| author | Michael Krelin <hacker@klever.net> | 2008-04-05 13:36:58 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2008-04-06 09:14:41 (UTC) |
| commit | c56867c814a70505e27501c8f02768a594d8e42d (patch) (unidiff) | |
| tree | 409a7cae6a4768e09a0217f21c05fbb7d4db26fa /lib | |
| parent | 0182b9dee269f1a8f3fc0794bfdf4a143fa1b5be (diff) | |
| download | libopkele-c56867c814a70505e27501c8f02768a594d8e42d.zip libopkele-c56867c814a70505e27501c8f02768a594d8e42d.tar.gz libopkele-c56867c814a70505e27501c8f02768a594d8e42d.tar.bz2 | |
empty trust_root is no trust root.
work around some thoughtful and considerate RPs that take the pain of sending
the trust_root parameter, but do not go into as much trouble as setting it to
anything but an empty string.
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/basic_op.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index fa659ac..511b51a 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
| @@ -143,37 +143,43 @@ namespace opkele { | |||
| 143 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); | 143 | assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); |
| 144 | invalidate_handle.clear(); | 144 | invalidate_handle.clear(); |
| 145 | }catch(failed_lookup&) { } | 145 | }catch(failed_lookup&) { } |
| 146 | try { | 146 | try { |
| 147 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); | 147 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); |
| 148 | }catch(failed_lookup&) { openid2 = false; } | 148 | }catch(failed_lookup&) { openid2 = false; } |
| 149 | try { | 149 | try { |
| 150 | return_to = inm.get_field("return_to"); | 150 | return_to = inm.get_field("return_to"); |
| 151 | }catch(failed_lookup&) { } | 151 | }catch(failed_lookup&) { } |
| 152 | if(openid2) { | 152 | if(openid2) { |
| 153 | try { | 153 | try { |
| 154 | realm = inm.get_field("realm"); | 154 | realm = inm.get_field("realm"); |
| 155 | if(realm.empty()) | ||
| 156 | throw failed_lookup(OPKELE_CP_ "Empty realm doesn't count"); | ||
| 155 | }catch(failed_lookup&) { | 157 | }catch(failed_lookup&) { |
| 156 | try { | 158 | try { |
| 157 | realm = inm.get_field("trust_root"); | 159 | realm = inm.get_field("trust_root"); |
| 160 | if(realm.empty()) | ||
| 161 | throw failed_lookup(OPKELE_CP_ "Empty trust_root doesn't count"); | ||
| 158 | }catch(failed_lookup&) { | 162 | }catch(failed_lookup&) { |
| 159 | if(return_to.empty()) | 163 | if(return_to.empty()) |
| 160 | throw bad_input(OPKELE_CP_ | 164 | throw bad_input(OPKELE_CP_ |
| 161 | "Both realm and return_to are unset"); | 165 | "Both realm and return_to are unset"); |
| 162 | realm = return_to; | 166 | realm = return_to; |
| 163 | } | 167 | } |
| 164 | } | 168 | } |
| 165 | }else{ | 169 | }else{ |
| 166 | try { | 170 | try { |
| 167 | realm = inm.get_field("trust_root"); | 171 | realm = inm.get_field("trust_root"); |
| 172 | if(realm.empty()) | ||
| 173 | throw failed_lookup(OPKELE_CP_ "Empty trust_root doesn't count"); | ||
| 168 | }catch(failed_lookup&) { | 174 | }catch(failed_lookup&) { |
| 169 | if(return_to.empty()) | 175 | if(return_to.empty()) |
| 170 | throw bad_input(OPKELE_CP_ | 176 | throw bad_input(OPKELE_CP_ |
| 171 | "Both realm and return_to are unset"); | 177 | "Both realm and return_to are unset"); |
| 172 | realm = return_to; | 178 | realm = return_to; |
| 173 | } | 179 | } |
| 174 | } | 180 | } |
| 175 | try { | 181 | try { |
| 176 | identity = inm.get_field("identity"); | 182 | identity = inm.get_field("identity"); |
| 177 | try { | 183 | try { |
| 178 | claimed_id = inm.get_field("claimed_id"); | 184 | claimed_id = inm.get_field("claimed_id"); |
| 179 | }catch(failed_lookup&) { | 185 | }catch(failed_lookup&) { |