-rw-r--r-- | include/opkele/basic_op.h | 2 | ||||
-rw-r--r-- | include/opkele/verify_op.h | 2 | ||||
-rw-r--r-- | lib/verify_op.cc | 2 | ||||
-rw-r--r-- | test/OP.cc | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h index 0e3231d..0326508 100644 --- a/include/opkele/basic_op.h +++ b/include/opkele/basic_op.h @@ -153,65 +153,65 @@ namespace opkele { * @param reference a reference token (can be empty) * @return reference to om */ basic_openid_message& error(basic_openid_message& om, const string& error,const string& contact, const string& reference ); /** * Build a setup_needed reply to checkid_immediate request * @param oum output OpenID message * @param inm incoming OpenID request being processed * @return reference to oum */ basic_openid_message& setup_needed( basic_openid_message& oum,const basic_openid_message& inm); /** * Process check_authentication request * @param oum output OpenID message * @param inm incoming request * @return reference to oum */ basic_openid_message& check_authentication( basic_openid_message& oum,const basic_openid_message& inm); /** * @} */ /** * Verify return_to url. The default implementation checks whether * return_to URI matches the realm * @throw bad_realm in case of invalid realm * @throw bad_return_to if return_to doesn't match the realm - * @see verify_op::verify_return_to() + * @see verify_OP::verify_return_to() */ virtual void verify_return_to(); /** * @name Global persistent store API * These functions are related to the associations with RPs storage * and retrieval and nonce management. * @{ */ /** * Allocate association. * @param type association type * @param kl association key length * @param sl true if the association is stateless * @return association object */ virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; /** * Retrieve valid unexpired association * @param handle association handle * @return association object */ virtual assoc_t retrieve_assoc(const string& handle) = 0; /** * Allocate nonce. * @param nonce input-output parameter containing timestamp part of * the nonce on input * @param sl true if the nonce is * @return reference to nonce * @throw failed_lookup if no such valid unexpired association * could be retrieved */ diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h index 6b94240..9e29bac 100644 --- a/include/opkele/verify_op.h +++ b/include/opkele/verify_op.h @@ -1,26 +1,26 @@ #ifndef __OPKELE_VERIFY_OP_H #define __OPKELE_VERIFY_OP_H #include <opkele/basic_op.h> namespace opkele { /** * The OP implementation that does discovery verification on RP */ - class verify_op : public basic_OP { + class verify_OP : public basic_OP { public: /** * In addition to basic_OP::verify_return_to() functionality this * implementation does the discovery on RP to see if return_to matches * the realm * @throw bad_return_to in case we fail to discover corresponding * service endpoint */ void verify_return_to(); }; } #endif /* __OPKELE_VERIFY_OP_H */ diff --git a/lib/verify_op.cc b/lib/verify_op.cc index 0beca2d..ab21b4f 100644 --- a/lib/verify_op.cc +++ b/lib/verify_op.cc @@ -3,51 +3,51 @@ #include <opkele/exception.h> #include <opkele/util.h> #include <opkele/uris.h> namespace opkele { using std::output_iterator_tag; class __RP_verifier_good_input : public exception { public: __RP_verifier_good_input(OPKELE_E_PARS) : exception(OPKELE_E_CONS) { } }; class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { public: int seen; const string& return_to; RP_verifier(const string& rt) : return_to(rt), seen(0) { } RP_verifier& operator*() { return *this; } RP_verifier& operator=(const openid_endpoint_t& oep) { if(util::uri_matches_realm(return_to,oep.uri)) throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); return *this; } RP_verifier& operator++() { ++seen; return *this; } RP_verifier& operator++(int) { +seen; return *this; } }; - void verify_op::verify_return_to() { + void verify_OP::verify_return_to() { basic_OP::verify_return_to(); try { RP_verifier rpv(return_to); string drealm = realm; string::size_type csss = drealm.find("://*."); if(csss==4 || csss==5) drealm.replace(csss+3,1,"www"); const char *rtt[] = { STURI_OPENID20_RT, 0 }; yadiscover(rpv,drealm,rtt,false); if(rpv.seen) throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); }catch(__RP_verifier_good_input&) { }catch(bad_return_to& brt) { throw; }catch(exception_network&) { } } } @@ -23,65 +23,65 @@ static const string get_self_url(const kingate::cgi_gateway& gw) { bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); string rv = s?"https://":"http://"; rv += gw.http_request_header("Host"); const string& port = gw.get_meta("SERVER_PORT"); if( port!=(s?"443":"80") ) { rv += ':'; rv += port; } rv += gw.get_meta("REQUEST_URI"); string::size_type q = rv.find('?'); if(q!=string::npos) rv.erase(q); return rv; } class opdb_t : public sqlite3_t { public: opdb_t() : sqlite3_t("/tmp/OP.db") { assert(_D); char **resp; int nr,nc; char *errm; if(sqlite3_get_table( _D, "SELECT a_op FROM assoc LIMIT 0", &resp,&nr,&nc,&errm)!=SQLITE_OK) { extern const char *__OP_db_bootstrap; DOUT_("Bootstrapping DB"); if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); }else sqlite3_free_table(resp); } }; -class example_op_t : public opkele::verify_op { +class example_op_t : public opkele::verify_OP { public: kingate::cgi_gateway& gw; opdb_t db; kingate::cookie htc; example_op_t(kingate::cgi_gateway& gw) : gw(gw) { try { htc = gw.cookies.get_cookie("htop_session"); sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", htc.get_value().c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); if(nr<1) throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); }catch(kingate::exception_notfound& kenf) { uuid_t uuid; uuid_generate(uuid); htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); sqlite3_mem_t<char*> S = sqlite3_mprintf( "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", htc.get_value().c_str()); db.exec(S); } } void set_authorized(bool a) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "UPDATE ht_sessions" " SET authorized=%d" |