summaryrefslogtreecommitdiffabout
path: root/lib/server.cc
authorMichael Krelin <hacker@klever.net>2005-07-20 09:56:34 (UTC)
committer Michael Krelin <hacker@klever.net>2005-07-20 09:56:34 (UTC)
commit9634a1491130ef24130454e951672301e805351f (patch) (unidiff)
treef8239d1ee61742c5635694eae240c4b52937b6ea /lib/server.cc
parent3c07e6e294c424d8aa869c10b6d25fd4fb2c639e (diff)
downloadlibopkele-9634a1491130ef24130454e951672301e805351f.zip
libopkele-9634a1491130ef24130454e951672301e805351f.tar.gz
libopkele-9634a1491130ef24130454e951672301e805351f.tar.bz2
invalidate invalid handles.
Diffstat (limited to 'lib/server.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/server.cc4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/server.cc b/lib/server.cc
index 51d4554..5eee1f3 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -69,39 +69,41 @@ namespace opkele {
69 69
70 void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) { 70 void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout) {
71 checkid_(mode_checkid_immediate,pin,return_to,pout); 71 checkid_(mode_checkid_immediate,pin,return_to,pout);
72 } 72 }
73 73
74 void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) { 74 void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout) {
75 checkid_(mode_checkid_setup,pin,return_to,pout); 75 checkid_(mode_checkid_setup,pin,return_to,pout);
76 } 76 }
77 77
78 void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) { 78 void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout) {
79 if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) 79 if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup)
80 throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); 80 throw bad_input(OPKELE_CP_ "invalid checkid_* mode");
81 pout.clear();
81 assoc_t assoc; 82 assoc_t assoc;
82 try { 83 try {
83 assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); 84 assoc = retrieve_assoc(pin.get_param("openid.assoc_handle"));
84 }catch(failed_lookup& fl) { 85 }catch(failed_lookup& fl) {
85 // no handle specified or no valid handle found, going dumb 86 // no handle specified or no valid handle found, going dumb
86 assoc = alloc_assoc(mode_checkid_setup); 87 assoc = alloc_assoc(mode_checkid_setup);
88 if(pin.has_param("openid.assoc_handle"))
89 pout["invalidate_handle"]=pin.get_param("openid.assoc_handle");
87 } 90 }
88 string trust_root; 91 string trust_root;
89 try { 92 try {
90 trust_root = pin.get_param("openid.trust_root"); 93 trust_root = pin.get_param("openid.trust_root");
91 }catch(failed_lookup& fl) { } 94 }catch(failed_lookup& fl) { }
92 string identity = pin.get_param("openid.identity"); 95 string identity = pin.get_param("openid.identity");
93 return_to = pin.get_param("openid.return_to"); 96 return_to = pin.get_param("openid.return_to");
94 validate(*assoc,pin,identity,trust_root); 97 validate(*assoc,pin,identity,trust_root);
95 pout.clear();
96 pout["mode"] = "id_res"; 98 pout["mode"] = "id_res";
97 pout["assoc_handle"] = assoc->handle(); 99 pout["assoc_handle"] = assoc->handle();
98 if(pin.has_param("openid.assoc_handle") && assoc->stateless()) 100 if(pin.has_param("openid.assoc_handle") && assoc->stateless())
99 pout["invalidate_handle"] = pin.get_param("openid.assoc_handle"); 101 pout["invalidate_handle"] = pin.get_param("openid.assoc_handle");
100 pout["identity"] = identity; 102 pout["identity"] = identity;
101 pout["return_to"] = return_to; 103 pout["return_to"] = return_to;
102 /* TODO: eventually remove deprecated stuff */ 104 /* TODO: eventually remove deprecated stuff */
103 time_t now = time(0); 105 time_t now = time(0);
104 pout["issued"] = util::time_to_w3c(now); 106 pout["issued"] = util::time_to_w3c(now);
105 pout["valid_to"] = util::time_to_w3c(now+120); 107 pout["valid_to"] = util::time_to_w3c(now+120);
106 pout["exipres_in"] = "120"; 108 pout["exipres_in"] = "120";
107 pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to"); 109 pout.sign(assoc->secret(),pout["sig"],pout["signed"]="mode,identity,return_to");