author | Michael Krelin <hacker@klever.net> | 2008-11-23 00:43:59 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2009-04-11 15:08:59 (UTC) |
commit | 381bfb49bfbfc569e6b5aa8e58a933de4397b053 (patch) (side-by-side diff) | |
tree | 19f5d884250e83f43094d8bf64b52704417ff265 /lib | |
parent | a5804c83e1ff21fcbf3acb8b1ff952b8dc94adc1 (diff) | |
download | libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.zip libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.tar.gz libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.tar.bz2 |
workaround for livejournal.com breaking specs
just don't treat those who supply empty op_endpoint as OpenID 2.0 providers
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/basic_rp.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 3cad71c..8125aa7 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -189,65 +189,65 @@ namespace opkele { static void parse_query(const string& u,string::size_type q, map<string,string>& p) { if(q==string::npos) return; assert(u[q]=='?'); ++q; string::size_type l = u.size(); while(q<l) { string::size_type eq = u.find('=',q); string::size_type am = u.find('&',q); if(am==string::npos) { if(eq==string::npos) { p[""] = u.substr(q); }else{ p[u.substr(q,eq-q)] = u.substr(eq+1); } break; }else{ if(eq==string::npos || eq>am) { p[""] = u.substr(q,eq-q); }else{ p[u.substr(q,eq-q)] = u.substr(eq+1,am-eq-1); } q = ++am; } } } void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) { reset_vars(); bool o2 = om.has_field("ns") - && om.get_field("ns")==OIURI_OPENID20; + && om.get_field("ns")==OIURI_OPENID20 && !om.get_field("op_endpoint").empty(); if( (!o2) && om.has_field("user_setup_url")) throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided", om.get_field("user_setup_url")); string m = om.get_field("mode"); if(o2 && m=="setup_needed") throw id_res_setup(OPKELE_CP_ "setup needed, no setup url provided"); if(m=="cancel") throw id_res_cancel(OPKELE_CP_ "authentication cancelled"); bool go_dumb=false; try { string OP = o2 ?om.get_field("op_endpoint") :get_endpoint().uri; assoc_t assoc = retrieve_assoc( OP,om.get_field("assoc_handle")); if(om.get_field("sig")!=util::base64_signature(assoc,om)) throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); }catch(dumb_RP& drp) { go_dumb=true; }catch(failed_lookup& e) { go_dumb=true; } OPKELE_RETHROW if(go_dumb) { try { string OP = o2 ?om.get_field("op_endpoint") :get_endpoint().uri; check_authentication(OP,om); }catch(failed_check_authentication& fca) { throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); } OPKELE_RETHROW } |