author | Michael Krelin <hacker@klever.net> | 2007-08-09 11:23:36 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2007-08-09 11:23:36 (UTC) |
commit | 65bab7c9f984d6fe45ce72e7db014c40eba4d240 (patch) (unidiff) | |
tree | 28c4791aea6b7dc404ad0d27050c34f447a84314 | |
parent | 1f347795ef5eba50892fd777c173a2a6db1755f2 (diff) | |
download | libopkele-65bab7c9f984d6fe45ce72e7db014c40eba4d240.zip libopkele-65bab7c9f984d6fe45ce72e7db014c40eba4d240.tar.gz libopkele-65bab7c9f984d6fe45ce72e7db014c40eba4d240.tar.bz2 |
associations robustness improvements and documentation updates
-rw-r--r-- | include/opkele/association.h | 2 | ||||
-rw-r--r-- | include/opkele/consumer.h | 19 | ||||
-rw-r--r-- | lib/consumer.cc | 4 |
3 files changed, 24 insertions, 1 deletions
diff --git a/include/opkele/association.h b/include/opkele/association.h index a8f3915..72eff5b 100644 --- a/include/opkele/association.h +++ b/include/opkele/association.h | |||
@@ -60,8 +60,10 @@ namespace opkele { | |||
60 | virtual string assoc_type() const { return _assoc_type; } | 60 | virtual string assoc_type() const { return _assoc_type; } |
61 | virtual secret_t secret() const { return _secret; } | 61 | virtual secret_t secret() const { return _secret; } |
62 | virtual int expires_in() const { return _expires-time(0); } | 62 | virtual int expires_in() const { return _expires-time(0); } |
63 | virtual bool stateless() const { return _stateless; } | 63 | virtual bool stateless() const { return _stateless; } |
64 | |||
65 | virtual bool is_expired() const { return _expires<time(0); } | ||
64 | }; | 66 | }; |
65 | 67 | ||
66 | } | 68 | } |
67 | 69 | ||
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h index 042e2d1..b9d1e54 100644 --- a/include/opkele/consumer.h +++ b/include/opkele/consumer.h | |||
@@ -12,8 +12,13 @@ | |||
12 | namespace opkele { | 12 | namespace opkele { |
13 | 13 | ||
14 | /** | 14 | /** |
15 | * implementation of basic consumer functionality | 15 | * implementation of basic consumer functionality |
16 | * | ||
17 | * @note | ||
18 | * The consumer uses libcurl internally, which means that if you're using | ||
19 | * libopkele in multithreaded environment you should call curl_global_init | ||
20 | * yourself before spawning any threads. | ||
16 | */ | 21 | */ |
17 | class consumer_t { | 22 | class consumer_t { |
18 | public: | 23 | public: |
19 | 24 | ||
@@ -30,12 +35,18 @@ namespace opkele { | |||
30 | /** | 35 | /** |
31 | * retrieve stored association. The function should be overridden | 36 | * retrieve stored association. The function should be overridden |
32 | * in the real implementation to provide persistent assocations | 37 | * in the real implementation to provide persistent assocations |
33 | * store. | 38 | * store. |
39 | * | ||
40 | * @note | ||
41 | * The user is responsible for handling associations expiry and | ||
42 | * this function should never return an expired or invalidated | ||
43 | * association. | ||
44 | * | ||
34 | * @param server the OpenID server | 45 | * @param server the OpenID server |
35 | * @param handle association handle | 46 | * @param handle association handle |
36 | * @return the autho_ptr<> for the newly allocated association_t object | 47 | * @return the autho_ptr<> for the newly allocated association_t object |
37 | * @throw failed_lookup in case of error | 48 | * @throw failed_lookup if no unexpired association found |
38 | */ | 49 | */ |
39 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; | 50 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; |
40 | /** | 51 | /** |
41 | * invalidate stored association. The function should be overridden | 52 | * invalidate stored association. The function should be overridden |
@@ -47,8 +58,14 @@ namespace opkele { | |||
47 | /** | 58 | /** |
48 | * retrieve any unexpired association for the server. If the | 59 | * retrieve any unexpired association for the server. If the |
49 | * function is not overridden in the real implementation, the new | 60 | * function is not overridden in the real implementation, the new |
50 | * association will be established for each request. | 61 | * association will be established for each request. |
62 | * | ||
63 | * @note | ||
64 | * The user is responsible for handling associations and this | ||
65 | * function should never return an expired or invalidated | ||
66 | * association. | ||
67 | * | ||
51 | * @param server the OpenID server | 68 | * @param server the OpenID server |
52 | * @return the auto_ptr<> for the newly allocated association_t object | 69 | * @return the auto_ptr<> for the newly allocated association_t object |
53 | * @throw failed_lookup in case of absence of the handle | 70 | * @throw failed_lookup in case of absence of the handle |
54 | */ | 71 | */ |
diff --git a/lib/consumer.cc b/lib/consumer.cc index dd8e150..af309c1 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
@@ -143,8 +143,10 @@ namespace opkele { | |||
143 | p["trust_root"] = trust_root; | 143 | p["trust_root"] = trust_root; |
144 | p["return_to"] = return_to; | 144 | p["return_to"] = return_to; |
145 | try { | 145 | try { |
146 | string ah = find_assoc(server)->handle(); | 146 | string ah = find_assoc(server)->handle(); |
147 | if(ah->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ | ||
148 | throw failed_lookup(OPKELE_CP_ "find_assoc() has returned expired handle"); | ||
147 | p["assoc_handle"] = ah; | 149 | p["assoc_handle"] = ah; |
148 | }catch(failed_lookup& fl) { | 150 | }catch(failed_lookup& fl) { |
149 | string ah = associate(server)->handle(); | 151 | string ah = associate(server)->handle(); |
150 | p["assoc_handle"] = ah; | 152 | p["assoc_handle"] = ah; |
@@ -160,8 +162,10 @@ namespace opkele { | |||
160 | retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); | 162 | retrieve_links(identity.empty()?pin.get_param("openid.identity"):canonicalize(identity),server,delegate); |
161 | params_t ps; | 163 | params_t ps; |
162 | try { | 164 | try { |
163 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); | 165 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); |
166 | if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ | ||
167 | throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); | ||
164 | const string& sigenc = pin.get_param("openid.sig"); | 168 | const string& sigenc = pin.get_param("openid.sig"); |
165 | vector<unsigned char> sig; | 169 | vector<unsigned char> sig; |
166 | util::decode_base64(sigenc,sig); | 170 | util::decode_base64(sigenc,sig); |
167 | const string& slist = pin.get_param("openid.signed"); | 171 | const string& slist = pin.get_param("openid.signed"); |