More comments
This commit is contained in:
parent
4d03b75951
commit
da41295b76
|
@ -80,6 +80,8 @@ sub extractFormInfo {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
# 1. Check Facebook responses
|
# 1. Check Facebook responses
|
||||||
|
|
||||||
|
# 1.1 Good responses
|
||||||
if ( my $code = $self->param('code') ) {
|
if ( my $code = $self->param('code') ) {
|
||||||
if ( my $access_token = $self->fb()->get_access_token( code => $code ) )
|
if ( my $access_token = $self->fb()->get_access_token( code => $code ) )
|
||||||
{
|
{
|
||||||
|
@ -141,6 +143,7 @@ sub extractFormInfo {
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# 1.2 Bad responses
|
||||||
if ( my $error_code = $self->param('error_code') ) {
|
if ( my $error_code = $self->param('error_code') ) {
|
||||||
my $error_message = $self->param('error_message');
|
my $error_message = $self->param('error_message');
|
||||||
$self->lmLog( "Facebook error code $error_code: $error_message",
|
$self->lmLog( "Facebook error code $error_code: $error_message",
|
||||||
|
|
|
@ -32,6 +32,7 @@ BEGIN {
|
||||||
sub googleEndPoint {
|
sub googleEndPoint {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
|
# First time, get and store Google endpoint
|
||||||
unless ($googleEndPoint) {
|
unless ($googleEndPoint) {
|
||||||
my $response =
|
my $response =
|
||||||
$self->ua()->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' );
|
$self->ua()->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' );
|
||||||
|
@ -40,17 +41,21 @@ sub googleEndPoint {
|
||||||
# Dirty XML parse
|
# Dirty XML parse
|
||||||
# (searching for <URI>https://www.google.com/accounts/o8/ud</URI>)
|
# (searching for <URI>https://www.google.com/accounts/o8/ud</URI>)
|
||||||
my $tmp = $response->decoded_content;
|
my $tmp = $response->decoded_content;
|
||||||
if ( $tmp =~ m#<URI.*?>(\S+)</URI>#mi ) {
|
if ( $tmp =~ m#<URI.*?>\s*(\S+)\s*</URI>#mi ) {
|
||||||
$googleEndPoint = $1;
|
$googleEndPoint = $1;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( 'Here is the Google response: '
|
$self->lmLog(
|
||||||
. $response->decoded_content );
|
'Here is the Google response: '
|
||||||
$self->abort('Can\'t find endpoint in Googe response');
|
. $response->decoded_content,
|
||||||
|
'error'
|
||||||
|
);
|
||||||
|
$self->abort('Can\'t find endpoint in Google response');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->abort('Can\'t access to Google endpoint');
|
$self->abort( 'Can\'t access to Google endpoint:',
|
||||||
|
$response->status_line );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $googleEndPoint;
|
return $googleEndPoint;
|
||||||
|
@ -85,7 +90,7 @@ sub checkGoogleSession {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else { # Parse AX response
|
||||||
|
|
||||||
# First store email as user key. Note that this is the returned value
|
# First store email as user key. Note that this is the returned value
|
||||||
# so if it's empty, request is retried
|
# so if it's empty, request is retried
|
||||||
|
@ -99,7 +104,7 @@ sub checkGoogleSession {
|
||||||
eval { tie %$h, $self->{persistentStorage}, undef, \%opts; };
|
eval { tie %$h, $self->{persistentStorage}, undef, \%opts; };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->abort(
|
$self->abort(
|
||||||
"Unable to create persistent session required to use Google backend: $@"
|
"Unable to create persistent session, required to use Google backend: $@"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -112,7 +117,7 @@ sub checkGoogleSession {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Retrieve AX datas
|
# Retrieve AX datas (and store them in persistent session)
|
||||||
foreach my $k ( $self->param() ) {
|
foreach my $k ( $self->param() ) {
|
||||||
if ( $k =~ /^openid\.$self->{_AXNS}\.value\.(\w+)$/ ) {
|
if ( $k =~ /^openid\.$self->{_AXNS}\.value\.(\w+)$/ ) {
|
||||||
$gs->{$1} = $h->{$1} = $self->param($k);
|
$gs->{$1} = $h->{$1} = $self->param($k);
|
||||||
|
@ -153,6 +158,8 @@ sub checkGoogleSession {
|
||||||
}
|
}
|
||||||
$self->{sessionInfo}->{$attr} = $gs->{$v};
|
$self->{sessionInfo}->{$attr} = $gs->{$v};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# If an exported variable is not AX compliant, just warn
|
||||||
else {
|
else {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
'Ignoring attribute '
|
'Ignoring attribute '
|
||||||
|
@ -162,7 +169,11 @@ sub checkGoogleSession {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Save persistent session
|
||||||
untie %$h if ($h);
|
untie %$h if ($h);
|
||||||
|
|
||||||
|
# Boolean value: ~false if no $user value
|
||||||
return $self->{user};
|
return $self->{user};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -197,7 +208,8 @@ sub extractFormInfo {
|
||||||
# Launch request
|
# Launch request
|
||||||
my $response = $self->ua()->get( $check_url, Accept => 'text/plain' );
|
my $response = $self->ua()->get( $check_url, Accept => 'text/plain' );
|
||||||
unless ( $response->is_success ) {
|
unless ( $response->is_success ) {
|
||||||
$self->abort('Can\'t verify Google authentication');
|
$self->abort( 'Can\'t verify Google authentication',
|
||||||
|
$response->status_line );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
my %tmp =
|
my %tmp =
|
||||||
|
@ -212,8 +224,8 @@ sub extractFormInfo {
|
||||||
# 1.2 Check if datas are already shared with Google
|
# 1.2 Check if datas are already shared with Google
|
||||||
unless ( $self->checkGoogleSession() ) {
|
unless ( $self->checkGoogleSession() ) {
|
||||||
|
|
||||||
# Datas are missing, prepare to launch a new request with
|
# Datas are missing, prepare AX query which will be added to
|
||||||
# AX request
|
# the request to Google
|
||||||
|
|
||||||
# a) email is required, will be used as 'user' field
|
# a) email is required, will be used as 'user' field
|
||||||
$ax =
|
$ax =
|
||||||
|
@ -228,11 +240,15 @@ sub extractFormInfo {
|
||||||
my $u;
|
my $u;
|
||||||
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
||||||
next if ( $k eq 'email' );
|
next if ( $k eq 'email' );
|
||||||
|
|
||||||
|
# Check if wanted attribute is known by Google
|
||||||
if ( $k =~
|
if ( $k =~
|
||||||
/^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ )
|
/^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ )
|
||||||
{
|
{
|
||||||
$ax .= ",$k";
|
$ax .= ",$k";
|
||||||
$u .= "&openid.ax.type.$k="
|
|
||||||
|
# Note: AX type seems to be required by Google
|
||||||
|
$u .= "&openid.ax.type.$k="
|
||||||
. {
|
. {
|
||||||
country =>
|
country =>
|
||||||
"http://axschema.org/contact/country/home",
|
"http://axschema.org/contact/country/home",
|
||||||
|
@ -265,27 +281,35 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2. Redirect user to Google login page:
|
# 2. Redirect user to Google login page:
|
||||||
# * no OpenID response or missing datas
|
# => no OpenID response or missing datas
|
||||||
|
|
||||||
|
# Build request to Google
|
||||||
my $check_url =
|
my $check_url =
|
||||||
$self->googleEndPoint()
|
$self->googleEndPoint()
|
||||||
. '?openid.mode=checkid_setup'
|
. '?openid.mode=checkid_setup'
|
||||||
. '&openid.ns=http://specs.openid.net/auth/2.0'
|
. '&openid.ns=http://specs.openid.net/auth/2.0'
|
||||||
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
|
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
|
||||||
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
|
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
|
||||||
. $ax;
|
. $ax; # Requested attributes if set
|
||||||
my $sep = '?';
|
|
||||||
my $ret = $self->{portal};
|
# Build portal URI...
|
||||||
|
my $sep = '?';
|
||||||
|
my $returnTo = $self->{portal};
|
||||||
foreach my $v (
|
foreach my $v (
|
||||||
[ $self->{_url}, "url" ],
|
[ $self->{_url}, "url" ],
|
||||||
[ $self->param( $self->{authChoiceParam} ), $self->{authChoiceParam} ]
|
[ $self->param( $self->{authChoiceParam} ), $self->{authChoiceParam} ]
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if ( $v->[0] ) {
|
if ( $v->[0] ) {
|
||||||
$ret .= "$sep$v->[1]=$v->[0]";
|
$returnTo .= "$sep$v->[1]=$v->[0]";
|
||||||
$sep = '&';
|
$sep = '&';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$check_url .= '&openid.return_to=' . uri_escape_utf8($ret);
|
|
||||||
|
# ... and add it
|
||||||
|
$check_url .= '&openid.return_to=' . uri_escape_utf8($returnTo);
|
||||||
|
|
||||||
|
# Now redirect user
|
||||||
print $self->redirect($check_url);
|
print $self->redirect($check_url);
|
||||||
$self->quit();
|
$self->quit();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user