Implement redirect after a successful authentication option.

5 files changed, 47 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index 910b246..7a816f5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+0.3
+  - Add support for redirect after authenticate = clean url
+
 0.2
   - Add support for POST'd responses from IDP.
   - Fix problems with apache restarting and associations going away.
diff --git a/configure.in b/configure.in
index e853b8b..25942c0 100644
--- a/configure.in
+++ b/configure.in
@@ -36,8 +36,8 @@ dnl  Stef Walter <stef@memberwebs.com>
 dnl 
 
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(mod_auth_singleid, 0.2, stef@memberwebs.com)
-AM_INIT_AUTOMAKE(mod_auth_singleid, 0.2)
+AC_INIT(mod_auth_singleid, 0.3, stef@memberwebs.com)
+AM_INIT_AUTOMAKE(mod_auth_singleid, 0.3)
 
 AC_CONFIG_SRCDIR([module/mod_auth_singleid.c])
 AM_CONFIG_HEADER([config.h])
diff --git a/module/consumer.cc b/module/consumer.cc
index e4d2906..3d1686c 100644
--- a/module/consumer.cc
+++ b/module/consumer.cc
@@ -641,3 +641,26 @@ sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store,
 		begin_auth (req, consumer, trust_root, identity, attributes);
 	}
 }
+
+void
+sid_consumer_redirect_after (sid_request_t *req)
+{
+	assert (req);
+
+	const char *qs = sid_request_qs (req);
+
+	params_t params;
+	parse_query_string (qs, params);
+
+	params_t unused;
+	filter_prefixed_params (params, unused, "openid.");
+
+	string url = sid_request_url (req, 1);
+	if (!params.empty())
+		url = params.append_query (url, "");
+
+	sid_request_respond_headers (req, 302, "Found",
+	                             "Location", url.c_str(),
+	                             "Cache-Control", "no-cache",
+	                             NULL);
+}
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 3559ddd..13770fd 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -107,6 +107,7 @@ typedef struct sid_context {
 	ap_regex_t *converter;
 	sid_storage_t *store;
 	sid_attribute_t *attributes;
+	int redirect_after;
 } sid_context_t;
 
 #define SID_AUTHTYPE   "SingleID"
@@ -347,7 +348,8 @@ dir_config_creator (apr_pool_t* p, char* dir)
 	sid_context_t* ctx = apr_pcalloc (p, sizeof (*ctx));
 	memset (ctx, 0, sizeof (*ctx));
 	ctx->cookie_name = "mod-auth-singleid";
-  	return ctx;
+	ctx->redirect_after = 1;
+	return ctx;
 }
 
 static const char*
@@ -513,6 +515,14 @@ set_attribute (cmd_parms *cmd, void *config, const char *val)
 	return NULL;
 }
 
+static const char*
+set_redirect (cmd_parms *cmd, void *config, int val)
+{
+	sid_context_t *ctx = config;
+	ctx->redirect_after = val;
+	return NULL;
+}
+
 static const command_rec command_table[] = {
 	AP_INIT_TAKE1 ("SingleIdProvider", set_identifier, NULL, OR_AUTHCFG,
 	               "The OpenID identifier we should perform identifier selection on when authenticating" ),
@@ -526,6 +536,8 @@ static const command_rec command_table[] = {
 	                 "How to convert an OpenID identifier into a user name" ),
 	AP_INIT_RAW_ARGS ("SingleIdAttribute", set_attribute, NULL, OR_AUTHCFG,
 	                  "Specify an attribute exchange url and alias."),
+	AP_INIT_FLAG ("SingleIdRedirect", set_redirect, NULL, OR_AUTHCFG,
+	              "Redirect after authentication for a clean bookmarkable URL."),
 	{ NULL }
 };
 
@@ -1141,8 +1153,11 @@ hook_authenticate (request_rec* r)
 		ap_set_module_config (r->request_config, &auth_singleid_module, sess);
 
 		/* If we actually authenticated the user, then set the cookie */
-		if (authenticated)
+		if (authenticated) {
 			session_send_info (ctx, r, sess);
+			if (ctx->redirect_after)
+				sid_consumer_redirect_after (&req);
+		}
 	}
 
 	/* If any output, send it */
diff --git a/module/mod_auth_singleid.h b/module/mod_auth_singleid.h
index ade55b2..0c9b6d8 100644
--- a/module/mod_auth_singleid.h
+++ b/module/mod_auth_singleid.h
@@ -139,6 +139,8 @@ void              sid_consumer_authenticate      (sid_request_t *req,
                                                   const char *identity,
                                                   sid_attribute_t *attributes);
 
+void              sid_consumer_redirect_after    (sid_request_t *req);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif