openid_login_generatorのcontrollerをruby-openidのexampleをみながら直した
一個前の続き。
とりあえず、コントローラーをexampleみながら
直した。とりあえず、これでやってみる。
require "pathname" require "openid" require 'openid/extensions/sreg' require 'openid/extensions/pape' require 'openid/store/filesystem' class OpenidController < ApplicationController layout 'scaffold' def index end # login # URLを入力してredirect. def login begin oidreq = consumer.begin(params[:openid_url]) rescue OpenID::OpenIDError => e flash[:error] = "Discovery failed for #{params[:openid_url]}: #{e}" redirect_to :action => 'index' return end #SREG if params[:use_sreg] sregreq = OpenID::SReg::Request.new # required fields sregreq.request_fields(['email','nickname'], true) # optional fields sregreq.request_fields(['dob', 'fullname'], false) oidreq.add_extension(sregreq) oidreq.return_to_args['did_sreg'] = 'y' end #PAPE if params[:use_pape] papereq = OpenID::PAPE::Request.new papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT) papereq.max_auth_age = 2*60*60 oidreq.add_extension(papereq) oidreq.return_to_args['did_pape'] = 'y' end #ForcePost if params[:force_post] oidreq.return_to_args['force_post']='x'*2048 end return_to = url_for :action => 'complete', :only_path => false realm = url_for :action => 'index', :only_path => false #redirect if oidreq.send_redirect?(realm, return_to, params[:immediate]) redirect_to oidreq.redirect_url(realm, return_to, params[:immediate]) else @form_text = oidreq.form_markup(realm, return_to, params[:immediate], {'id' => 'openid_form'}) end end # OpenIDProviderからのresponse def complete # FIXME - url_for some action is not necessarily the current URL. current_url = url_for(:action => 'complete', :only_path => false) parameters = params.reject{|k,v|request.path_parameters[k]} oidresp = consumer.complete(parameters, current_url) case oidresp.status when OpenID::Consumer::FAILURE if oidresp.display_identifier flash[:error] = ("Verification of #{oidresp.display_identifier}"\ " failed: #{oidresp.message}") else flash[:error] = "Verification failed: #{oidresp.message}" end redirect_to :action => "index" return when OpenID::Consumer::SUCCESS flash[:success] = ("Verification of #{oidresp.display_identifier}"\ " succeeded.") if params[:did_sreg] sreg_resp = OpenID::SReg::Response.from_success_response(oidresp) sreg_message = "Simple Registration data was requested" if sreg_resp.empty? sreg_message << ", but none was returned." else sreg_message << ". The following data were sent:" sreg_resp.data.each {|k,v| sreg_message << "<br/><b>#{k}</b>: #{v}" } end flash[:sreg_results] = sreg_message end if params[:did_pape] pape_resp = OpenID::PAPE::Response.from_success_response(oidresp) pape_message = "A phishing resistant authentication method was requested" if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT pape_message << ", and the server reported one." else pape_message << ", but the server did not report one." end if pape_resp.auth_age pape_message << "<br><b>Authentication age:</b> #{pape_resp.auth_age} seconds" end if pape_resp.nist_auth_level pape_message << "<br><b>NIST Auth Level:</b> #{pape_resp.nist_auth_level}" end flash[:pape_results] = pape_message end #ここでuserに書く @user = User.get(oidresp.identity_url) @user = User.new(:openid_url => oidresp.identity_url) @user.save #ここでログイン処理 session[:user_id] = @user.id #ログイン後ページにリダイレクト redirect_to :action => "welcome" return when OpenID::Consumer::SETUP_NEEDED flash[:alert] = "Immediate request failed - Setup Needed" redirect_to :action => "index" return when OpenID::Consumer::CANCEL flash[:alert] = "OpenID transaction cancelled." redirect_to :action => "index" return else redirect_to :action => "index" return end end def logout session[:user_id] = nil end def welcome end private # Get the OpenID::Consumer object. def consumer if @consumer.nil? dir = Pathname.new(RAILS_ROOT).join('db').join('cstore') store = OpenID::Store::Filesystem.new(dir) @consumer = OpenID::Consumer.new(session, store) end return @consumer end # get the logged in user object def find_user return nil if session[:user_id].nil? User.find(session[:user_id]) end end
