summaryrefslogtreecommitdiffabout
Side-by-side diff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/util.h18
-rw-r--r--lib/basic_rp.cc21
2 files changed, 20 insertions, 19 deletions
diff --git a/include/opkele/util.h b/include/opkele/util.h
index e9176b0..6f3ddf6 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -115,37 +115,55 @@ namespace opkele {
long string_to_long(const string& s);
/**
* Encode binary data using base64.
* @param data pointer to binary data
* @param length length of data
* @return encoded data
*/
string encode_base64(const void *data,size_t length);
/**
* Decode binary data from base64 representation.
* @param data base64-encoded data
* @param rv container for decoded binary
*/
void decode_base64(const string& data,vector<unsigned char>& rv);
/**
* Normalize http(s) URI according to RFC3986, section 6. URI is
* expected to have scheme: in front of it.
* @param uri URI
* @return normalized URI
* @throw not_implemented in case of non-httpi(s) URI
* @throw bad_input in case of malformed URI
*/
string rfc_3986_normalize_uri(const string& uri);
string& strip_uri_fragment_part(string& uri);
string abi_demangle(const char* mn);
string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
+ class change_mode_message_proxy : public basic_openid_message {
+ public:
+ const basic_openid_message& x;
+ const string& mode;
+
+ change_mode_message_proxy(const basic_openid_message& xx,const string& m) : x(xx), mode(m) { }
+
+ bool has_field(const string& n) const { return x.has_field(n); }
+ const string& get_field(const string& n) const {
+ return (n=="mode")?mode:x.get_field(n); }
+ bool has_ns(const string& uri) const {return x.has_ns(uri); }
+ string get_ns(const string& uri) const { return x.get_ns(uri); }
+ fields_iterator fields_begin() const {
+ return x.fields_begin(); }
+ fields_iterator fields_end() const {
+ return x.fields_end(); }
+ };
+
}
}
#endif /* __OPKELE_UTIL_H */
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 2da8416..a884583 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -249,66 +249,49 @@ namespace opkele {
util::strip_uri_fragment_part(turl);
string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));
util::strip_uri_fragment_part(rurl);
string::size_type
tq = turl.find('?'), rq = rurl.find('?');
if(
((tq==string::npos)?turl:turl.substr(0,tq))
!=
((rq==string::npos)?rurl:rurl.substr(0,rq))
)
throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
map<string,string> tp; parse_query(turl,tq,tp);
map<string,string> rp; parse_query(rurl,rq,rp);
for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
map<string,string>::const_iterator tpi = tp.find(rpi->first);
if(tpi==tp.end())
throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
if(tpi->second!=rpi->second)
throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");
}
if(om.has_field("claimed_id")) {
verify_OP(
om.get_field("op_endpoint"),
om.get_field("claimed_id"),
om.get_field("identity") );
}
}
if(ext) ext->id_res_hook(om,signeds);
}
- class check_auth_message_proxy : public basic_openid_message {
- public:
- const basic_openid_message& x;
-
- check_auth_message_proxy(const basic_openid_message& xx) : x(xx) { }
-
- bool has_field(const string& n) const { return x.has_field(n); }
- const string& get_field(const string& n) const {
- static const string checkauthmode="check_authentication";
- return (n=="mode")?checkauthmode:x.get_field(n); }
- bool has_ns(const string& uri) const {return x.has_ns(uri); }
- string get_ns(const string& uri) const { return x.get_ns(uri); }
- fields_iterator fields_begin() const {
- return x.fields_begin(); }
- fields_iterator fields_end() const {
- return x.fields_end(); }
- };
-
void basic_RP::check_authentication(const string& OP,
const basic_openid_message& om){
openid_message_t res;
- direct_request(res,check_auth_message_proxy(om),OP);
+ static const string checkauthmode = "check_authentication";
+ direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
if(res.has_field("is_valid")) {
if(res.get_field("is_valid")=="true") {
if(res.has_field("invalidate_handle"))
invalidate_assoc(OP,res.get_field("invalidate_handle"));
return;
}
}
throw failed_check_authentication(
OPKELE_CP_ "failed to verify response");
}
}