SSL changes

lib/AuthMitEdu/Dispatcher.pm

@@ -7,8 +7,16 @@ on qr{^/[a-zA-Z][a-zA-Z_0-9]+$} => run {
     show '/endpoint';
 };
 
+before '/_/*' => run {
+    if(!$ENV{HTTPS}) {
+	redirect 'https://' . $ENV{HTTP_HOST} . $ENV{REQUEST_URI};
+    }
+};
+
 on qr{^/_/auth$} => run {
-    my $cgi = Jifty->handler->cgi;
+    # I know what I am doing is wrong. But N::Server::OpenID croaks if
+    # you pass it a CGI::Fast.
+    my $cgi = bless(Jifty->handler->cgi, 'CGI');
     $AuthMitEdu::server->get_args($cgi);
     $AuthMitEdu::server->post_args($cgi);
     my ($type, $data) = $AuthMitEdu::server->handle_page();
@@ -19,8 +27,7 @@ on qr{^/_/auth$} => run {
         my $user = AuthMitEdu::Model::User->remote_user;
 
         set $_ => $opts{$_} for keys %opts;
-
-
+
         tangent '/_/login' unless $user && $user->is_identity($opts{identity});
 
         show 'setup';

lib/AuthMitEdu/Model/User.pm

@@ -4,6 +4,7 @@ use warnings;
 package AuthMitEdu::Model::User;
 use Jifty::DBI::Schema;
 use URI;
+use Email::Address;
 
 use AuthMitEdu::Record schema {
     column username =>
@@ -13,7 +14,8 @@ use AuthMitEdu::Record schema {
 # Your model-specific methods go here.
 
 sub remote_user {
-    my $username = $ENV{REMOTE_USER};
+    my $email = $ENV{SSL_CLIENT_S_DN_Email};
+    my ($username) = $email =~ /^(.+)@/;
     return unless $username;
     my $user = AuthMitEdu::Model::User->new;
     $user->load_or_create(username => $username);

lib/AuthMitEdu/View.pm

@@ -30,8 +30,9 @@ template data => sub {
 };
 
 template setup => sub {
-    my %opts = %{get 'setup_opts'};
-    redirect $AuthMitEdu::server->cancel_return_url(return_to => $opts{return_to});
+    my %args;
+    $args{$_} = get $_ for qw(return_to identity assoc_handle trust_root);
+    redirect $AuthMitEdu::server->signed_return_url(%args);
 };
 
 1;