Class: OpenID::Server::CheckAuthRequest

Inherits:

OpenIDRequest

Object
OpenIDRequest
OpenID::Server::CheckAuthRequest

show all

Defined in:: lib/openid/server.rb

Overview

A request to verify the validity of a previous response.

See OpenID Specs, Verifying Directly with the OpenID Provider <openid.net/specs/openid-authentication-2_0-12.html#verifying_signatures>

Instance Attribute Summary collapse

#assoc_handle ⇒ Object

The association handle the response was signed with.
#invalidate_handle ⇒ Object

An association handle the client is asking about the validity of.
#sig ⇒ Object

Returns the value of attribute sig.
#signed ⇒ Object

The message with the signature which wants checking.

Attributes inherited from OpenIDRequest

#message, #mode

Class Method Summary collapse

.from_message(message, _op_endpoint = UNUSED) ⇒ Object

Construct me from an OpenID::Message.

Instance Method Summary collapse

#answer(signatory) ⇒ Object

Respond to this request.
#initialize(assoc_handle, signed, invalidate_handle = nil) ⇒ CheckAuthRequest constructor

Construct me.
#to_s ⇒ Object

Methods inherited from OpenIDRequest

#namespace

Constructor Details

#initialize(assoc_handle, signed, invalidate_handle = nil) ⇒ `CheckAuthRequest`

Construct me.

These parameters are assigned directly as class attributes.

Parameters:

assoc_handle: the association handle for this request
signed: The signed message
invalidate_handle: An association handle that the relying party is checking to see if it is invalid

# File 'lib/openid/server.rb', line 70

def initialize(assoc_handle, signed, invalidate_handle = nil)
  super()

  @mode = "check_authentication"
  @required_fields = %w[identity return_to response_nonce].freeze

  @sig = nil
  @assoc_handle = assoc_handle
  @signed = signed
  @invalidate_handle = invalidate_handle
end

Instance Attribute Details

#assoc_handle ⇒ `Object`

The association handle the response was signed with.



50
51
52

# File 'lib/openid/server.rb', line 50

def assoc_handle
  @assoc_handle
end

#invalidate_handle ⇒ `Object`

An association handle the client is asking about the validity of. May be nil.



57
58
59

# File 'lib/openid/server.rb', line 57

def invalidate_handle
  @invalidate_handle
end

#sig ⇒ `Object`

Returns the value of attribute sig.



59
60
61

# File 'lib/openid/server.rb', line 59

def sig
  @sig
end

#signed ⇒ `Object`

The message with the signature which wants checking.



53
54
55

# File 'lib/openid/server.rb', line 53

def signed
  @signed
end

Class Method Details

.from_message(message, _op_endpoint = UNUSED) ⇒ `Object`

Construct me from an OpenID::Message.

# File 'lib/openid/server.rb', line 83

def self.from_message(message, _op_endpoint = UNUSED)
  assoc_handle = message.get_arg(OPENID_NS, "assoc_handle")
  invalidate_handle = message.get_arg(OPENID_NS, "invalidate_handle")

  signed = message.copy
  # openid.mode is currently check_authentication because
  # that's the mode of this request.  But the signature
  # was made on something with a different openid.mode.
  # http://article.gmane.org/gmane.comp.web.openid.general/537
  signed.set_arg(OPENID_NS, "mode", "id_res") if signed.has_key?(OPENID_NS, "mode")

  obj = new(assoc_handle, signed, invalidate_handle)
  obj.message = message
  obj.sig = message.get_arg(OPENID_NS, "sig")

  if !obj.assoc_handle or
      !obj.sig
    msg = format(
      "%s request missing required parameter from message %s",
      obj.mode,
      message,
    )
    raise ProtocolError.new(message, msg)
  end

  obj
end

Instance Method Details

#answer(signatory) ⇒ `Object`

Respond to this request.

Given a Signatory, I can check the validity of the signature and the invalidate_handle. I return a response with an is_valid (and, if appropriate invalidate_handle) field.

# File 'lib/openid/server.rb', line 116

def answer(signatory)
  is_valid = signatory.verify(@assoc_handle, @signed)
  # Now invalidate that assoc_handle so it this checkAuth
  # message cannot be replayed.
  signatory.invalidate(@assoc_handle, true)
  response = OpenIDResponse.new(self)
  valid_str = is_valid ? "true" : "false"
  response.fields.set_arg(OPENID_NS, "is_valid", valid_str)

  if @invalidate_handle
    assoc = signatory.get_association(@invalidate_handle, false)
    unless assoc
      response.fields.set_arg(
        OPENID_NS, "invalidate_handle", @invalidate_handle
      )
    end
  end

  response
end

#to_s ⇒ `Object`

# File 'lib/openid/server.rb', line 137

def to_s
  ih = nil

  ih = if @invalidate_handle
    format(" invalidate? %s", @invalidate_handle)
  else
    ""
  end

  format(
    "<%s handle: %s sig: %s: signed: %s%s>",
    self.class,
    @assoc_handle,
    @sig,
    @signed,
    ih,
  )
end