Class: OpenID::Server::CheckAuthRequest

Inherits:
OpenIDRequest show all
Defined in:
lib/openid/server.rb

Overview

A request to verify the validity of a previous response.

See OpenID Specs, Verifying Directly with the OpenID Provider <openid.net/specs/openid-authentication-2_0-12.html#verifying_signatures>

Instance Attribute Summary collapse

Attributes inherited from OpenIDRequest

#message, #mode

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from OpenIDRequest

#namespace

Constructor Details

#initialize(assoc_handle, signed, invalidate_handle = nil) ⇒ CheckAuthRequest

Construct me.

These parameters are assigned directly as class attributes.

Parameters:

assoc_handle

the association handle for this request

signed

The signed message

invalidate_handle

An association handle that the relying party is checking to see if it is invalid



76
77
78
79
80
81
82
83
84
85
86
# File 'lib/openid/server.rb', line 76

def initialize(assoc_handle, signed, invalidate_handle=nil)
  super()

  @mode = "check_authentication"
  @required_fields = ["identity", "return_to", "response_nonce"].freeze

  @sig = nil
  @assoc_handle = assoc_handle
  @signed = signed
  @invalidate_handle = invalidate_handle
end

Instance Attribute Details

#assoc_handleObject

The association handle the response was signed with.



56
57
58
# File 'lib/openid/server.rb', line 56

def assoc_handle
  @assoc_handle
end

#invalidate_handleObject

An association handle the client is asking about the validity of. May be nil.



63
64
65
# File 'lib/openid/server.rb', line 63

def invalidate_handle
  @invalidate_handle
end

#sigObject

Returns the value of attribute sig.



65
66
67
# File 'lib/openid/server.rb', line 65

def sig
  @sig
end

#signedObject

The message with the signature which wants checking.



59
60
61
# File 'lib/openid/server.rb', line 59

def signed
  @signed
end

Class Method Details

.from_message(message, op_endpoint = UNUSED) ⇒ Object

Construct me from an OpenID::Message.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/openid/server.rb', line 89

def self.from_message(message, op_endpoint=UNUSED)
  assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle')
  invalidate_handle = message.get_arg(OPENID_NS, 'invalidate_handle')

  signed = message.copy()
  # openid.mode is currently check_authentication because
  # that's the mode of this request.  But the signature
  # was made on something with a different openid.mode.
  # http://article.gmane.org/gmane.comp.web.openid.general/537
  if signed.has_key?(OPENID_NS, "mode")
    signed.set_arg(OPENID_NS, "mode", "id_res")
  end

  obj = self.new(assoc_handle, signed, invalidate_handle)
  obj.message = message
  obj.sig = message.get_arg(OPENID_NS, 'sig')

  if !obj.assoc_handle or
      !obj.sig
    msg = sprintf("%s request missing required parameter from message %s",
                  obj.mode, message)
      raise ProtocolError.new(message, msg)
  end

  return obj
end

Instance Method Details

#answer(signatory) ⇒ Object

Respond to this request.

Given a Signatory, I can check the validity of the signature and the invalidate_handle. I return a response with an is_valid (and, if appropriate invalidate_handle) field.



121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/openid/server.rb', line 121

def answer(signatory)
  is_valid = signatory.verify(@assoc_handle, @signed)
  # Now invalidate that assoc_handle so it this checkAuth
  # message cannot be replayed.
  signatory.invalidate(@assoc_handle, dumb=true)
  response = OpenIDResponse.new(self)
  valid_str = is_valid ? "true" : "false"
  response.fields.set_arg(OPENID_NS, 'is_valid', valid_str)

  if @invalidate_handle
    assoc = signatory.get_association(@invalidate_handle, false)
    if !assoc
      response.fields.set_arg(
              OPENID_NS, 'invalidate_handle', @invalidate_handle)
    end
  end

  return response
end

#to_sObject



141
142
143
144
145
146
147
148
149
150
151
152
153
154
# File 'lib/openid/server.rb', line 141

def to_s
  ih = nil

  if @invalidate_handle
    ih = sprintf(" invalidate? %s", @invalidate_handle)
  else
    ih = ""
  end

  s = sprintf("<%s handle: %s sig: %s: signed: %s%s>",
              self.class, @assoc_handle,
              @sig, @signed, ih)
  return s
end