import org.openid4java.discovery.*
import org.openid4java.consumer.*
import org.openid4java.message.*
import org.openid4java.server.*

class UserController {
    String _returnURL = "http://localhost:8080/openidtest/user/auth";
    static ConsumerManager manager = new ConsumerManager();
    
    def index = {
    	
    }
    
    def handleLogin = {
    		
    try{
    		 RealmVerifier rv = new RealmVerifier();
    		 rv.setEnforceRpId(false);
    		 manager.setRealmVerifier(rv)
    		 
    		 // perform discovery on the user-supplied identifier
    		    List discoveries = manager.discover(params['openid']);
				
    		    // attempt to associate with the OpenID provider
    		    // and retrieve one service endpoint for authentication
    		    //try catch here
    		
    		    DiscoveryInformation discovered = manager.associate(discoveries);
    		    
    		    // store the discovery information in the user's session for later use
    		    // leave out for stateless operation / if there is no session
    		    session.discovered = discovered

    		    // obtain a AuthRequest message to be sent to the OpenID provider
    		    AuthRequest authReq = manager.authenticate(discovered, _returnURL);
    		    
    		    response.sendRedirect authReq.getDestinationUrl(true)
    		    }catch(DiscoveryException e){
    		    	//add flash message , failed to find openid at address
    		    	flash.message = "Failed to find valid openid URI at specified address"
    		    	redirect(action:'login')
    		    	
    		    }
    		   
    		
    }
    
    def login = {
    		
    		if(session.user){
    			redirect(action: 'index') //redirect to main user page
    		}
    }
    
    def auth = {

   	    
    	    //check if this is an openid message, would try catch be better?
    	    if(!params['openid.mode']){
    	    	redirect(action:'err')
    	    return;
    	    }


    	    ParameterList openidResp = new ParameterList(request.getParameterMap());

    	    // retrieve the previously stored discovery information
    	    DiscoveryInformation discovered = (DiscoveryInformation) session.discovered;

    	    // extract the receiving URL from the HTTP request
    	    StringBuffer receivingURL = new StringBuffer('http://' + request.getServerName() + ':' + request.getServerPort() +request.forwardURI); 
    	    String queryString = request.getQueryString();
    	    if (queryString != null && queryString.length() > 0)
    	        receivingURL.append('?').append(request.getQueryString());

    	    // verify the response
    	    VerificationResult verification = manager.verify(receivingURL.toString(), openidResp, discovered);

    	    // examine the verification result and extract the verified identifier
    	    Identifier verified = verification.getVerifiedId();

    	    if (verified != null){
    	    	
    	    	session.user = verified
    	    	
    	    	redirect(action: 'index')
    	        
    	    }else{
    	        // OpenID authentication failed
    	        flash.message = "OpenID authentication failed"
    		    	redirect(action:'login')
    	    
    	    }
   	    
    }
    
  
    
    def err = {
    		
    }
    
    
    
}