summaryrefslogtreecommitdiffabout
path: root/lib/basic_rp.cc
Side-by-side diff
Diffstat (limited to 'lib/basic_rp.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_rp.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 3cad71c..8125aa7 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -173,97 +173,97 @@ namespace opkele {
p = co+1;
}
}
bool has_field(const string& n) const {
return signeds.find(n)!=signeds.end() && x.has_field(n); }
const string& get_field(const string& n) const {
if(signeds.find(n)==signeds.end())
throw failed_lookup(OPKELE_CP_ "The field isn't known to be signed");
return x.get_field(n); }
fields_iterator fields_begin() const {
return signeds.begin(); }
fields_iterator fields_end() const {
return signeds.end(); }
};
static void parse_query(const string& u,string::size_type q,
map<string,string>& p) {
if(q==string::npos)
return;
assert(u[q]=='?');
++q;
string::size_type l = u.size();
while(q<l) {
string::size_type eq = u.find('=',q);
string::size_type am = u.find('&',q);
if(am==string::npos) {
if(eq==string::npos) {
p[""] = u.substr(q);
}else{
p[u.substr(q,eq-q)] = u.substr(eq+1);
}
break;
}else{
if(eq==string::npos || eq>am) {
p[""] = u.substr(q,eq-q);
}else{
p[u.substr(q,eq-q)] = u.substr(eq+1,am-eq-1);
}
q = ++am;
}
}
}
void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) {
reset_vars();
bool o2 = om.has_field("ns")
- && om.get_field("ns")==OIURI_OPENID20;
+ && om.get_field("ns")==OIURI_OPENID20 && !om.get_field("op_endpoint").empty();
if( (!o2) && om.has_field("user_setup_url"))
throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided",
om.get_field("user_setup_url"));
string m = om.get_field("mode");
if(o2 && m=="setup_needed")
throw id_res_setup(OPKELE_CP_ "setup needed, no setup url provided");
if(m=="cancel")
throw id_res_cancel(OPKELE_CP_ "authentication cancelled");
bool go_dumb=false;
try {
string OP = o2
?om.get_field("op_endpoint")
:get_endpoint().uri;
assoc_t assoc = retrieve_assoc(
OP,om.get_field("assoc_handle"));
if(om.get_field("sig")!=util::base64_signature(assoc,om))
throw id_res_mismatch(OPKELE_CP_ "signature mismatch");
}catch(dumb_RP& drp) {
go_dumb=true;
}catch(failed_lookup& e) {
go_dumb=true;
} OPKELE_RETHROW
if(go_dumb) {
try {
string OP = o2
?om.get_field("op_endpoint")
:get_endpoint().uri;
check_authentication(OP,om);
}catch(failed_check_authentication& fca) {
throw id_res_failed(OPKELE_CP_ "failed to check_authentication()");
} OPKELE_RETHROW
}
signed_part_message_proxy signeds(om);
if(o2) {
check_nonce(om.get_field("op_endpoint"),
om.get_field("response_nonce"));
static const char *mustsign[] = {
"op_endpoint", "return_to", "response_nonce", "assoc_handle",
"claimed_id", "identity" };
for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms]))
throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs");
}
if( (
(om.has_field("claimed_id")?1:0)
^
(om.has_field("identity")?1:0)
)&1 )