1 files changed, 64 insertions, 0 deletions

diff --git a/lib/nola_web/controllers/open_id_controller.ex b/lib/nola_web/controllers/open_id_controller.ex
new file mode 100644
index 0000000..d3fef5d
--- /dev/null
+++ b/lib/nola_web/controllers/open_id_controller.ex
@@ -0,0 +1,64 @@
+defmodule NolaWeb.OpenIdController do
+  use NolaWeb, :controller
+  plug NolaWeb.ContextPlug, restrict: :public
+  require Logger
+
+  def login(conn, _) do
+    url = OAuth2.Client.authorize_url!(new_client(), scope: "openid", state: Base.url_encode64(:crypto.strong_rand_bytes(32), padding: false))
+    redirect(conn, external: url)
+  end
+
+  def callback(conn, %{"error" => error_code, "error_description" => error}) do
+    Logger.warn("OpenId error: #{error_code} #{error}")
+    render(conn, "error.html", error: error)
+  end
+
+  def callback(conn, %{"code" => code, "state" => state}) do
+    with \
+         client = %{token: %OAuth2.AccessToken{access_token: json}} = OAuth2.Client.get_token!(new_client(), state: state, code: code),
+         {:ok, %{"access_token" => token}} <- Jason.decode(json),
+           client = %OAuth2.Client{client | token: %OAuth2.AccessToken{access_token: token}},
+         {:ok, %OAuth2.Response{body: body}} <- OAuth2.Client.get(client, "/userinfo"),
+         {:ok, %{"sub" => id, "preferred_username" => username}} <- Jason.decode(body)
+    do
+      if account = conn.assigns.account do
+          if !IRC.Account.get_meta(account, "identity-id") do # XXX: And oidc id not linked yet
+            IRC.Account.put_meta(account, "identity-id", id)
+          end
+          IRC.Account.put_meta(account, "identity-username", username)
+          conn
+      else
+        conn
+      end
+
+      conn
+      |> put_session(:oidc_id, id)
+      |> put_flash(:info, "Logged in!")
+      |> redirect(to: Routes.path(conn, "/"))
+    else
+      {:error, %OAuth2.Response{status_code: 401}} ->
+        Logger.error("OpenID: Unauthorized token")
+        render(conn, "error.html", error: "The token is invalid.")
+      {:error, %OAuth2.Error{reason: reason}} ->
+        Logger.error("Error: #{inspect reason}")
+        render(conn, "error.html", error: reason)
+    end
+  end
+
+  def callback(conn, _params) do
+    render(conn, "error.html", error: "Unspecified error.")
+  end
+
+  defp new_client() do
+    config = Application.get_env(:nola, :oidc)
+    OAuth2.Client.new([
+      strategy: OAuth2.Strategy.AuthCode,
+      client_id: config[:client_id],
+      client_secret: config[:client_secret],
+      site: config[:base_url],
+      authorize_url: config[:authorize_url],
+      token_url: config[:token_url],
+      redirect_uri: Routes.open_id_url(NolaWeb.Endpoint, :callback)
+    ])
+  end
+end