summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc6
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index fa659ac..511b51a 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -131,61 +131,67 @@ namespace opkele {
131 131
132 void basic_OP::checkid_(const basic_openid_message& inm, 132 void basic_OP::checkid_(const basic_openid_message& inm,
133 extension_t *ext) { 133 extension_t *ext) {
134 reset_vars(); 134 reset_vars();
135 string modestr = inm.get_field("mode"); 135 string modestr = inm.get_field("mode");
136 if(modestr=="checkid_setup") 136 if(modestr=="checkid_setup")
137 mode = mode_checkid_setup; 137 mode = mode_checkid_setup;
138 else if(modestr=="checkid_immediate") 138 else if(modestr=="checkid_immediate")
139 mode = mode_checkid_immediate; 139 mode = mode_checkid_immediate;
140 else 140 else
141 throw bad_input(OPKELE_CP_ "Invalid checkid_* mode"); 141 throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");
142 try { 142 try {
143 assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle")); 143 assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));
144 invalidate_handle.clear(); 144 invalidate_handle.clear();
145 }catch(failed_lookup&) { } 145 }catch(failed_lookup&) { }
146 try { 146 try {
147 openid2 = (inm.get_field("ns")==OIURI_OPENID20); 147 openid2 = (inm.get_field("ns")==OIURI_OPENID20);
148 }catch(failed_lookup&) { openid2 = false; } 148 }catch(failed_lookup&) { openid2 = false; }
149 try { 149 try {
150 return_to = inm.get_field("return_to"); 150 return_to = inm.get_field("return_to");
151 }catch(failed_lookup&) { } 151 }catch(failed_lookup&) { }
152 if(openid2) { 152 if(openid2) {
153 try { 153 try {
154 realm = inm.get_field("realm"); 154 realm = inm.get_field("realm");
155 if(realm.empty())
156 throw failed_lookup(OPKELE_CP_ "Empty realm doesn't count");
155 }catch(failed_lookup&) { 157 }catch(failed_lookup&) {
156 try { 158 try {
157 realm = inm.get_field("trust_root"); 159 realm = inm.get_field("trust_root");
160 if(realm.empty())
161 throw failed_lookup(OPKELE_CP_ "Empty trust_root doesn't count");
158 }catch(failed_lookup&) { 162 }catch(failed_lookup&) {
159 if(return_to.empty()) 163 if(return_to.empty())
160 throw bad_input(OPKELE_CP_ 164 throw bad_input(OPKELE_CP_
161 "Both realm and return_to are unset"); 165 "Both realm and return_to are unset");
162 realm = return_to; 166 realm = return_to;
163 } 167 }
164 } 168 }
165 }else{ 169 }else{
166 try { 170 try {
167 realm = inm.get_field("trust_root"); 171 realm = inm.get_field("trust_root");
172 if(realm.empty())
173 throw failed_lookup(OPKELE_CP_ "Empty trust_root doesn't count");
168 }catch(failed_lookup&) { 174 }catch(failed_lookup&) {
169 if(return_to.empty()) 175 if(return_to.empty())
170 throw bad_input(OPKELE_CP_ 176 throw bad_input(OPKELE_CP_
171 "Both realm and return_to are unset"); 177 "Both realm and return_to are unset");
172 realm = return_to; 178 realm = return_to;
173 } 179 }
174 } 180 }
175 try { 181 try {
176 identity = inm.get_field("identity"); 182 identity = inm.get_field("identity");
177 try { 183 try {
178 claimed_id = inm.get_field("claimed_id"); 184 claimed_id = inm.get_field("claimed_id");
179 }catch(failed_lookup&) { 185 }catch(failed_lookup&) {
180 if(openid2) 186 if(openid2)
181 throw bad_input(OPKELE_CP_ 187 throw bad_input(OPKELE_CP_
182 "claimed_id and identity must be either both present or both absent"); 188 "claimed_id and identity must be either both present or both absent");
183 claimed_id = identity; 189 claimed_id = identity;
184 } 190 }
185 }catch(failed_lookup&) { 191 }catch(failed_lookup&) {
186 if(openid2 && inm.has_field("claimed_id")) 192 if(openid2 && inm.has_field("claimed_id"))
187 throw bad_input(OPKELE_CP_ 193 throw bad_input(OPKELE_CP_
188 "claimed_id and identity must be either both present or both absent"); 194 "claimed_id and identity must be either both present or both absent");
189 } 195 }
190 verify_return_to(); 196 verify_return_to();
191 if(ext) ext->op_checkid_hook(inm); 197 if(ext) ext->op_checkid_hook(inm);