| -rw-r--r-- | lib/basic_op.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index c89d1d7..9e2ea5a 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
| @@ -148,127 +148,130 @@ namespace opkele { | |||
| 148 | // no handle specified or no valid assoc found, go dumb | 148 | // no handle specified or no valid assoc found, go dumb |
| 149 | assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true); | 149 | assoc = alloc_assoc("HMAC-SHA256",SHA256_DIGEST_LENGTH,true); |
| 150 | } | 150 | } |
| 151 | try { | 151 | try { |
| 152 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); | 152 | openid2 = (inm.get_field("ns")==OIURI_OPENID20); |
| 153 | }catch(failed_lookup&) { openid2 = false; } | 153 | }catch(failed_lookup&) { openid2 = false; } |
| 154 | try { | 154 | try { |
| 155 | return_to = inm.get_field("return_to"); | 155 | return_to = inm.get_field("return_to"); |
| 156 | }catch(failed_lookup&) { } | 156 | }catch(failed_lookup&) { } |
| 157 | if(openid2) { | 157 | if(openid2) { |
| 158 | try { | 158 | try { |
| 159 | realm = inm.get_field("realm"); | 159 | realm = inm.get_field("realm"); |
| 160 | }catch(failed_lookup&) { | 160 | }catch(failed_lookup&) { |
| 161 | try { | 161 | try { |
| 162 | realm = inm.get_field("trust_root"); | 162 | realm = inm.get_field("trust_root"); |
| 163 | }catch(failed_lookup&) { | 163 | }catch(failed_lookup&) { |
| 164 | if(return_to.empty()) | 164 | if(return_to.empty()) |
| 165 | throw bad_input(OPKELE_CP_ | 165 | throw bad_input(OPKELE_CP_ |
| 166 | "Both realm and return_to are unset"); | 166 | "Both realm and return_to are unset"); |
| 167 | realm = return_to; | 167 | realm = return_to; |
| 168 | } | 168 | } |
| 169 | } | 169 | } |
| 170 | }else{ | 170 | }else{ |
| 171 | try { | 171 | try { |
| 172 | realm = inm.get_field("trust_root"); | 172 | realm = inm.get_field("trust_root"); |
| 173 | }catch(failed_lookup&) { | 173 | }catch(failed_lookup&) { |
| 174 | if(return_to.empty()) | 174 | if(return_to.empty()) |
| 175 | throw bad_input(OPKELE_CP_ | 175 | throw bad_input(OPKELE_CP_ |
| 176 | "Both realm and return_to are unset"); | 176 | "Both realm and return_to are unset"); |
| 177 | realm = return_to; | 177 | realm = return_to; |
| 178 | } | 178 | } |
| 179 | } | 179 | } |
| 180 | try { | 180 | try { |
| 181 | identity = inm.get_field("identity"); | 181 | identity = inm.get_field("identity"); |
| 182 | try { | 182 | try { |
| 183 | claimed_id = inm.get_field("claimed_id"); | 183 | claimed_id = inm.get_field("claimed_id"); |
| 184 | }catch(failed_lookup&) { | 184 | }catch(failed_lookup&) { |
| 185 | if(openid2) | 185 | if(openid2) |
| 186 | throw bad_input(OPKELE_CP_ | 186 | throw bad_input(OPKELE_CP_ |
| 187 | "claimed_id and identity must be either both present or both absent"); | 187 | "claimed_id and identity must be either both present or both absent"); |
| 188 | claimed_id = identity; | 188 | claimed_id = identity; |
| 189 | } | 189 | } |
| 190 | }catch(failed_lookup&) { | 190 | }catch(failed_lookup&) { |
| 191 | if(openid2 && inm.has_field("claimed_id")) | 191 | if(openid2 && inm.has_field("claimed_id")) |
| 192 | throw bad_input(OPKELE_CP_ | 192 | throw bad_input(OPKELE_CP_ |
| 193 | "claimed_id and identity must be either both present or both absent"); | 193 | "claimed_id and identity must be either both present or both absent"); |
| 194 | } | 194 | } |
| 195 | verify_return_to(); | 195 | verify_return_to(); |
| 196 | if(ext) ext->op_checkid_hook(inm); | ||
| 196 | } | 197 | } |
| 197 | 198 | ||
| 198 | basic_openid_message& basic_op::id_res(basic_openid_message& om) { | 199 | basic_openid_message& basic_op::id_res(basic_openid_message& om, |
| 200 | extension_t *ext) { | ||
| 199 | assert(assoc); | 201 | assert(assoc); |
| 200 | assert(!return_to.empty()); | 202 | assert(!return_to.empty()); |
| 201 | assert(!is_id_select()); | 203 | assert(!is_id_select()); |
| 202 | time_t now = time(0); | 204 | time_t now = time(0); |
| 203 | struct tm gmt; gmtime_r(&now,&gmt); | 205 | struct tm gmt; gmtime_r(&now,&gmt); |
| 204 | char w3timestr[24]; | 206 | char w3timestr[24]; |
| 205 | if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt)) | 207 | if(!strftime(w3timestr,sizeof(w3timestr),"%Y-%m-%dT%H:%M:%SZ",&gmt)) |
| 206 | throw failed_conversion(OPKELE_CP_ | 208 | throw failed_conversion(OPKELE_CP_ |
| 207 | "Failed to build time string for nonce" ); | 209 | "Failed to build time string for nonce" ); |
| 208 | om.set_field("ns",OIURI_OPENID20); | 210 | om.set_field("ns",OIURI_OPENID20); |
| 209 | om.set_field("mode","id_res"); | 211 | om.set_field("mode","id_res"); |
| 210 | om.set_field("op_endpoint",get_op_endpoint()); | 212 | om.set_field("op_endpoint",get_op_endpoint()); |
| 211 | string ats = "ns,mode,op_endpoint,return_to,response_nonce," | 213 | string ats = "ns,mode,op_endpoint,return_to,response_nonce," |
| 212 | "assoc_handle,signed"; | 214 | "assoc_handle,signed"; |
| 213 | if(!identity.empty()) { | 215 | if(!identity.empty()) { |
| 214 | om.set_field("identity",identity); | 216 | om.set_field("identity",identity); |
| 215 | om.set_field("claimed_id",claimed_id); | 217 | om.set_field("claimed_id",claimed_id); |
| 216 | ats += ",identity,claimed_id"; | 218 | ats += ",identity,claimed_id"; |
| 217 | } | 219 | } |
| 218 | om.set_field("return_to",return_to); | 220 | om.set_field("return_to",return_to); |
| 219 | string nonce = w3timestr; | 221 | string nonce = w3timestr; |
| 220 | om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless())); | 222 | om.set_field("response_nonce",alloc_nonce(nonce,assoc->stateless())); |
| 221 | if(!invalidate_handle.empty()) { | 223 | if(!invalidate_handle.empty()) { |
| 222 | om.set_field("invalidate_handle",invalidate_handle); | 224 | om.set_field("invalidate_handle",invalidate_handle); |
| 223 | ats += ",invalidate_handle"; | 225 | ats += ",invalidate_handle"; |
| 224 | } | 226 | } |
| 225 | om.set_field("assoc_handle",assoc->handle()); | 227 | om.set_field("assoc_handle",assoc->handle()); |
| 226 | om.add_to_signed(ats); | 228 | om.add_to_signed(ats); |
| 229 | if(ext) ext->op_id_res_hook(om); | ||
| 227 | om.set_field("sig",util::base64_signature(assoc,om)); | 230 | om.set_field("sig",util::base64_signature(assoc,om)); |
| 228 | return om; | 231 | return om; |
| 229 | } | 232 | } |
| 230 | 233 | ||
| 231 | basic_openid_message& basic_op::cancel(basic_openid_message& om) { | 234 | basic_openid_message& basic_op::cancel(basic_openid_message& om) { |
| 232 | assert(!return_to.empty()); | 235 | assert(!return_to.empty()); |
| 233 | om.set_field("ns",OIURI_OPENID20); | 236 | om.set_field("ns",OIURI_OPENID20); |
| 234 | om.set_field("mode","cancel"); | 237 | om.set_field("mode","cancel"); |
| 235 | return om; | 238 | return om; |
| 236 | } | 239 | } |
| 237 | 240 | ||
| 238 | basic_openid_message& basic_op::error(basic_openid_message& om, | 241 | basic_openid_message& basic_op::error(basic_openid_message& om, |
| 239 | const string& error,const string& contact, | 242 | const string& error,const string& contact, |
| 240 | const string& reference ) { | 243 | const string& reference ) { |
| 241 | assert(!return_to.empty()); | 244 | assert(!return_to.empty()); |
| 242 | om.set_field("ns",OIURI_OPENID20); | 245 | om.set_field("ns",OIURI_OPENID20); |
| 243 | om.set_field("mode","error"); | 246 | om.set_field("mode","error"); |
| 244 | om.set_field("error",error); | 247 | om.set_field("error",error); |
| 245 | om.set_field("contact",contact); | 248 | om.set_field("contact",contact); |
| 246 | om.set_field("reference",reference); | 249 | om.set_field("reference",reference); |
| 247 | return om; | 250 | return om; |
| 248 | } | 251 | } |
| 249 | 252 | ||
| 250 | basic_openid_message& basic_op::setup_needed( | 253 | basic_openid_message& basic_op::setup_needed( |
| 251 | basic_openid_message& oum,const basic_openid_message& inm) { | 254 | basic_openid_message& oum,const basic_openid_message& inm) { |
| 252 | assert(mode==mode_checkid_immediate); | 255 | assert(mode==mode_checkid_immediate); |
| 253 | assert(!return_to.empty()); | 256 | assert(!return_to.empty()); |
| 254 | if(openid2) { | 257 | if(openid2) { |
| 255 | oum.set_field("ns",OIURI_OPENID20); | 258 | oum.set_field("ns",OIURI_OPENID20); |
| 256 | oum.set_field("mode","setup_needed"); | 259 | oum.set_field("mode","setup_needed"); |
| 257 | }else{ | 260 | }else{ |
| 258 | oum.set_field("mode","id_res"); | 261 | oum.set_field("mode","id_res"); |
| 259 | static const string setupmode = "checkid_setup"; | 262 | static const string setupmode = "checkid_setup"; |
| 260 | oum.set_field("user_setup_url", | 263 | oum.set_field("user_setup_url", |
| 261 | util::change_mode_message_proxy(inm,setupmode) | 264 | util::change_mode_message_proxy(inm,setupmode) |
| 262 | .append_query(get_op_endpoint())); | 265 | .append_query(get_op_endpoint())); |
| 263 | } | 266 | } |
| 264 | return oum; | 267 | return oum; |
| 265 | } | 268 | } |
| 266 | 269 | ||
| 267 | basic_openid_message& basic_op::check_authentication( | 270 | basic_openid_message& basic_op::check_authentication( |
| 268 | basic_openid_message& oum, | 271 | basic_openid_message& oum, |
| 269 | const basic_openid_message& inm) try { | 272 | const basic_openid_message& inm) try { |
| 270 | assert(inm.get_field("mode")=="check_authentication"); | 273 | assert(inm.get_field("mode")=="check_authentication"); |
| 271 | oum.reset_fields(); | 274 | oum.reset_fields(); |
| 272 | oum.set_field("ns",OIURI_OPENID20); | 275 | oum.set_field("ns",OIURI_OPENID20); |
| 273 | bool o2; | 276 | bool o2; |
| 274 | try { | 277 | try { |