| -rw-r--r-- | lib/basic_rp.cc | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 2da8416..a884583 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
| @@ -249,66 +249,49 @@ namespace opkele { | |||
| 249 | util::strip_uri_fragment_part(turl); | 249 | util::strip_uri_fragment_part(turl); |
| 250 | string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to")); | 250 | string rurl = util::rfc_3986_normalize_uri(om.get_field("return_to")); |
| 251 | util::strip_uri_fragment_part(rurl); | 251 | util::strip_uri_fragment_part(rurl); |
| 252 | string::size_type | 252 | string::size_type |
| 253 | tq = turl.find('?'), rq = rurl.find('?'); | 253 | tq = turl.find('?'), rq = rurl.find('?'); |
| 254 | if( | 254 | if( |
| 255 | ((tq==string::npos)?turl:turl.substr(0,tq)) | 255 | ((tq==string::npos)?turl:turl.substr(0,tq)) |
| 256 | != | 256 | != |
| 257 | ((rq==string::npos)?rurl:rurl.substr(0,rq)) | 257 | ((rq==string::npos)?rurl:rurl.substr(0,rq)) |
| 258 | ) | 258 | ) |
| 259 | throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url"); | 259 | throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url"); |
| 260 | map<string,string> tp; parse_query(turl,tq,tp); | 260 | map<string,string> tp; parse_query(turl,tq,tp); |
| 261 | map<string,string> rp; parse_query(rurl,rq,rp); | 261 | map<string,string> rp; parse_query(rurl,rq,rp); |
| 262 | for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) { | 262 | for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) { |
| 263 | map<string,string>::const_iterator tpi = tp.find(rpi->first); | 263 | map<string,string>::const_iterator tpi = tp.find(rpi->first); |
| 264 | if(tpi==tp.end()) | 264 | if(tpi==tp.end()) |
| 265 | throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); | 265 | throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); |
| 266 | if(tpi->second!=rpi->second) | 266 | if(tpi->second!=rpi->second) |
| 267 | throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); | 267 | throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); |
| 268 | } | 268 | } |
| 269 | 269 | ||
| 270 | if(om.has_field("claimed_id")) { | 270 | if(om.has_field("claimed_id")) { |
| 271 | verify_OP( | 271 | verify_OP( |
| 272 | om.get_field("op_endpoint"), | 272 | om.get_field("op_endpoint"), |
| 273 | om.get_field("claimed_id"), | 273 | om.get_field("claimed_id"), |
| 274 | om.get_field("identity") ); | 274 | om.get_field("identity") ); |
| 275 | } | 275 | } |
| 276 | 276 | ||
| 277 | } | 277 | } |
| 278 | if(ext) ext->id_res_hook(om,signeds); | 278 | if(ext) ext->id_res_hook(om,signeds); |
| 279 | } | 279 | } |
| 280 | 280 | ||
| 281 | class check_auth_message_proxy : public basic_openid_message { | ||
| 282 | public: | ||
| 283 | const basic_openid_message& x; | ||
| 284 | |||
| 285 | check_auth_message_proxy(const basic_openid_message& xx) : x(xx) { } | ||
| 286 | |||
| 287 | bool has_field(const string& n) const { return x.has_field(n); } | ||
| 288 | const string& get_field(const string& n) const { | ||
| 289 | static const string checkauthmode="check_authentication"; | ||
| 290 | return (n=="mode")?checkauthmode:x.get_field(n); } | ||
| 291 | bool has_ns(const string& uri) const {return x.has_ns(uri); } | ||
| 292 | string get_ns(const string& uri) const { return x.get_ns(uri); } | ||
| 293 | fields_iterator fields_begin() const { | ||
| 294 | return x.fields_begin(); } | ||
| 295 | fields_iterator fields_end() const { | ||
| 296 | return x.fields_end(); } | ||
| 297 | }; | ||
| 298 | |||
| 299 | void basic_RP::check_authentication(const string& OP, | 281 | void basic_RP::check_authentication(const string& OP, |
| 300 | const basic_openid_message& om){ | 282 | const basic_openid_message& om){ |
| 301 | openid_message_t res; | 283 | openid_message_t res; |
| 302 | direct_request(res,check_auth_message_proxy(om),OP); | 284 | static const string checkauthmode = "check_authentication"; |
| 285 | direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP); | ||
| 303 | if(res.has_field("is_valid")) { | 286 | if(res.has_field("is_valid")) { |
| 304 | if(res.get_field("is_valid")=="true") { | 287 | if(res.get_field("is_valid")=="true") { |
| 305 | if(res.has_field("invalidate_handle")) | 288 | if(res.has_field("invalidate_handle")) |
| 306 | invalidate_assoc(OP,res.get_field("invalidate_handle")); | 289 | invalidate_assoc(OP,res.get_field("invalidate_handle")); |
| 307 | return; | 290 | return; |
| 308 | } | 291 | } |
| 309 | } | 292 | } |
| 310 | throw failed_check_authentication( | 293 | throw failed_check_authentication( |
| 311 | OPKELE_CP_ "failed to verify response"); | 294 | OPKELE_CP_ "failed to verify response"); |
| 312 | } | 295 | } |
| 313 | 296 | ||
| 314 | } | 297 | } |