X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2Fstemmaweb%2FAuthentication%2FCredential%2FGoogle.pm;h=267127f3e32e638030d3f4c7933f1421f23d34b6;hb=c13343b3881c35e0c1acfb575a93ade1cc22abaa;hp=ec8ec8a5a207e6b54c508ef23f541490b3333c57;hpb=b1d9ab02c0b3c923596ebae9d3e2e4c45397c8f7;p=scpubgit%2Fstemmaweb.git

diff --git a/lib/stemmaweb/Authentication/Credential/Google.pm b/lib/stemmaweb/Authentication/Credential/Google.pm
index ec8ec8a..267127f 100644
--- a/lib/stemmaweb/Authentication/Credential/Google.pm
+++ b/lib/stemmaweb/Authentication/Credential/Google.pm
@@ -28,8 +28,6 @@ sub new {
     my ($class, $config, $app, $realm) = @_;
     $class = ref $class || $class;
 
-    warn "MEEP\n\n";
-
     my $self = {
         _config => $config,
         _app    => $app,
@@ -46,23 +44,21 @@ sub authenticate {
     $id_token ||= $c->req->method eq 'GET' ?
         $c->req->query_params->{id_token} : $c->req->body_params->{id_token};
 
-    use Data::Dumper;
-    $c->log->debug(Dumper $authinfo);
-
     if (!$id_token) {
         Catalyst::Exception->throw("id_token not specified.");
     }
 
-    my $userinfo = $self->decode($id_token);
+    my $email = $authinfo->{email};
+    $email ||= $c->req->method eq 'GET' ? $c->req->query_params->{email} :
+    $c->req->body_params->{email};
 
-    use Data::Dumper;
-    $c->log->debug(Dumper $userinfo);
+    my $userinfo = $self->decode($id_token);
+    $userinfo->{email} = $authinfo->{email};
 
     my $sub = $userinfo->{sub};
     my $openid = $userinfo->{openid_id};
 
-    $c->log->debug($sub);
-    $c->log->debug($openid);
+    $userinfo->{email} = $email if $email;
 
     if (!$sub || !$openid) {
         Catalyst::Exception->throw(
@@ -71,48 +67,7 @@ sub authenticate {
         );
     }
 
-    # Do we have a user with the google id already?
-    my $user = $realm->find_user({
-            id => $sub
-        });
-
-    if ($user) {
-        return $user;
-    }
-
-    # Do we have a user with the openid?
-
-    $user = $realm->find_user({
-            url => $openid
-        });
-
-    if (!$user) {
-        throw ("Could not find a user with that openid or sub!");
-    }
-
-    my $new_user = $realm->add_user({
-            username => $sub,
-            password => $user->password,
-            role     => $user->role,
-            active   => $user->active,
-        });
-
-    foreach my $t (@{ $user->traditions }) {
-        $new_user->add_tradition($t);
-    }
-
-    warn ($new_user->id);
-
-    warn (scalar @{$user->traditions});
-    warn (scalar @{$new_user->traditions});
-
-    use Data::Dumper;
-    warn (Dumper($user->id));
-
-    $realm->delete_user({ username => $user->id });
-
-
-    return $new_user;
+    return $realm->find_user($userinfo, $c);
 }
 
 =head1 METHODS
@@ -142,8 +97,42 @@ Decoded JSON object containing certificates.
 sub retrieve_certs {
     my ($self, $url) = @_;
 
-    $url ||= 'https://www.googleapis.com/oauth2/v1/certs';
-    return decode_json(get($url));
+    my $c = $self->{_app};
+    my $cached = 0;
+    my $certs;
+    my $cache;
+
+    $url ||= ( $c->config->{'Authentication::Credential::Google'}->{public_cert_url} || 'https://www.googleapis.com/oauth2/v1/certs' );
+
+    if ( ($c->registered_plugins('Catalyst::Plugin::Cache')) && ($cache = $c->cache) ) {
+        if ($certs = $cache->get('certs')) {
+            $certs = decode_json($certs);
+
+            foreach my $key (keys %$certs) {
+                my $cert = $certs->{$key};
+                my $x509 = Crypt::OpenSSL::X509->new_from_string($cert);
+
+                if ($self->is_cert_expired($x509)) {
+                    $cached = 0;
+                    last;
+                } else {
+                    $cached = 1;
+                }
+            }
+        }
+    }
+
+    if (!$cached) {
+        my $certs_encoded = get($url);
+
+        if ($cache) {
+            $cache->set('certs', $certs_encoded);
+        }
+
+        $certs = decode_json($certs_encoded);
+    }
+
+    return $certs;
 }
 
 =head2 get_key_from_cert