html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	421 ]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	422 return data;
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	423 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	424
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	425 local function handle_request(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	426 module:log("debug", "Received request")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	427
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	428 -- Make sure the host is enabled
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	429 local host = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	430 if not hosts[host] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	431 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	432 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	433
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	434 if request.url.path == "/"..base then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	435 -- OpenID Provider Endpoint
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	436 return handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	437 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	438 local id = request.url.path:match("^/"..base.."/(.+)$")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	439 if id then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	440 -- OpenID Identifier
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	441 return handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	442 else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	443 return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	444 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	445 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	446 end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	447
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	448 httpserver.new{ port = 5280, base = base, handler = handle_request, ssl = false}

Mercurial > prosody-modules

annotate mod_openid/mod_openid.lua @ 473:99b246b37809