Class: OpenID::Server::AssociateRequest

Inherits:

OpenIDRequest

Object
OpenIDRequest
OpenID::Server::AssociateRequest

show all

Defined in:: lib/openid/server.rb

Overview

A request to establish an association.

See OpenID Specs, Section 8: Establishing Associations <openid.net/specs/openid-authentication-2_0-12.html#associations>

Constant Summary collapse

@@session_classes =

{
  "no-encryption" => PlainTextServerSession,
  "DH-SHA1" => DiffieHellmanSHA1ServerSession,
  "DH-SHA256" => DiffieHellmanSHA256ServerSession,
}

Instance Attribute Summary collapse

#assoc_type ⇒ Object

The type of association.
#session ⇒ Object

An object that knows how to handle association requests of a certain type.

Attributes inherited from OpenIDRequest

#message, #mode

Class Method Summary collapse

.from_message(message, _op_endpoint = UNUSED) ⇒ Object

Construct me from an OpenID Message.

Instance Method Summary collapse

#answer(assoc) ⇒ Object

Respond to this request with an association.
#answer_unsupported(message, preferred_association_type = nil, preferred_session_type = nil) ⇒ Object

Respond to this request indicating that the association type or association session type is not supported.
#initialize(session, assoc_type) ⇒ AssociateRequest constructor

Construct me.

Methods inherited from OpenIDRequest

#namespace

Constructor Details

#initialize(session, assoc_type) ⇒ `AssociateRequest`

Construct me.

The session is assigned directly as a class attribute. See my class documentation for its description.

# File 'lib/openid/server.rb', line 313

def initialize(session, assoc_type)
  super()
  @session = session
  @assoc_type = assoc_type

  @mode = "associate"
end

Instance Attribute Details

#assoc_type ⇒ `Object`

The type of association. Supported values include HMAC-SHA256 and HMAC-SHA1



301
302
303

# File 'lib/openid/server.rb', line 301

def assoc_type
  @assoc_type
end

#session ⇒ `Object`

An object that knows how to handle association requests of a certain type.



297
298
299

# File 'lib/openid/server.rb', line 297

def session
  @session
end

Class Method Details

.from_message(message, _op_endpoint = UNUSED) ⇒ `Object`

Construct me from an OpenID Message.

# File 'lib/openid/server.rb', line 322

def self.from_message(message, _op_endpoint = UNUSED)
  if message.is_openid1
    session_type = message.get_arg(OPENID_NS, "session_type")
    if session_type == "no-encryption"
      Util.log("Received OpenID 1 request with a no-encryption " +
               "association session type. Continuing anyway.")
    elsif !session_type
      session_type = "no-encryption"
    end
  else
    session_type = message.get_arg(OPENID2_NS, "session_type")
    unless session_type
      raise ProtocolError.new(
        message,
        "session_type missing from request",
      )
    end
  end

  session_class = @@session_classes[session_type]

  unless session_class
    raise ProtocolError.new(
      message,
      format("Unknown session type %s", session_type),
    )
  end

  begin
    session = session_class.from_message(message)
  rescue ArgumentError => e
    # XXX
    raise ProtocolError.new(
      message,
      format(
        "Error parsing %s session: %s",
        session_type,
        e,
      ),
    )
  end

  assoc_type = message.get_arg(OPENID_NS, "assoc_type", "HMAC-SHA1")
  unless session.allowed_assoc_type?(assoc_type)
    msg = format(
      "Session type %s does not support association type %s",
      session_type,
      assoc_type,
    )
    raise ProtocolError.new(message, msg)
  end

  obj = new(session, assoc_type)
  obj.message = message
  obj
end

Instance Method Details

#answer(assoc) ⇒ `Object`

Respond to this request with an association.

assoc: The association to send back.

Returns a response with the association information, encrypted to the consumer’s public key if appropriate.

# File 'lib/openid/server.rb', line 385

def answer(assoc)
  response = OpenIDResponse.new(self)
  response.fields.update_args(OPENID_NS, {
    "expires_in" => format("%d", assoc.expires_in),
    "assoc_type" => @assoc_type,
    "assoc_handle" => assoc.handle,
  })
  response.fields.update_args(
    OPENID_NS,
    @session.answer(assoc.secret),
  )
  unless @session.session_type == "no-encryption" and
      @message.is_openid1
    response.fields.set_arg(
      OPENID_NS, "session_type", @session.session_type
    )
  end

  response
end

#answer_unsupported(message, preferred_association_type = nil, preferred_session_type = nil) ⇒ `Object`

Respond to this request indicating that the association type or association session type is not supported.

Raises:

(ProtocolError)

# File 'lib/openid/server.rb', line 408

def answer_unsupported(message, preferred_association_type = nil,
  preferred_session_type = nil)
  raise ProtocolError.new(@message) if @message.is_openid1

  response = OpenIDResponse.new(self)
  response.fields.set_arg(OPENID_NS, "error_code", "unsupported-type")
  response.fields.set_arg(OPENID_NS, "error", message)

  if preferred_association_type
    response.fields.set_arg(
      OPENID_NS, "assoc_type", preferred_association_type
    )
  end

  if preferred_session_type
    response.fields.set_arg(
      OPENID_NS, "session_type", preferred_session_type
    )
  end

  response
end