Index: openacs-4/packages/acs-admin/www/apm/index.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-admin/www/apm/index.tcl,v
diff -u -r1.18 -r1.19
--- openacs-4/packages/acs-admin/www/apm/index.tcl	26 Sep 2003 07:50:33 -0000	1.18
+++ openacs-4/packages/acs-admin/www/apm/index.tcl	8 Oct 2003 11:30:22 -0000	1.19
@@ -13,7 +13,7 @@
 }
 
 set page_title "Package Manager"
-set context [list $page_title]
+set context [list [list "../developer" "Developer's Administration"] $page_title]
 
 set user_id [ad_get_user_id]
 
Index: openacs-4/packages/acs-kernel/sql/postgresql/authentication-create.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/sql/postgresql/authentication-create.sql,v
diff -u -r1.11 -r1.12
--- openacs-4/packages/acs-kernel/sql/postgresql/authentication-create.sql	8 Oct 2003 09:58:41 -0000	1.11
+++ openacs-4/packages/acs-kernel/sql/postgresql/authentication-create.sql	8 Oct 2003 11:30:22 -0000	1.12
@@ -105,6 +105,5 @@
     primary key (authority_id, impl_id, key)
 );
 
-
 -- Create PLSQL package
 \i authentication-package-create.sql
Index: openacs-4/packages/auth-server/auth-server.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/auth-server.info,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/auth-server.info	8 Oct 2003 11:30:22 -0000	1.1
@@ -0,0 +1,25 @@
+<?xml version="1.0"?>
+<!-- Generated by the OpenACS Package Manager -->
+
+<package key="auth-server" url="http://openacs.org/repository/apm/packages/auth-server" type="apm_service">
+    <package-name>Authentication Server</package-name>
+    <pretty-plural>Authentication Server</pretty-plural>
+    <initial-install-p>f</initial-install-p>
+    <singleton-p>t</singleton-p>
+    <auto-mount>auth-server</auto-mount>
+
+    <version name="1.0d1" url="http://openacs.org/repository/download/apm/auth-server-1.0d1.apm">
+        <owner url="mailto:lars@collaboraid.biz">Lars Pind</owner>
+        <owner url="mailto:aegrumet@mit.edu">Andrew Grumet</owner>
+        <summary>Allows OpenACS to act as an authentication server in a single-sign-on environment.</summary>
+
+        <!-- No dependency information -->
+
+        <callbacks>
+        </callbacks>
+        <parameters>
+        <!-- No version parameters -->
+        </parameters>
+
+    </version>
+</package>
Index: openacs-4/packages/auth-server/sql/oracle/auth-server-create.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/sql/oracle/auth-server-create.sql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/sql/oracle/auth-server-create.sql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,28 @@
+--
+-- Data model for auth-server
+--
+-- @author Andrew Grumet (aegrumet@mit.edu)
+-- @author Lars Pind (lars@collaboraid.biz)
+--
+-- @creation-date 20003-10-08
+--
+-- @cvs-id $Id: auth-server-create.sql,v 1.1 2003/10/08 11:30:23 lars Exp $
+--
+
+create sequence auth_server_token_id_seq start with 1;
+    
+create table authentication_server_token (
+    token_id                    integer
+                                constraint auth_srv_token_pk
+                                primary key,
+    user_id                     integer
+                                constraint auth_srv_user_id_nn
+                                not null
+                                constraint auth_srv_user_id_fk
+                                references users,
+    random_string               char(40)
+                                constraint auth_srv_rand_str_nn
+                                not null,
+    consumed_on                 date
+);
+
Index: openacs-4/packages/auth-server/sql/oracle/auth-server-drop.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/sql/oracle/auth-server-drop.sql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/sql/oracle/auth-server-drop.sql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,14 @@
+--
+-- Drop script for auth-server
+--
+-- @author Andrew Grumet (aegrumet@mit.edu)
+-- @author Lars Pind (lars@collaboraid.biz)
+--
+-- @creation-date 20003-10-08
+--
+-- @cvs-id $Id: auth-server-drop.sql,v 1.1 2003/10/08 11:30:23 lars Exp $
+--
+
+drop sequence auth_server_token_id_seq;
+    
+drop table authentication_server_token;
Index: openacs-4/packages/auth-server/sql/postgresql/auth-server-create.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/sql/postgresql/auth-server-create.sql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/sql/postgresql/auth-server-create.sql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,28 @@
+--
+-- Data model for auth-server
+--
+-- @author Andrew Grumet (aegrumet@mit.edu)
+-- @author Lars Pind (lars@collaboraid.biz)
+--
+-- @creation-date 20003-10-08
+--
+-- @cvs-id $Id: auth-server-create.sql,v 1.1 2003/10/08 11:30:23 lars Exp $
+--
+
+create sequence auth_server_token_id_seq;
+    
+create table authentication_server_token (
+    token_id                    integer
+                                constraint auth_srv_token_pk
+                                primary key,
+    user_id                     integer
+                                constraint auth_srv_user_id_nn
+                                not null
+                                constraint auth_srv_user_id_fk
+                                references users,
+    random_string               char(40)
+                                constraint auth_srv_rand_str_nn
+                                not null,
+    consumed_on                 timestamptz
+);
+
Index: openacs-4/packages/auth-server/sql/postgresql/auth-server-drop.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/sql/postgresql/auth-server-drop.sql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/sql/postgresql/auth-server-drop.sql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,14 @@
+--
+-- Drop script for auth-server
+--
+-- @author Andrew Grumet (aegrumet@mit.edu)
+-- @author Lars Pind (lars@collaboraid.biz)
+--
+-- @creation-date 20003-10-08
+--
+-- @cvs-id $Id: auth-server-drop.sql,v 1.1 2003/10/08 11:30:23 lars Exp $
+--
+
+drop sequence auth_server_token_id_seq;
+    
+drop table authentication_server_token;
Index: openacs-4/packages/auth-server/tcl/auth-server-procs-oracle.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/tcl/auth-server-procs-oracle.xql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/tcl/auth-server-procs-oracle.xql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<queryset>
+    <rdbms><type>oracle</type><version>8.1.6</version></rdbms>
+
+    <fullquery name="auth::server::verify_token.mark_token">
+        <querytext>
+            update authentication_server_token
+            set    consumed_on = sysdate
+            where  token_id = :token_id
+            and    random_string = :random_string
+            and    consumed_on is null
+        </querytext>
+    </fullquery>
+
+</queryset>
Index: openacs-4/packages/auth-server/tcl/auth-server-procs-postgresql.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/tcl/auth-server-procs-postgresql.xql,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/tcl/auth-server-procs-postgresql.xql	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<queryset>
+    <rdbms><type>postgresql</type><version>7.1</version></rdbms>
+
+    <fullquery name="auth::server::verify_token.mark_token">
+        <querytext>
+            update authentication_server_token
+            set    consumed_on = current_timestamp
+            where  token_id = :token_id
+            and    random_string = :random_string
+            and    consumed_on is null
+        </querytext>
+    </fullquery>
+
+</queryset>
Index: openacs-4/packages/auth-server/tcl/auth-server-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/tcl/auth-server-procs.tcl,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/tcl/auth-server-procs.tcl	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,73 @@
+ad_library {
+    Library routines for authentication server.
+}
+
+namespace eval auth::server {}
+
+ad_proc -public auth::server::generate_token {} {
+    Generate a secret token which can be used to verify 
+    the identity of the current user to a remote system.
+    
+    @return token, or the empty string if no user is logged in
+} {
+    if { [ad_conn user_id] == 0 } {
+        return {}
+    }
+    
+    # Generate a 40 character random string.
+    set random_string [ad_generate_random_string 40]
+    
+    # Do the insert.
+    set user_id [ad_conn user_id]
+    set token_id [db_nextval auth_server_token_id_seq]
+    db_dml insert_token {
+        insert into authentication_server_token 
+        (token_id, user_id, random_string)
+        values (:token_id, :user_id, :random_string)
+    }
+
+    set token "${random_string}${token_id}"
+
+    return $token
+}
+
+
+ad_proc -public auth::server::verify_token {
+    {-token:required}
+} {
+    Verifies and authentication server token, and returns user_id if the token 
+    was valid, or empty string if there was a problem.
+
+    @return user_id or empty_string.
+} {
+    # Token has the following structure:
+    # First 40 characters are the random string.
+    # All remaining characters are the id key.
+    
+    set random_string [string range $token 0 39]
+    set token_id [string range $token 40 end]
+    
+    # check syntax
+    if { ![regexp {^[1-9][0-9]*$} $token_id] } {
+        return {}
+    }
+    
+    set user_id [db_string select_user_id { 
+        select user_id 
+        from   authentication_server_token
+        where  token_id = :token_id
+        and    random_string = :random_string
+        and    consumed_on is null
+    } -default {}]
+    
+    # Mark the token consumed
+    db_dml mark_token {}
+
+    if { [db_resultrows] == 0 } {
+        return {}
+    }
+
+    return $user_id
+}
+
+
Index: openacs-4/packages/auth-server/www/login.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/www/login.tcl,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/www/login.tcl	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,17 @@
+ad_page_contract {
+    This is a page which other services can redirect to. If the user is already
+    authenticated in OpenACS, we will redirect the user to 'service' with a token 
+    added to the URL.
+    
+    @param service The URL to redirect the browser to. Should be a URL on the remote system,
+                   which accepts a 'token' query argument, then verifies it using verify.tcl.
+    
+} {
+    service:notnull
+}
+
+auth::require_login
+
+set return_url [export_vars -base $service { { token {[auth::server::generate_token]} } }]
+
+ad_returnredirect $return_url
Index: openacs-4/packages/auth-server/www/verify.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/auth-server/www/verify.tcl,v
diff -u
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/auth-server/www/verify.tcl	8 Oct 2003 11:30:23 -0000	1.1
@@ -0,0 +1,29 @@
+ad_page_contract {
+    Verify an authentication token issued by login.tcl.
+    If verification is successful, returns an XML document with user information.
+} {
+    token:notnull,string_length(min|41)
+}
+
+set user_id [auth::server::verify_token -token $token]
+
+if { [empty_string_p $user_id] } {
+    ns_return 200 text/plain "Sorry, there was an error authenticating."
+    return
+}
+
+# Get and return user information
+acs_user::get -user_id $user_id -array user
+auth::authority::get -authority_id $user(authority_id) -array authority
+
+ns_return 200 application/xml "<?xml version=\"1.0\"?>
+<User>
+    <firstNames>[ad_quotehtml $user(first_names)]</firstNames>
+    <lastName>[ad_quotehtml $user(last_name)]</lastName>
+    <email>[ad_quotehtml $user(email)]</email>
+    <authority>[ad_quotehtml $authority(short_name)]</authority>
+    <username>[ad_quotehtml $user(username)]</username>
+    <screenName>[ad_quotehtml $user(screen_name)]</screenName>
+    <userID>[ad_quotehtml $user(user_id)]</userID>
+</User>"
+