Class: OpenID::Server::AssociateRequest

Inherits:

OpenIDRequest

Object
OpenIDRequest
OpenID::Server::AssociateRequest

show all

Defined in:: lib/openid/server.rb

Overview

A request to establish an association.

See OpenID Specs, Section 8: Establishing Associations http://openid.net/specs/openid-authentication-2_0-12.html#associations

Constant Summary collapse

@@session_classes =

{
  'no-encryption' => PlainTextServerSession,
  'DH-SHA1' => DiffieHellmanSHA1ServerSession,
  'DH-SHA256' => DiffieHellmanSHA256ServerSession,
}

Instance Attribute Summary collapse

#assoc_type ⇒ Object
The type of association.
#session ⇒ Object
An object that knows how to handle association requests of a certain type.

Attributes inherited from OpenIDRequest

#message, #mode, #namespace

Class Method Summary collapse

.from_message(message, op_endpoint = UNUSED) ⇒ Object
Construct me from an OpenID Message.

Instance Method Summary collapse

#answer(assoc) ⇒ Object
Respond to this request with an association.
#answer_unsupported(message, preferred_association_type = nil, preferred_session_type = nil) ⇒ Object
Respond to this request indicating that the association type or association session type is not supported.
#initialize(session, assoc_type) ⇒ AssociateRequest constructor
Construct me.

Constructor Details

#initialize(session, assoc_type) ⇒ `AssociateRequest`

Construct me.

The session is assigned directly as a class attribute. See my class documentation for its description.

# File 'lib/openid/server.rb', line 296

def initialize(session, assoc_type)
  super()
  @session = session
  @assoc_type = assoc_type
  @namespace = OPENID2_NS

  @mode = "associate"
end

Instance Attribute Details

#assoc_type ⇒ `Object`

The type of association. Supported values include HMAC-SHA256 and HMAC-SHA1



284
285
286

# File 'lib/openid/server.rb', line 284

def assoc_type
  @assoc_type
end

#session ⇒ `Object`

An object that knows how to handle association requests of a certain type.



280
281
282

# File 'lib/openid/server.rb', line 280

def session
  @session
end

Class Method Details

.from_message(message, op_endpoint = UNUSED) ⇒ `Object`

Construct me from an OpenID Message.

# File 'lib/openid/server.rb', line 306

def self.from_message(message, op_endpoint=UNUSED)
  if message.is_openid1()
    session_type = message.get_arg(OPENID1_NS, 'session_type')
    if session_type == 'no-encryption'
      Util.log('Received OpenID 1 request with a no-encryption ' +
               'assocaition session type. Continuing anyway.')
    elsif !session_type
      session_type = 'no-encryption'
    end
  else
    session_type = message.get_arg(OPENID2_NS, 'session_type')
    if !session_type
      raise ProtocolError.new(message,
                              text="session_type missing from request")
    end
  end

  session_class = @@session_classes[session_type]

  if !session_class
    raise ProtocolError.new(message,
            sprintf("Unknown session type %s", session_type))
  end

  begin
    session = session_class.from_message(message)
  rescue ArgumentError => why
    # XXX
    raise ProtocolError.new(message,
                            sprintf('Error parsing %s session: %s',
                                    session_type, why))
  end

  assoc_type = message.get_arg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
  if !session.allowed_assoc_type?(assoc_type)
    msg = sprintf('Session type %s does not support association type %s',
                  session_type, assoc_type)
    raise ProtocolError.new(message, msg)
  end

  obj = self.new(session, assoc_type)
  obj.message = message
  obj.namespace = message.get_openid_namespace()
  return obj
end

Instance Method Details

#answer(assoc) ⇒ `Object`

Respond to this request with an association.

assoc: The association to send back.

Returns a response with the association information, encrypted to the consumer's public key if appropriate.

# File 'lib/openid/server.rb', line 358

def answer(assoc)
  response = OpenIDResponse.new(self)
  response.fields.update_args(OPENID_NS, {
      'expires_in' => sprintf('%d', assoc.expires_in()),
      'assoc_type' => @assoc_type,
      'assoc_handle' => assoc.handle,
      })
  response.fields.update_args(OPENID_NS,
                             @session.answer(assoc.secret))
  if @session.session_type != 'no-encryption'
    response.fields.set_arg(
        OPENID_NS, 'session_type', @session.session_type)
  end

  return response
end

#answer_unsupported(message, preferred_association_type = nil, preferred_session_type = nil) ⇒ `Object`

Respond to this request indicating that the association type or association session type is not supported.

# File 'lib/openid/server.rb', line 377

def answer_unsupported(message, preferred_association_type=nil,
                       preferred_session_type=nil)
  if @message.is_openid1()
    raise ProtocolError.new(@message)
  end

  response = OpenIDResponse.new(self)
  response.fields.set_arg(OPENID_NS, 'error_code', 'unsupported-type')
  response.fields.set_arg(OPENID_NS, 'error', message)

  if preferred_association_type
    response.fields.set_arg(
        OPENID_NS, 'assoc_type', preferred_association_type)
  end

  if preferred_session_type
    response.fields.set_arg(
        OPENID_NS, 'session_type', preferred_session_type)
  end

  return response
end