-rw-r--r-- | lib/basic_rp.cc | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 2da8416..a884583 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc @@ -249,66 +249,49 @@ namespace opkele { util::strip_uri_fragment_part(turl); string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to")); util::strip_uri_fragment_part(rurl); string::size_type tq = turl.find('?'), rq = rurl.find('?'); if( ((tq==string::npos)?turl:turl.substr(0,tq)) != ((rq==string::npos)?rurl:rurl.substr(0,rq)) ) throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url"); map<string,string> tp; parse_query(turl,tq,tp); map<string,string> rp; parse_query(rurl,rq,rp); for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) { map<string,string>::const_iterator tpi = tp.find(rpi->first); if(tpi==tp.end()) throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); if(tpi->second!=rpi->second) throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); } if(om.has_field("claimed_id")) { verify_OP( om.get_field("op_endpoint"), om.get_field("claimed_id"), om.get_field("identity") ); } } if(ext) ext->id_res_hook(om,signeds); } - class check_auth_message_proxy : public basic_openid_message { - public: - const basic_openid_message& x; - - check_auth_message_proxy(const basic_openid_message& xx) : x(xx) { } - - bool has_field(const string& n) const { return x.has_field(n); } - const string& get_field(const string& n) const { - static const string checkauthmode="check_authentication"; - return (n=="mode")?checkauthmode:x.get_field(n); } - bool has_ns(const string& uri) const {return x.has_ns(uri); } - string get_ns(const string& uri) const { return x.get_ns(uri); } - fields_iterator fields_begin() const { - return x.fields_begin(); } - fields_iterator fields_end() const { - return x.fields_end(); } - }; - void basic_RP::check_authentication(const string& OP, const basic_openid_message& om){ openid_message_t res; - direct_request(res,check_auth_message_proxy(om),OP); + static const string checkauthmode = "check_authentication"; + direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP); if(res.has_field("is_valid")) { if(res.get_field("is_valid")=="true") { if(res.has_field("invalidate_handle")) invalidate_assoc(OP,res.get_field("invalidate_handle")); return; } } throw failed_check_authentication( OPKELE_CP_ "failed to verify response"); } } |