summaryrefslogtreecommitdiff
path: root/module/consumer.cc
diff options
context:
space:
mode:
Diffstat (limited to 'module/consumer.cc')
-rw-r--r--module/consumer.cc24
1 files changed, 22 insertions, 2 deletions
diff --git a/module/consumer.cc b/module/consumer.cc
index 32db8cb..9c5da89 100644
--- a/module/consumer.cc
+++ b/module/consumer.cc
@@ -16,6 +16,9 @@ using opkele::failed_discovery;
using opkele::failed_lookup;
using opkele::failed_xri_resolution;
using opkele::id_res_bad_nonce;
+using opkele::id_res_bad_return_to;
+using opkele::id_res_failed;
+using opkele::id_res_mismatch;
using opkele::no_endpoint;
using opkele::openid_endpoint_t;
using opkele::openid_message_t;
@@ -271,8 +274,13 @@ Consumer::retrieve_assoc(const string& server, const string& handle)
}
}
+ /*
+ * Yes, we return this when not found, it helps the user experience, if
+ * apache restarted.
+ */
+
if (!assoc)
- throw failed_lookup("could not retrieve association for server: " + server);
+ throw dumb_RP("could not retrieve association for server: " + server);
return assoc_t(assoc);
}
@@ -362,7 +370,7 @@ process_ax_values (sid_request_t *req, sid_attribute_t *attr, const string_list&
array[i] = it->c_str();
array[i] = NULL;
- sid_request_attribute_values (req, attr, array);
+ sid_request_attribute_values (req, attr, array, values.size());
delete [] array;
}
@@ -483,6 +491,18 @@ complete_auth (sid_request_t *req, Consumer &consumer, params_t &params,
string identity = consumer.get_claimed_id();
sid_request_authenticated (req, identity.c_str());
parse_ax_attributes(req, params, attributes);
+ } catch (id_res_mismatch &ex) {
+ sid_request_respond (req, 403, "Signature mismatch", NULL);
+ sid_request_log_error (req, "signature did not match data", ex.what());
+ } catch (bad_input &ex) {
+ sid_request_respond (req, 403, "Bad authentication input", NULL);
+ sid_request_log_error (req, "bad input", ex.what());
+ } catch (id_res_bad_return_to &ex) {
+ sid_request_respond (req, 403, "Bad authenticated address", NULL);
+ sid_request_log_error (req, "bad return to", ex.what());
+ } catch (id_res_failed &ex) {
+ sid_request_respond (req, 503, "Service error, try again", NULL);
+ sid_request_log_error (req, "checking response failed", ex.what());
} catch (exception &ex) {
sid_request_respond (req, 500, NULL, NULL);
sid_request_log_error (req, "error while completing authentication", ex.what());