| -rw-r--r-- | include/opkele/association.h | 2 | ||||
| -rw-r--r-- | include/opkele/consumer.h | 19 | ||||
| -rw-r--r-- | lib/consumer.cc | 4 |
3 files changed, 24 insertions, 1 deletions
diff --git a/include/opkele/association.h b/include/opkele/association.h index a8f3915..72eff5b 100644 --- a/include/opkele/association.h +++ b/include/opkele/association.h | |||
| @@ -61,6 +61,8 @@ namespace opkele { | |||
| 61 | virtual secret_t secret() const { return _secret; } | 61 | virtual secret_t secret() const { return _secret; } |
| 62 | virtual int expires_in() const { return _expires-time(0); } | 62 | virtual int expires_in() const { return _expires-time(0); } |
| 63 | virtual bool stateless() const { return _stateless; } | 63 | virtual bool stateless() const { return _stateless; } |
| 64 | |||
| 65 | virtual bool is_expired() const { return _expires<time(0); } | ||
| 64 | }; | 66 | }; |
| 65 | 67 | ||
| 66 | } | 68 | } |
diff --git a/include/opkele/consumer.h b/include/opkele/consumer.h index 042e2d1..b9d1e54 100644 --- a/include/opkele/consumer.h +++ b/include/opkele/consumer.h | |||
| @@ -13,6 +13,11 @@ namespace opkele { | |||
| 13 | 13 | ||
| 14 | /** | 14 | /** |
| 15 | * implementation of basic consumer functionality | 15 | * implementation of basic consumer functionality |
| 16 | * | ||
| 17 | * @note | ||
| 18 | * The consumer uses libcurl internally, which means that if you're using | ||
| 19 | * libopkele in multithreaded environment you should call curl_global_init | ||
| 20 | * yourself before spawning any threads. | ||
| 16 | */ | 21 | */ |
| 17 | class consumer_t { | 22 | class consumer_t { |
| 18 | public: | 23 | public: |
| @@ -31,10 +36,16 @@ namespace opkele { | |||
| 31 | * retrieve stored association. The function should be overridden | 36 | * retrieve stored association. The function should be overridden |
| 32 | * in the real implementation to provide persistent assocations | 37 | * in the real implementation to provide persistent assocations |
| 33 | * store. | 38 | * store. |
| 39 | * | ||
| 40 | * @note | ||
| 41 | * The user is responsible for handling associations expiry and | ||
| 42 | * this function should never return an expired or invalidated | ||
| 43 | * association. | ||
| 44 | * | ||
| 34 | * @param server the OpenID server | 45 | * @param server the OpenID server |
| 35 | * @param handle association handle | 46 | * @param handle association handle |
| 36 | * @return the autho_ptr<> for the newly allocated association_t object | 47 | * @return the autho_ptr<> for the newly allocated association_t object |
| 37 | * @throw failed_lookup in case of error | 48 | * @throw failed_lookup if no unexpired association found |
| 38 | */ | 49 | */ |
| 39 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; | 50 | virtual assoc_t retrieve_assoc(const string& server,const string& handle) = 0; |
| 40 | /** | 51 | /** |
| @@ -48,6 +59,12 @@ namespace opkele { | |||
| 48 | * retrieve any unexpired association for the server. If the | 59 | * retrieve any unexpired association for the server. If the |
| 49 | * function is not overridden in the real implementation, the new | 60 | * function is not overridden in the real implementation, the new |
| 50 | * association will be established for each request. | 61 | * association will be established for each request. |
| 62 | * | ||
| 63 | * @note | ||
| 64 | * The user is responsible for handling associations and this | ||
| 65 | * function should never return an expired or invalidated | ||
| 66 | * association. | ||
| 67 | * | ||
| 51 | * @param server the OpenID server | 68 | * @param server the OpenID server |
| 52 | * @return the auto_ptr<> for the newly allocated association_t object | 69 | * @return the auto_ptr<> for the newly allocated association_t object |
| 53 | * @throw failed_lookup in case of absence of the handle | 70 | * @throw failed_lookup in case of absence of the handle |
diff --git a/lib/consumer.cc b/lib/consumer.cc index dd8e150..af309c1 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
| @@ -144,6 +144,8 @@ namespace opkele { | |||
| 144 | p["return_to"] = return_to; | 144 | p["return_to"] = return_to; |
| 145 | try { | 145 | try { |
| 146 | string ah = find_assoc(server)->handle(); | 146 | string ah = find_assoc(server)->handle(); |
| 147 | if(ah->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ | ||
| 148 | throw failed_lookup(OPKELE_CP_ "find_assoc() has returned expired handle"); | ||
| 147 | p["assoc_handle"] = ah; | 149 | p["assoc_handle"] = ah; |
| 148 | }catch(failed_lookup& fl) { | 150 | }catch(failed_lookup& fl) { |
| 149 | string ah = associate(server)->handle(); | 151 | string ah = associate(server)->handle(); |
| @@ -161,6 +163,8 @@ namespace opkele { | |||
| 161 | params_t ps; | 163 | params_t ps; |
| 162 | try { | 164 | try { |
| 163 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); | 165 | assoc_t assoc = retrieve_assoc(server,pin.get_param("openid.assoc_handle")); |
| 166 | if(assoc->is_expired()) /* TODO: or should I throw some other exception to force programmer fix his implementation? */ | ||
| 167 | throw failed_lookup(OPKELE_CP_ "retrieve_assoc() has returned expired handle"); | ||
| 164 | const string& sigenc = pin.get_param("openid.sig"); | 168 | const string& sigenc = pin.get_param("openid.sig"); |
| 165 | vector<unsigned char> sig; | 169 | vector<unsigned char> sig; |
| 166 | util::decode_base64(sigenc,sig); | 170 | util::decode_base64(sigenc,sig); |