Initial OpenID controller to serve OpenID login

oiami · oiami · commit 867eb32f30fc · 2014-11-05T22:11:53.000+01:00
diff --git a/lib/MetaCPAN/Server/Controller/Login/OpenID.pm b/lib/MetaCPAN/Server/Controller/Login/OpenID.pm
@@ -0,0 +1,92 @@
+package MetaCPAN::Server::Controller::Login::OpenID;
+
+use strict;
+use warnings;
+
+use Moose;
+use Net::OpenID::Consumer;
+use LWP::UserAgent::Paranoid;
+use MooseX::ClassAttribute;
+
+BEGIN { extends 'MetaCPAN::Server::Controller::Login' }
+
+class_has '_ua' => (
+    is      => 'ro',
+    isa     => 'LWP::UserAgent::Paranoid',
+    lazy    => 1,
+    builder => '_build_ua',
+);
+
+sub _build_ua {
+    LWP::UserAgent::Paranoid->new(
+        protocols_allowed => [ 'http', 'https' ],
+        request_timeout   => 10,
+        resolver          => Net::DNS::Paranoid->new(),
+    );
+}
+
+has 'sreg' => (
+    is      => 'rw',
+    isa     => 'Str',
+    default => 'http://openid.net/extensions/sreg/1.1',
+);
+
+sub index : Path {
+    my ( $self, $c ) = @_;
+    my $claimed_uri = $c->req->params->{openid_identifier};
+    my $csr         = Net::OpenID::Consumer->new(
+        ua            => $self->_ua,
+        required_root => $c->uri_for(q{/}),
+        args          => $c->req->params,
+        consumer_secret =>
+            $c->config->{'Controller::Login::OpenID'}->{secret_key},
+        assoc_options => [
+            max_encrypt              => 1,
+            session_no_encrypt_https => 1,
+        ],
+    );
+    if ($claimed_uri) {
+        if ( my $claimed_identity = $csr->claimed_identity("$claimed_uri") ) {
+            $claimed_identity->set_extension_args(
+                $self->sreg,
+                {
+                    optional => 'email,fullname',
+                },
+            );
+
+            my $check_url = $claimed_identity->check_url(
+                return_to      => $c->uri_for( $self->action_for('index') ),
+                trust_root     => $c->uri_for(q{/}),
+                delayed_return => 1,
+            );
+
+            $c->res->redirect($check_url);
+        }
+        else {
+            $c->controller('OAuth2')->redirect( $c, error => $csr->err );
+        }
+    }
+
+    if ( $c->req->params->{'openid.mode'} ) {
+        if ( $csr->setup_needed and my $setup_url = $csr->user_setup_url ) {
+            $c->res->redirect($setup_url);
+        }
+        elsif ( $csr->user_cancel ) {
+            $c->controller('OAuth2')
+                ->redirect( $c, error => 'access denied' );
+        }
+        elsif ( my $vident = $csr->verified_identity ) {
+            my $user_data = $vident->signed_extension_fields( $self->sreg );
+            $self->update_user(
+                $c,
+                openid => $vident->url,
+                $user_data,
+            );
+        }
+        else {
+            $c->controller('OAuth2')->redirect( $c, error => $csr->err );
+        }
+    }
+}
+
+1;
diff --git a/t/server/controller/login/openid.t b/t/server/controller/login/openid.t
@@ -0,0 +1,31 @@
+use strict;
+use warnings;
+use utf8;
+
+use JSON qw( decode_json );
+use MetaCPAN::Server::Test;
+use Test::More;
+use Test::OpenID::Server;
+
+my $openid_server = Test::OpenID::Server->new;
+my $url           = $openid_server->started_ok('start server');
+
+test_psgi app, sub {
+    my $cb = shift;
+    require MetaCPAN::Server::Controller::Login::OpenID;
+
+    MetaCPAN::Server::Controller::Login::OpenID->_ua->resolver
+        ->whitelisted_hosts( [ 'localhost', '127.0.0.1' ] );
+
+    ok( my $res = $cb->( GET "/login/openid?openid_identifier=$url/test" ),
+        'login with test URL' );
+    like( $res->header('location'),
+        qr/openid.server/, 'get correct OpenID server url' );
+    ok( $res = $cb->( GET "/login/openid?openid_identifier=$url/unknown" ),
+        'get unknown ID page' );
+    my $body = decode_json( $res->content );
+    like( $body->{error}, qr/no_identity_server/,
+        'get descriptive error for unknown ID' );
+};
+
+done_testing();
