add support for registering

5 files changed, 107 insertions, 24 deletions

diff --git a/application.py b/application.py
index 09a29fd..4f8a86b 100644
--- a/application.py
+++ b/application.py
@@ -38,8 +38,6 @@ def expose(url_map, rule, **kwargs):
 def fetch_template(wrapped):
     def wrapper(self, request, *args, **kwargs):
         template = self._get_template(wrapped.__name__, request)
-        template.base_url = self._base_url
-        template.user = None
         kwargs['template'] = template
         return wrapped(self, request, *args, **kwargs)
     return wrapper
@@ -57,14 +55,6 @@ class UserDatabase(object):
         connection = self._connect()
         connection.executescript("BEGIN; PRAGMA FOREIGN_KEYS=on; COMMIT;")
         self._create_tables(connection)
-        try:
-            self.add_user(User('Sascha_Silbe', 'Sascha Silbe',
-                                  [Key('-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQcKFtjpQHdIdfBu/bwf\nmjnvFcgaWheTyBnOvPM/vQgKdvhkvAdidtGtQPwC3uDYpBlwzWR3rxWwEEoMXO7X\nlXTje4WBTcoCM4hHI/aFL4Uz8xd40dI4qtPkzdX68wZhpJg1IepgWOkUPfZNbYVm\nfIk2Df39vh6IuxlY9pq1Aj3In+f8IooPgdP/3EWbhGo/QMdtTZv1HIIs9EtDh+5l\nh/18wOTJltck4xyGQMgEcTzyNKQL/m6OZTqyOGRXpPjMN9deGsmetwInQ3Kd17yw\n7qoUtwo2TW5eioHfZEINVJJTU0IAGfigDZrsJVGeUS8zRWCp2KcvldPNs3aRn2rb\nkwIDAQAB\n-----END PUBLIC KEY-----', True),
-                                   Key('-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUzxtfRv8aLLwGNYgkbE\nbcFN/G2+vFjgjyjJn0bkWfIbDScksCJqaIYbDZDgS2ifThk9icvjyScY2FsGgFc4\nHivwdnKJiAslorplY/Hx/GlTMaz/TI0ETiG+TCf0TeigC9KX3rAlCy2r9vL2vurc\nGFtpja1qf/LRkJSfckRnfS231Uhn3zCZl1PkDHXya/3AQMIHKu5kJnLfcg25lTp+\nJpfBB2YrX7/mBA2gwdEjDi9b+p+aQ4K5fFWMQVeh1pHL8gvd7O+blb8OTEXRJjqg\nj7cPfEVtxdhBGcK1kdGrb34/VPN56mrUgHt+Y6lBR/LyQvLHe7H59FMasTSmhJQw\n6wIDAQAB\n-----END PUBLIC KEY-----', True)],
-                                  [EmailAddr('silbe@sugarlabs.org', True), EmailAddr('sascha-foo@silbe.org', False)],
-                                  []))
-        except sqlite3.IntegrityError:
-            pass
 
     def _connect(self):
         connection = sqlite3.connect(self._db_path)
@@ -88,8 +78,9 @@ class UserDatabase(object):
             public BOOLEAN
         );
         CREATE TABLE IF NOT EXISTS sites (
-            trust_root TEXT PRIMARY KEY,
-            user_id TEXT NOT NULL REFERENCES users (user_id)
+            trust_root TEXT,
+            user_id TEXT NOT NULL REFERENCES users (user_id),
+            CONSTRAINT sites_pk PRIMARY KEY (trust_root, user_id)
         );
         """)
         connection.commit()
@@ -236,7 +227,8 @@ class Application(object):
     @fetch_template
     @expose(_url_map, '/id/<user_id>')
     def id_page(self, request, user_id, template):
-        template.user = self._user_db.find_user_by_id(user_id)
+        template.page_user = self._user_db.find_user_by_id(user_id)
+        template.request_user, template.key = self._check_user(request)
         return Response(str(template), mimetype='text/html')
 
     @expose(_url_map, '/openidserver')
@@ -291,6 +283,34 @@ class Application(object):
         else:
             return Response(status=400)
 
+    @expose(_url_map, '/register')
+    def register_user(self, request):
+        user, key = self._check_user(request)
+        if key is None:
+            template = self._get_template('error', request)
+            template.message = 'Client certificate was not presented.'
+            return Response(str(template), status=400)
+
+        if user is not None:
+            template = self._get_template('error', request)
+            template.message = 'You are already registered.'
+            return Response(str(template), status=400)
+
+        if self._user_db.find_user_by_id(request.form['user_id']):
+            template = self._get_template('register_fail_duplicate_user_id',
+                                          request)
+            template.user_id = request.form['user_id']
+            template.nick_name = request.form['nick_name']
+            return Response(str(template), mimetype='text/html')
+
+        key = Key(key.pem, True)
+        user = User(request.form['user_id'], request.form['nick_name'],
+                    keys=[key], email_addrs=[], sites=[])
+        self._user_db.add_user(user)
+        template = self._get_template('registered', request)
+        template.user = user
+        return Response(str(template), mimetype='text/html')
+
     def _handle_check_id_request(self, request, user, id_request):
         is_authorized = self._is_authorized(user, id_request.identity,
                                             id_request.trust_root)
@@ -336,7 +356,11 @@ class Application(object):
         if not key_pem:
             return None, None
 
-        return self._user_db.find_user_by_key_pem(key_pem)
+        user, key = self._user_db.find_user_by_key_pem(key_pem)
+        if user is None:
+            return None, Key(key_pem, False)
+
+        return user, key
 
     def _get_public_key(self, request):
 #        class a: pass
@@ -424,4 +448,6 @@ class Application(object):
     def _get_template(self, name, request):
         # FIXME: i18n
         file_name = os.path.join(self._data_path, 'templates', name+'.tmpl')
-        return Template(file=file_name)
+        template = Template(file=file_name)
+        template.base_url = self._base_url
+        return template
diff --git a/templates/id_page.tmpl b/templates/id_page.tmpl
index 5a64150..10829f9 100644
--- a/templates/id_page.tmpl
+++ b/templates/id_page.tmpl
@@ -4,20 +4,19 @@
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 #import cgi
 #import urllib
-#set $my_identifier = $base_url + '/id/' + urllib.quote($user.user_id, safe='')
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
     <link rel="openid.server" href="${base_url}/openidserver">
-    <meta http-equiv="x-xrds-location" content="${base_url}/yadis/${urllib.quote($user.user_id, safe='')}">
+    <meta http-equiv="x-xrds-location" content="${base_url}/yadis/${urllib.quote($page_user.user_id, safe='')}">
   </head>
 
   <body>
-    <p>This is an identity page for ${cgi.escape($user.user_id)}.</p>
+    <p>This is an identity page for ${cgi.escape($page_user.user_id)}.</p>
 
-#if $user.sites
+#if $request_user is not None and $request_user == $page_user and $request_user.sites
     <p>Approved trust roots:</p>
     <ul>
-    #for site in $user.sites:
+    #for site in $request_user.sites:
 	<li><tt>${cgi.escape($site.trust_root)}</tt></li>
     #end for
     </ul>
diff --git a/templates/index.tmpl b/templates/index.tmpl
index 3cc854e..632aa0f 100644
--- a/templates/index.tmpl
+++ b/templates/index.tmpl
@@ -6,14 +6,25 @@
 #import urllib
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <title>foo</title>
+    <title>OpenID provider</title>
     <meta http-equiv="x-xrds-location" content="${base_url}/yadisserver">
   </head>
 
   <body>
-    <h1>foo</h1>
-#if $user is None
-    <p>You are not registered yet.</p>
+    <h1>OpenID provider</h1>
+#if not $key.pem
+    <p>You don't have a client certificate yet.</p>
+#else if $user is None
+    <p>You are not registered yet. Please fill out this form to register:</p>
+    <form action="/register" method="POST">
+      <dl>
+        <dt><label for="register_user_id">User ID: </label></dt>
+	  <dd><input type="text" name="user_id" id="register_user_id" /></dd>
+        <dt><label for="register_nick_name">Your name: </label></dt>
+	  <dd><input type="text" name="nick_name" id="register_nick_name" /></dd>
+      </dl>
+      <input type="submit" name="register" value="Register" />
+    </form>
 #else if not $key.confirmed
     <p>Your key has not been confirmed by the owner of
       <a href="${base_url}/id/${urllib.quote($user.user_id, safe='')}">${base_url}/id/${urllib.quote($user.user_id, safe='')}</a> yet.
diff --git a/templates/register_fail_duplicate_user_id.tmpl b/templates/register_fail_duplicate_user_id.tmpl
new file mode 100644
index 0000000..faa47a7
--- /dev/null
+++ b/templates/register_fail_duplicate_user_id.tmpl
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html
+         PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+#import cgi
+#import urllib
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>Registration failed</title>
+    <meta http-equiv="x-xrds-location" content="${base_url}/yadisserver">
+  </head>
+
+  <body>
+    <h1>Registration failed</h1>
+    <p>The user ID ${cgi.escape($user_id)} is already taken. Please try a different one:</p>
+    <form action="/register" method="POST">
+      <dl>
+        <dt><label for="register_user_id">User ID: </label></dt>
+	  <dd><input type="text" name="user_id" id="register_user_id" /></dd>
+        <dt><label for="register_nick_name">Your name: </label></dt>
+	  <dd><input type="text" name="nick_name" id="register_nick_name" value="${cgi.escape($nick_name, True)}"/></dd>
+      </dl>
+      <input type="submit" name="register" value="Register" />
+    </form>
+  </body>
+</html>
diff --git a/templates/registered.tmpl b/templates/registered.tmpl
new file mode 100644
index 0000000..fdc0d69
--- /dev/null
+++ b/templates/registered.tmpl
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html
+         PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+#import cgi
+#import urllib
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>Successfully registered as ${cgi.escape($user.user_id)}</title>
+  </head>
+
+  <body>
+    <h1>Registration successful</h1>
+
+    <p>
+      Congratulations, you just registered as ${cgi.escape($user.user_id)}!
+      Your OpenID identity URL is
+      <tt><a href="${base_url}/id/${urllib.quote($user.user_id, safe='')}">${base_url}/id/${urllib.quote($user.user_id, safe='')}</a></tt>.
+    </p>
+  </body>
+</html>