-
Notifications
You must be signed in to change notification settings - Fork 0
/
persona.go
99 lines (81 loc) · 2.72 KB
/
persona.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package main
import (
"encoding/json"
"net/http"
"net/url"
"github.com/gorilla/securecookie"
"github.com/gorilla/sessions"
"github.com/joinmytalk/xlog"
)
type PersonaAuthHandler struct {
Audience string
SessionStore sessions.Store
DBStore *Store
SecureCookie *securecookie.SecureCookie
}
func (h *PersonaAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
session, err := h.SessionStore.Get(r, SESSIONNAME)
if err != nil {
xlog.Errorf("Error fetching session: %v", err)
session, _ = h.SessionStore.New(r, SESSIONNAME)
}
assertionData := struct {
Assertion string `json:"assertion"`
}{}
if err := json.NewDecoder(r.Body).Decode(&assertionData); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
form := url.Values{"assertion": []string{assertionData.Assertion}, "audience": []string{h.Audience}}
xlog.Debugf("Verifying Persona assertion...")
resp, err := http.PostForm("https://verifier.login.persona.org/verify", form)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
verifierResponse := struct {
Status string `json:"status"`
Email string `json:"email"`
Audience string `json:"audience"`
Expires uint64 `json:"expires"`
Issuer string `json:"issuer"`
}{}
if err := json.NewDecoder(resp.Body).Decode(&verifierResponse); err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
xlog.Debugf("Verifier response: %#v", verifierResponse)
if verifierResponse.Status != "okay" {
http.Error(w, "Not authenticated", http.StatusForbidden)
return
}
if userID, ok := session.Values["userID"].(int); ok {
xlog.Debugf("Persona: already logged in (userID = %d), connecting account", userID)
// we have a valid session -> connect account to user
username := "persona:" + verifierResponse.Email
err := h.DBStore.AddUser(username, userID)
if err != nil {
xlog.Errorf("Persona: error adding user: %v", err)
http.Error(w, err.Error(), http.StatusForbidden)
return
}
w.WriteHeader(http.StatusOK)
// TODO: maybe deliver some additional information?
} else {
username := "persona:" + verifierResponse.Email
xlog.Debugf("Persona: username = %s", username)
userID, err := h.DBStore.CreateUser(username)
if err != nil {
xlog.Errorf("Error creating user: %v", err)
http.Error(w, err.Error(), http.StatusForbidden)
}
xlog.Debugf("Persona: userID = %d", userID)
session.Values["userID"] = userID
session.Values["username"] = username
session.Values["email"] = verifierResponse.Email
session.Save(r, w)
xsrftoken, _ := h.SecureCookie.Encode(XSRFTOKEN, username)
http.SetCookie(w, &http.Cookie{Name: XSRFTOKEN, Value: xsrftoken, Path: "/"})
w.WriteHeader(http.StatusOK)
}
}