1 files changed, 1 insertions, 1 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 9c7113b..bc1fb7f 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -268,49 +268,49 @@ namespace opkele {
                    ^
                    (om.has_field("identity")?1:0)
                )&1 )
                throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");
            string turl = util::rfc_3986_normalize_uri(get_this_url());
            util::strip_uri_fragment_part(turl);
            string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));
            util::strip_uri_fragment_part(rurl);
            string::size_type
                tq = turl.find('?'), rq = rurl.find('?');
            if(
                    ((tq==string::npos)?turl:turl.substr(0,tq))
                    !=
                    ((rq==string::npos)?rurl:rurl.substr(0,rq))
              )
                throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
            map<string,string> tp; parse_query(turl,tq,tp);
            map<string,string> rp; parse_query(rurl,rq,rp);
            for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
                map<string,string>::const_iterator tpi = tp.find(rpi->first);
                if(tpi==tp.end())
                    throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
                if(tpi->second!=rpi->second)
-                    throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");
+                    throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't match the request");
            }
            if(om.has_field("claimed_id")) {
                claimed_id = om.get_field("claimed_id");
                identity = om.get_field("identity");
                verify_OP(
                        om.get_field("op_endpoint"),
                        claimed_id, identity );
            }
        }else{
            claimed_id = get_endpoint().claimed_id;
            /* TODO: check if this is the identity we asked for */
            identity = om.get_field("identity");
        }
        if(ext) ext->rp_id_res_hook(om,signeds);
    }
    void basic_RP::check_authentication(const string& OP,
            const basic_openid_message& om){
        openid_message_t res;
        static const string checkauthmode = "check_authentication";
        direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
        if(res.has_field("is_valid")) {

diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 9c7113b..bc1fb7f 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc
@@ -268,49 +268,49 @@ namespace opkele {
268	^	268	^
269	(om.has_field("identity")?1:0)	269	(om.has_field("identity")?1:0)
270	)&1 )	270	)&1 )
271	throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");	271	throw bad_input(OPKELE_CP_ "claimed_id and identity must be either both present or both absent");
272		272
273	string turl = util::rfc_3986_normalize_uri(get_this_url());	273	string turl = util::rfc_3986_normalize_uri(get_this_url());
274	util::strip_uri_fragment_part(turl);	274	util::strip_uri_fragment_part(turl);
275	string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));	275	string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to"));
276	util::strip_uri_fragment_part(rurl);	276	util::strip_uri_fragment_part(rurl);
277	string::size_type	277	string::size_type
278	tq = turl.find('?'), rq = rurl.find('?');	278	tq = turl.find('?'), rq = rurl.find('?');
279	if(	279	if(
280	((tq==string::npos)?turl:turl.substr(0,tq))	280	((tq==string::npos)?turl:turl.substr(0,tq))
281	!=	281	!=
282	((rq==string::npos)?rurl:rurl.substr(0,rq))	282	((rq==string::npos)?rurl:rurl.substr(0,rq))
283	)	283	)
284	throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");	284	throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
285	map<string,string> tp; parse_query(turl,tq,tp);	285	map<string,string> tp; parse_query(turl,tq,tp);
286	map<string,string> rp; parse_query(rurl,rq,rp);	286	map<string,string> rp; parse_query(rurl,rq,rp);
287	for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {	287	for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
288	map<string,string>::const_iterator tpi = tp.find(rpi->first);	288	map<string,string>::const_iterator tpi = tp.find(rpi->first);
289	if(tpi==tp.end())	289	if(tpi==tp.end())
290	throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");	290	throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
291	if(tpi->second!=rpi->second)	291	if(tpi->second!=rpi->second)
292	throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");	292	throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't match the request");
293	}	293	}
294		294
295	if(om.has_field("claimed_id")) {	295	if(om.has_field("claimed_id")) {
296	claimed_id = om.get_field("claimed_id");	296	claimed_id = om.get_field("claimed_id");
297	identity = om.get_field("identity");	297	identity = om.get_field("identity");
298	verify_OP(	298	verify_OP(
299	om.get_field("op_endpoint"),	299	om.get_field("op_endpoint"),
300	claimed_id, identity );	300	claimed_id, identity );
301	}	301	}
302		302
303	}else{	303	}else{
304	claimed_id = get_endpoint().claimed_id;	304	claimed_id = get_endpoint().claimed_id;
305	/* TODO: check if this is the identity we asked for */	305	/* TODO: check if this is the identity we asked for */
306	identity = om.get_field("identity");	306	identity = om.get_field("identity");
307	}	307	}
308	if(ext) ext->rp_id_res_hook(om,signeds);	308	if(ext) ext->rp_id_res_hook(om,signeds);
309	}	309	}
310		310
311	void basic_RP::check_authentication(const string& OP,	311	void basic_RP::check_authentication(const string& OP,
312	const basic_openid_message& om){	312	const basic_openid_message& om){
313	openid_message_t res;	313	openid_message_t res;
314	static const string checkauthmode = "check_authentication";	314	static const string checkauthmode = "check_authentication";
315	direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);	315	direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
316	if(res.has_field("is_valid")) {	316	if(res.has_field("is_valid")) {