| author | Michael Krelin <hacker@klever.net> | 2007-12-02 23:06:54 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2007-12-02 23:06:54 (UTC) |
| commit | 60fdaff7888b455b4d07eadc905cefd20f1ddd3c (patch) (unidiff) | |
| tree | a7f7301abbc69401b8aa3b0f5f509552cb5e5ce9 | |
| parent | 262f1579f0a9138a01f06afea06d00155cefd4b5 (diff) | |
| download | libopkele-60fdaff7888b455b4d07eadc905cefd20f1ddd3c.zip libopkele-60fdaff7888b455b4d07eadc905cefd20f1ddd3c.tar.gz libopkele-60fdaff7888b455b4d07eadc905cefd20f1ddd3c.tar.bz2 | |
more robust discovery
if no service found in yadis document, but it is found in html, use
html-discovered service.
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/openid_service_resolver.cc | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/openid_service_resolver.cc b/lib/openid_service_resolver.cc index 5f82955..505e5b2 100644 --- a/lib/openid_service_resolver.cc +++ b/lib/openid_service_resolver.cc | |||
| @@ -183,112 +183,116 @@ namespace opkele { | |||
| 183 | ++hv,--rb ); | 183 | ++hv,--rb ); |
| 184 | while(rb>0 && isspace(hv[rb-1])) | 184 | while(rb>0 && isspace(hv[rb-1])) |
| 185 | --rb; | 185 | --rb; |
| 186 | if(rb) { | 186 | if(rb) { |
| 187 | if( (hnl >= sizeof(LOCATION_HEADER)) | 187 | if( (hnl >= sizeof(LOCATION_HEADER)) |
| 188 | && !strncasecmp(h,LOCATION_HEADER ":", | 188 | && !strncasecmp(h,LOCATION_HEADER ":", |
| 189 | sizeof(LOCATION_HEADER)) ) { | 189 | sizeof(LOCATION_HEADER)) ) { |
| 190 | xrds_location.assign(hv,rb); | 190 | xrds_location.assign(hv,rb); |
| 191 | }else if( (hnl >= sizeof("Content-Type")) | 191 | }else if( (hnl >= sizeof("Content-Type")) |
| 192 | && !strncasecmp(h,"Content-Type:", | 192 | && !strncasecmp(h,"Content-Type:", |
| 193 | sizeof("Content-Type")) ) { | 193 | sizeof("Content-Type")) ) { |
| 194 | const char *sc = (const char*)memchr( | 194 | const char *sc = (const char*)memchr( |
| 195 | hv,';',rb); | 195 | hv,';',rb); |
| 196 | http_content_type.assign( | 196 | http_content_type.assign( |
| 197 | hv,sc?(sc-hv):rb ); | 197 | hv,sc?(sc-hv):rb ); |
| 198 | } | 198 | } |
| 199 | } | 199 | } |
| 200 | } | 200 | } |
| 201 | return curl_t::header(p,s,nm); | 201 | return curl_t::header(p,s,nm); |
| 202 | } | 202 | } |
| 203 | 203 | ||
| 204 | void openid_service_resolver_t::discover_service(const string& url,bool xri) { | 204 | void openid_service_resolver_t::discover_service(const string& url,bool xri) { |
| 205 | CURLcode r = easy_setopt(CURLOPT_URL,url.c_str()); | 205 | CURLcode r = easy_setopt(CURLOPT_URL,url.c_str()); |
| 206 | if(r) | 206 | if(r) |
| 207 | throw opkele::exception_curl(OPKELE_CP_ "failed to set curly urlie",r); | 207 | throw opkele::exception_curl(OPKELE_CP_ "failed to set curly urlie",r); |
| 208 | 208 | ||
| 209 | (*(expat_t*)this) = parser_create_ns(); | 209 | (*(expat_t*)this) = parser_create_ns(); |
| 210 | set_user_data(); set_element_handler(); | 210 | set_user_data(); set_element_handler(); |
| 211 | set_character_data_handler(); | 211 | set_character_data_handler(); |
| 212 | tree.clear(); | 212 | tree.clear(); |
| 213 | state = state_parse; | 213 | state = state_parse; |
| 214 | 214 | ||
| 215 | r = easy_perform(); | 215 | r = easy_perform(); |
| 216 | if(r && r!=CURLE_WRITE_ERROR) | 216 | if(r && r!=CURLE_WRITE_ERROR) |
| 217 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); | 217 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); |
| 218 | 218 | ||
| 219 | parse(0,0,true); | 219 | parse(0,0,true); |
| 220 | while(!tree.empty()) pop_tag(); | 220 | while(!tree.empty()) pop_tag(); |
| 221 | } | 221 | } |
| 222 | 222 | ||
| 223 | const openid_auth_info_t& openid_service_resolver_t::resolve(const string& id) { | 223 | const openid_auth_info_t& openid_service_resolver_t::resolve(const string& id) { |
| 224 | auth_info = openid_auth_info_t(); | 224 | auth_info = openid_auth_info_t(); |
| 225 | html_SEP = openid_auth_SEP_t(); | 225 | html_SEP = openid_auth_SEP_t(); |
| 226 | 226 | ||
| 227 | string::size_type fns = id.find_first_not_of(whitespace); | 227 | string::size_type fns = id.find_first_not_of(whitespace); |
| 228 | if(fns==string::npos) | 228 | if(fns==string::npos) |
| 229 | throw opkele::bad_input(OPKELE_CP_ "whitespace-only identity"); | 229 | throw opkele::bad_input(OPKELE_CP_ "whitespace-only identity"); |
| 230 | string::size_type lns = id.find_last_not_of(whitespace); | 230 | string::size_type lns = id.find_last_not_of(whitespace); |
| 231 | assert(lns!=string::npos); | 231 | assert(lns!=string::npos); |
| 232 | if(!strncasecmp( | 232 | if(!strncasecmp( |
| 233 | id.c_str()+fns,"xri://", | 233 | id.c_str()+fns,"xri://", |
| 234 | sizeof("xri://")-1)) | 234 | sizeof("xri://")-1)) |
| 235 | fns+=sizeof("xri://")-1; | 235 | fns+=sizeof("xri://")-1; |
| 236 | string nid(id,fns,lns-fns+1); | 236 | string nid(id,fns,lns-fns+1); |
| 237 | if(nid.empty()) | 237 | if(nid.empty()) |
| 238 | throw opkele::bad_input(OPKELE_CP_ "nothing significant in identity"); | 238 | throw opkele::bad_input(OPKELE_CP_ "nothing significant in identity"); |
| 239 | if(strchr("=@+$!(",*nid.c_str())) { | 239 | if(strchr("=@+$!(",*nid.c_str())) { |
| 240 | discover_service( | 240 | discover_service( |
| 241 | xri_proxy + util::url_encode(nid) + | 241 | xri_proxy + util::url_encode(nid) + |
| 242 | "?_xrd_t=" STURI_OPENID10 "&_xrd_r=application/xrd+xml;sep=true", | 242 | "?_xrd_t=" STURI_OPENID10 "&_xrd_r=application/xrd+xml;sep=true", |
| 243 | true ); | 243 | true ); |
| 244 | if(auth_info.canonical_id.empty() | 244 | if(auth_info.canonical_id.empty() |
| 245 | || auth_info.auth_SEP.xrd_Type.empty() ) | 245 | || auth_info.auth_SEP.xrd_Type.empty() ) |
| 246 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service for XRI found"); | 246 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service for XRI found"); |
| 247 | return auth_info; | ||
| 248 | }else{ | 247 | }else{ |
| 249 | const char *np = nid.c_str(); | 248 | const char *np = nid.c_str(); |
| 250 | if( (strncasecmp(np,"http",4) || strncmp( | 249 | if( (strncasecmp(np,"http",4) || strncmp( |
| 251 | tolower(*(np+4))=='s'? np+5 : np+4, "://", 3)) | 250 | tolower(*(np+4))=='s'? np+5 : np+4, "://", 3)) |
| 252 | #ifndef NDEBUG | 251 | #ifndef NDEBUG |
| 253 | && strncasecmp(np,"file:///",sizeof("file:///")-1) | 252 | && strncasecmp(np,"file:///",sizeof("file:///")-1) |
| 254 | #endif /* XXX: or how do I let tests work? */ | 253 | #endif /* XXX: or how do I let tests work? */ |
| 255 | ) | 254 | ) |
| 256 | nid.insert(0,"http://"); | 255 | nid.insert(0,"http://"); |
| 257 | string::size_type fp = nid.find('#'); | 256 | string::size_type fp = nid.find('#'); |
| 258 | if(fp!=string::npos) { | 257 | if(fp!=string::npos) { |
| 259 | string::size_type qp = nid.find('?'); | 258 | string::size_type qp = nid.find('?'); |
| 260 | if(qp==string::npos || qp<fp) { | 259 | if(qp==string::npos || qp<fp) { |
| 261 | nid.erase(fp); | 260 | nid.erase(fp); |
| 262 | }else if(qp>fp) | 261 | }else if(qp>fp) |
| 263 | nid.erase(fp,qp-fp); | 262 | nid.erase(fp,qp-fp); |
| 264 | } | 263 | } |
| 265 | discover_service(nid); | 264 | discover_service(nid); |
| 266 | const char *eu = 0; | 265 | const char *eu = 0; |
| 267 | CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); | 266 | CURLcode r = easy_getinfo(CURLINFO_EFFECTIVE_URL,&eu); |
| 268 | if(r) | 267 | if(r) |
| 269 | throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); | 268 | throw exception_curl(OPKELE_CP_ "failed to get CURLINFO_EFFECTIVE_URL",r); |
| 270 | string canonicalized_id = util::rfc_3986_normalize_uri(eu); | 269 | string canonicalized_id = util::rfc_3986_normalize_uri(eu); |
| 271 | if(xrds_location.empty()) { | 270 | if(xrds_location.empty()) { |
| 272 | if(auth_info.auth_SEP.xrd_Type.empty()) { | 271 | if(auth_info.auth_SEP.xrd_Type.empty()) { |
| 273 | if(html_SEP.xrd_URI.empty()) | 272 | if(html_SEP.xrd_URI.empty()) |
| 274 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service discovered"); | 273 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID 1.0 service discovered"); |
| 275 | auth_info.auth_SEP = html_SEP; | 274 | auth_info.auth_SEP = html_SEP; |
| 276 | auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 ); | 275 | auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 ); |
| 277 | auth_info.canonical_id = canonicalized_id; | 276 | auth_info.canonical_id = canonicalized_id; |
| 278 | }else{ | 277 | }else{ |
| 279 | if(auth_info.canonical_id.empty()) | 278 | if(auth_info.canonical_id.empty()) |
| 280 | auth_info.canonical_id = canonicalized_id; | 279 | auth_info.canonical_id = canonicalized_id; |
| 281 | } | 280 | } |
| 282 | return auth_info; | ||
| 283 | }else{ | 281 | }else{ |
| 284 | discover_service(xrds_location); | 282 | discover_service(xrds_location); |
| 285 | if(auth_info.auth_SEP.xrd_Type.empty()) | 283 | if(auth_info.auth_SEP.xrd_Type.empty()) { |
| 286 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID service found in Yadis document"); | 284 | if(html_SEP.xrd_URI.empty()) |
| 287 | if(auth_info.canonical_id.empty()) | 285 | throw opkele::failed_lookup(OPKELE_CP_ "no OpenID 1.0 service discovered"); |
| 286 | auth_info.auth_SEP = html_SEP; | ||
| 287 | auth_info.auth_SEP.xrd_Type.clear(); auth_info.auth_SEP.xrd_Type.insert( STURI_OPENID10 ); | ||
| 288 | auth_info.canonical_id = canonicalized_id; | 288 | auth_info.canonical_id = canonicalized_id; |
| 289 | return auth_info; | 289 | }else{ |
| 290 | if(auth_info.canonical_id.empty()) | ||
| 291 | auth_info.canonical_id = canonicalized_id; | ||
| 292 | } | ||
| 290 | } | 293 | } |
| 291 | } | 294 | } |
| 295 | return auth_info; | ||
| 292 | } | 296 | } |
| 293 | 297 | ||
| 294 | } | 298 | } |