| author | Michael Krelin <hacker@klever.net> | 2009-04-11 15:40:20 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2009-04-11 15:40:20 (UTC) |
| commit | 17de50174f73acefc99a181240481574431aa95a (patch) (side-by-side diff) | |
| tree | a8aa9cf124913acc37bc7954d35015f9fb59ebdd | |
| parent | 381bfb49bfbfc569e6b5aa8e58a933de4397b053 (diff) | |
| download | libopkele-17de50174f73acefc99a181240481574431aa95a.zip libopkele-17de50174f73acefc99a181240481574431aa95a.tar.gz libopkele-17de50174f73acefc99a181240481574431aa95a.tar.bz2 | |
looks like yet another breakage by LJ
IIRC, previously, livejournal.com supplied empty op_endpoint URL. Now it
doesn't supply it at all. Dunno which breakage is better.
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/basic_rp.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 8125aa7..9c7113b 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -189,65 +189,66 @@ namespace opkele { static void parse_query(const string& u,string::size_type q, map<string,string>& p) { if(q==string::npos) return; assert(u[q]=='?'); ++q; string::size_type l = u.size(); while(q<l) { string::size_type eq = u.find('=',q); string::size_type am = u.find('&',q); if(am==string::npos) { if(eq==string::npos) { p[""] = u.substr(q); }else{ p[u.substr(q,eq-q)] = u.substr(eq+1); } break; }else{ if(eq==string::npos || eq>am) { p[""] = u.substr(q,eq-q); }else{ p[u.substr(q,eq-q)] = u.substr(eq+1,am-eq-1); } q = ++am; } } } void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) { reset_vars(); bool o2 = om.has_field("ns") - && om.get_field("ns")==OIURI_OPENID20 && !om.get_field("op_endpoint").empty(); + && om.get_field("ns")==OIURI_OPENID20 + && om.has_field("op_endpoint") && !om.get_field("op_endpoint").empty(); if( (!o2) && om.has_field("user_setup_url")) throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided", om.get_field("user_setup_url")); string m = om.get_field("mode"); if(o2 && m=="setup_needed") throw id_res_setup(OPKELE_CP_ "setup needed, no setup url provided"); if(m=="cancel") throw id_res_cancel(OPKELE_CP_ "authentication cancelled"); bool go_dumb=false; try { string OP = o2 ?om.get_field("op_endpoint") :get_endpoint().uri; assoc_t assoc = retrieve_assoc( OP,om.get_field("assoc_handle")); if(om.get_field("sig")!=util::base64_signature(assoc,om)) throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); }catch(dumb_RP& drp) { go_dumb=true; }catch(failed_lookup& e) { go_dumb=true; } OPKELE_RETHROW if(go_dumb) { try { string OP = o2 ?om.get_field("op_endpoint") :get_endpoint().uri; check_authentication(OP,om); }catch(failed_check_authentication& fca) { throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); } OPKELE_RETHROW } |