prosody-modules: mod_openid/mod_openid.lua@5f1120c284c5 (annotated)

3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	1	local usermanager = require "core.usermanager"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	2	local httpserver = require "net.httpserver"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	3	local jidutil = require "util.jid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	4	local hmac = require "hmac"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	5
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	6	local base64 = require "util.encodings".base64
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	7
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	8	local humane = require "util.serialization".serialize
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	9
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	10	-- Configuration
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	11	local base = "openid"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	12	local openidns = "http://specs.openid.net/auth/2.0" -- [#4.1.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	13	local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	14
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	15	local associations = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	16
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	17	local function genkey(length)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	18	-- FIXME not cryptographically secure
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	19	str = {}
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	20
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	21	for i = 1,length do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	22	local rand = math.random(33, 126)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	23	table.insert(str, string.char(rand))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	24	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	25
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	26	return table.concat(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	27	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	28
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	29	local function tokvstring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	30	-- key-value encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	31	local str = ""
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	32
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	33	for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	34	str = str..k..":"..v.."\n"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	35	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	36
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	37	return str
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	38	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	39
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	40	local function newassoc(key, shared)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	41	-- TODO don't use genkey here
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	42	local handle = genkey(16)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	43	associations[handle] = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	44	associations[handle]["key"] = key
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	45	associations[handle]["shared"] = shared
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	46	associations[handle]["time"] = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	47	return handle
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	48	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	49
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	50	local function split(str, sep)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	51	local splits = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	52	str:gsub("([^.."..sep.."]*)"..sep, function(c) table.insert(splits, c) end)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	53	return splits
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	54	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	55
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	56	local function sign(response, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	57	local fields = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	58
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	59	for _,field in pairs(split(response["openid.signed"],",")) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	60	fields[field] = response["openid."..field]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	61	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	62
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	63	-- [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	64	return base64.encode(hmac.sha256(key, tokvstring(fields)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	65	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	66
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	67	local function urlencode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	68	return (string.gsub(s, "%W",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	69	function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	70	return string.format("%%%02X", string.byte(str))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	71	end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	72	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	73
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	74	local function urldecode(s)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	75	return(string.gsub(string.gsub(s, "+", " "), "%%(%x%x)",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	76	function(str)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	77	return string.char(tonumber(str,16))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	78	end))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	79	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	80
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	81	local function utctime()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	82	local now = os.time()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	83	local diff = os.difftime(now, os.time(os.date("!*t", now)))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	84	return now-diff
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	85	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	86
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	87	local function nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	88	-- generate a response nonce [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	89	local random = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	90	for i=0,10 do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	91	random = random..string.char(math.random(33,126))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	92	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	93
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	94	local timestamp = os.date("%Y-%m-%dT%H:%M:%SZ", utctime())
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	95
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	96	return timestamp..random
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	97	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	98
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	99	local function query_params(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	100	if type(query) == "string" and #query > 0 then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	101	if query:match("=") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	102	local params = {}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	103	for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	104	if k and v then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	105	params[urldecode(k)] = urldecode(v)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	106	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	107	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	108	return params
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	109	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	110	return urldecode(query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	111	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	112	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	113	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	114
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	115	local function split_host_port(combined)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	116	local host = combined
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	117	local port = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	118	local cpos = string.find(combined, ":")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	119	if cpos ~= nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	120	host = string.sub(combined, 0, cpos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	121	port = string.sub(combined, cpos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	122	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	123
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	124	return host, port
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	125	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	126
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	127	local function toquerystring(dict)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	128	-- query string encoding for a dictionary [#4.1.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	129	local str = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	130
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	131	for k,v in pairs(dict) do
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	132	str = str..urlencode(k).."="..urlencode(v).."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	133	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	134
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	135	return string.sub(str, 0, -1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	136	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	137
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	138	local function match_realm(url, realm)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	139	-- FIXME do actual match [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	140	return true
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	141	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	142
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	143	local function handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	144	module:log("debug", "Request at OpenID provider endpoint")
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	145
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	146	local params = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	147
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	148	if method == "GET" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	149	params = query_params(request.url.query)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	150	elseif method == "POST" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	151	params = query_params(body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	152	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	153	-- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	154	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	155	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	156
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	157	module:log("debug", "Request Parameters:\n"..humane(params))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	158
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	159	if params["openid.ns"] == openidns then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	160	-- OpenID 2.0 request [#5.1.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	161	if params["openid.mode"] == "associate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	162	-- Associate mode [#8]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	163	-- TODO implement association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	164
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	165	-- Error response [#8.2.4]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	166	local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	167	["ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	168	["session_type"] = params["openid.session_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	169	["assoc_type"] = params["openid.assoc_type"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	170	["error"] = "Association not supported... yet",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	171	["error_code"] = "unsupported-type",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	172	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	173
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	174	local kvresponse = tokvstring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	175	module:log("debug", "OpenID Response:\n"..kvresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	176	return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	177	headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	178	["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	179	},
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	180	body = kvresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	181	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	182	elseif params["openid.mode"] == "checkid_setup" or params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	183	-- Requesting authentication [#9]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	184	if not params["openid.realm"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	185	-- set realm to default value of return_to [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	186	if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	187	params["openid.realm"] = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	188	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	189	-- neither was sent, error [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	190	-- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	191	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	192	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	193	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	194
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	195	if params["openid.return_to"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	196	-- Assure that the return_to url matches the realm [#9.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	197	if not match_realm(params["openid.return_to"], params["openid.realm"]) then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	198	-- FIXME return proper error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	199	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	200	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	201
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	202	-- Verify the return url [#9.2.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	203	-- TODO implement return url verification
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	204	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	205
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	206	if params["openid.claimed_id"] and params["openid.identity"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	207	-- asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	208
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	209	if params["openid.identity"] == "http://specs.openid.net/auth/2.0/identifier_select" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	210	-- automatically select an identity [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	211	params["openid.identity"] = params["openid.claimed_id"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	212	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	213
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	214	if params["openid.mode"] == "checkid_setup" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	215	-- Check ID Setup mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	216	-- TODO implement: NEXT STEP
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	217	local head = "<title>Prosody OpenID : Login</title>"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	218	local body = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	219	<p>Open ID Authentication<p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	220	<p>Identifier: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	221	<p>Realm: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	222	<p>Return: <tt>%s</tt></p>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	223	<form method="POST" action="%s">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	224	Jabber ID: <input type="text" name="jid"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	225	Password: <input type="password" name="password"/><br/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	226	<input type="hidden" name="openid.return_to" value="%s"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	227	<input type="submit" value="Authenticate"/>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	228	</form>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	229	]], params["openid.claimed_id"], params["openid.realm"], params["openid.return_to"], base, params["openid.return_to"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	230
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	231	return string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	232	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	233	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	234	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	235	<head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	236	<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	237	%s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	238	</head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	239	<body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	240	%s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	241	</body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	242	</html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	243	]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	244	elseif params["openid.mode"] == "checkid_immediate" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	245	-- Check ID Immediate mode [#9.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	246	-- TODO implement check id immediate
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	247	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	248	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	249	-- not asserting an identifier [#9.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	250	-- used for extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	251	-- TODO implement common extensions
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	252	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	253	elseif params["openid.mode"] == "check_authentication" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	254	module:log("debug", "OpenID Check Authentication Mode")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	255	local assoc = associations[params["openid.assoc_handle"]]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	256	module:log("debug", "Checking Association Handle: "..params["openid.assoc_handle"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	257	if assoc and not assoc["shared"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	258	module:log("debug", "Found valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	259	local sig = sign(params, assoc["key"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	260
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	261	local is_valid = "false"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	262	if sig == params["openid.sig"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	263	is_valid = "true"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	264	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	265
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	266	module:log("debug", "Signature is: "..is_valid)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	267
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	268	openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	269	ns = openidns,
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	270	is_valid = is_valid,
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	271	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	272
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	273	-- Delete this association
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	274	associations[params["openid.assoc_handle"]] = nil
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	275	return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	276	headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	277	["Content-Type"] = "text/plain"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	278	},
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	279	body = tokvstring(openidresponse),
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	280	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	281	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	282	module:log("debug", "No valid association")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	283	-- TODO return error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	284	-- Invalidate the handle [#11.4.2.2]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	285	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	286	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	287	-- Some other mode
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	288	-- TODO error
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	289	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	290	elseif params["password"] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	291	-- User is authenticating
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	292	local user, domain = jidutil.split(params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	293	module:log("debug", "Authenticating "..params["jid"].." ("..user..","..domain..") with password: "..params["password"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	294	local valid = usermanager.validate_credentials(domain, user, params["password"], "PLAIN")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	295	if valid then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	296	module:log("debug", "Authentication Succeeded: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	297	if params["openid.return_to"] ~= "" then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	298	-- TODO redirect the user to return_to with the openid response
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	299	-- included, need to handle the case if its a GET, that there are
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	300	-- existing query parameters on the return_to URL [#10.1]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	301	local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	302	local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	303	if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	304	endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	305	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	306	endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	307	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	308
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	309	local nonce = nonce()
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	310	local key = genkey(32)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	311	local assoc_handle = newassoc(key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	312
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	313	local openidresponse = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	314	["openid.ns"] = openidns,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	315	["openid.mode"] = "id_res",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	316	["openid.op_endpoint"] = endpointurl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	317	["openid.claimed_id"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	318	["openid.identity"] = endpointurl.."/"..user,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	319	["openid.return_to"] = params["openid.return_to"],
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	320	["openid.response_nonce"] = nonce,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	321	["openid.assoc_handle"] = assoc_handle,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	322	["openid.signed"] = "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce", -- FIXME
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	323	["openid.sig"] = nil,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	324	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	325
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	326	openidresponse["openid.sig"] = sign(openidresponse, key)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	327
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	328	queryresponse = toquerystring(openidresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	329
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	330	redirecturl = params["openid.return_to"]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	331	-- add the parameters to the return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	332	if redirecturl:match("?") then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	333	redirecturl = redirecturl.."&"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	334	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	335	redirecturl = redirecturl.."?"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	336	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	337
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	338	redirecturl = redirecturl..queryresponse
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	339
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	340	module:log("debug", "Open ID Positive Assertion Response Table:\n"..humane(openidresponse))
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	341	module:log("debug", "Open ID Positive Assertion Response URL:\n"..queryresponse)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	342	module:log("debug", "Redirecting User to:\n"..redirecturl)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	343	return {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	344	status = "303 See Other",
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	345	headers = {
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	346	Location = redirecturl,
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	347	},
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	348	body = "Redirecting to: "..redirecturl -- TODO Include a note with a hyperlink to redirect
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	349	}
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	350	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	351	-- TODO Do something useful is there is no return_to
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	352	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	353	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	354	module:log("debug", "Authentication Failed: "..params["jid"])
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	355	-- TODO let them try again
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	356	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	357	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	358	-- Not an Open ID request, do something useful
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	359	-- TODO
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	360	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	361
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	362	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	363	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	364
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	365	local function handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	366	module:log("debug", "Request at OpenID identifier")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	367	local host, port = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	368
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	369	local user_name = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	370	local user_domain = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	371	local apos = string.find(id, "@")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	372	if apos == nil then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	373	user_name = id
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	374	user_domain = host
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	375	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	376	user_name = string.sub(id, 0, apos-1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	377	user_domain = string.sub(id, apos+1)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	378	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	379
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	380	user, domain = jidutil.split(id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	381
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	382	local exists = usermanager.user_exists(user_name, user_domain)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	383
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	384	if not exists then
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	385	return response_404
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	386	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	387
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	388	local endpointurl = ""
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	389	if port == '' then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	390	endpointurl = string.format("http://%s/%s", host, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	391	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	392	endpointurl = string.format("http://%s:%s/%s", host, port, base)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	393	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	394
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	395	local head = string.format("<title>Prosody OpenID : %s@%s</title>", user_name, user_domain)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	396	-- OpenID HTML discovery [#7.3]
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	397	head = head .. string.format('<link rel="openid2.provider" href="%s" />', endpointurl)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	398
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	399	local content = 'request.url.path: ' .. request.url.path .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	400	content = content .. 'host+port: ' .. request.headers.host .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	401	content = content .. 'host: ' .. tostring(host) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	402	content = content .. 'port: ' .. tostring(port) .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	403	content = content .. 'user_name: ' .. user_name .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	404	content = content .. 'user_domain: ' .. user_domain .. '<br/>'
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	405	content = content .. 'exists: ' .. tostring(exists) .. '<br/>'
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	406
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	407	local body = string.format('<p>%s</p>', content)
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 3 diff changeset	408
3 723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	409	local data = string.format([[
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	410	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	411	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	412	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	413	<head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	414	<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	415	%s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	416	</head>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	417	<body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	418	%s
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	419	</body>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	420	</html>
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	421	]], head, body)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	422	return data;
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	423	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	424
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	425	local function handle_request(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	426	module:log("debug", "Received request")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	427
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	428	-- Make sure the host is enabled
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	429	local host = split_host_port(request.headers.host)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	430	if not hosts[host] then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	431	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	432	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	433
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	434	if request.url.path == "/"..base then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	435	-- OpenID Provider Endpoint
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	436	return handle_endpoint(method, body, request)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	437	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	438	local id = request.url.path:match("^/"..base.."/(.+)$")
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	439	if id then
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	440	-- OpenID Identifier
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	441	return handle_identifier(method, body, request, id)
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	442	else
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	443	return response_404
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	444	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	445	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	446	end
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	447
723fd785815f mod_openid: Initial commit Dwayne Bent <dbb.0@liqd.org> parents: diff changeset	448	httpserver.new{ port = 5280, base = base, handler = handle_request, ssl = false}

author	Matthew Wild <mwild1@gmail.com>
	Sat, 24 Sep 2022 09:26:26 +0100
changeset 5063	5f1120c284c5
parent 1343	7dbde05b48a9
permissions	-rw-r--r--