X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=scpubgit%2Fstemmaweb.git;a=blobdiff_plain;f=lib%2Fstemmaweb%2FController%2FUsers.pm;h=61ccbbc4504800b924674c7955b353a591f4d2bd;hp=accc85b80122edd3ce87dc3a0dba37e04b5fb918;hb=85990daf0e04461abd1b789fb283848dd583c134;hpb=19262e3d762f72b5117ab926bbedd81522a0ac32 diff --git a/lib/stemmaweb/Controller/Users.pm b/lib/stemmaweb/Controller/Users.pm index accc85b..61ccbbc 100644 --- a/lib/stemmaweb/Controller/Users.pm +++ b/lib/stemmaweb/Controller/Users.pm @@ -2,7 +2,15 @@ package stemmaweb::Controller::Users; use Moose; use namespace::autoclean; +use Google::JWT; + +use JSON::MaybeXS; +use JSON::WebToken; + +use MIME::Base64; + BEGIN {extends 'CatalystX::Controller::Auth'; } +with 'Catalyst::TraitFor::Controller::reCAPTCHA'; =head1 NAME @@ -10,7 +18,13 @@ stemmaweb::Controller::Users - Catalyst Controller =head1 DESCRIPTION -Catalyst Controller. +The Users controller is based on L, see +there for most of the functionality. Any localised parts are described +below. + +This controller uses L to +create and check a reCaptcha form shown on the C form to +help prevent spam signups. =head1 METHODS @@ -19,12 +33,14 @@ Catalyst Controller. sub base :Chained('/') :PathPart('') :CaptureArgs(0) { my ( $self, $c ) = @_; - + $self->next::method( $c ); } =head2 index +The index action is not currently used. + =cut sub index :Path :Args(0) { @@ -33,6 +49,83 @@ sub index :Path :Args(0) { $c->response->body('Matched stemmaweb::Controller::Users in Users.'); } +=head2 login with openid + +Logging in with openid/google requires two passes through the login +action, on the 2nd pass the C value is passed in when +the openid providing webserver links the user back to the stemmaweb +site. This adaptation to the C action sets the realm we are +authenticating against to be C in this case. + +=cut + +before login => sub { + my($self, $c) = @_; + $c->req->param( realm => 'openid') + if $c->req->param('openid-check'); +}; + +=head2 register with recaptcha + +This adapts the C action to add the recaptcha HTML to the +page, and verify the recaptcha info entered is correct when the form +is submitted. If the recaptcha is not correct, we just redisplay the +form with an error message. + +=cut + +before register => sub { + my ($self, $c) = @_; + + ## Puts HTML into stash in "recaptcha" key. + $c->forward('captcha_get'); + + ## When submitting, check recaptcha passes, else re-draw form + if($c->req->method eq 'POST') { + if(!$c->forward('captcha_check') || 0 ) { + ## Need these two lines to detach, so end can draw the correct template again: + my $form = $self->form_handler->new( active => [ $self->login_id_field, 'password', 'confirm_password' ] ); + $c->stash( template => $self->register_template, form => $form ); + + $c->detach(); + } + } +}; + +before login => sub { + my ($self, $c) = @_; + + if ($c->req->params->{email} && $c->req->params->{id_token}) { + + $c->req->param( realm => 'google'); + + } +}; + +=head2 success + +A stub page returned on login / registration success. + +=cut + +sub success :Local :Args(0) { + my ( $self, $c ) = @_; + + $c->load_status_msgs; + $c->stash->{template} = 'auth/success.tt'; +} + +=head2 post_logout + +Return to the index page, not to the login page. + +=cut + +sub post_logout { + my( $self, $c ) = @_; + $c->response->redirect( $c->uri_for_action( '/index' ) ); + $c->detach; +} =head1 AUTHOR