From 30c217c0dca4c7a72ff4248fc4d4504fc1d85fc0 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 7 Jul 2009 20:05:34 +0000 Subject: Store exchanged attributes in the cookie. --- module/consumer.cc | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'module/consumer.cc') diff --git a/module/consumer.cc b/module/consumer.cc index 32db8cb..9c5da89 100644 --- a/module/consumer.cc +++ b/module/consumer.cc @@ -16,6 +16,9 @@ using opkele::failed_discovery; using opkele::failed_lookup; using opkele::failed_xri_resolution; using opkele::id_res_bad_nonce; +using opkele::id_res_bad_return_to; +using opkele::id_res_failed; +using opkele::id_res_mismatch; using opkele::no_endpoint; using opkele::openid_endpoint_t; using opkele::openid_message_t; @@ -271,8 +274,13 @@ Consumer::retrieve_assoc(const string& server, const string& handle) } } + /* + * Yes, we return this when not found, it helps the user experience, if + * apache restarted. + */ + if (!assoc) - throw failed_lookup("could not retrieve association for server: " + server); + throw dumb_RP("could not retrieve association for server: " + server); return assoc_t(assoc); } @@ -362,7 +370,7 @@ process_ax_values (sid_request_t *req, sid_attribute_t *attr, const string_list& array[i] = it->c_str(); array[i] = NULL; - sid_request_attribute_values (req, attr, array); + sid_request_attribute_values (req, attr, array, values.size()); delete [] array; } @@ -483,6 +491,18 @@ complete_auth (sid_request_t *req, Consumer &consumer, params_t ¶ms, string identity = consumer.get_claimed_id(); sid_request_authenticated (req, identity.c_str()); parse_ax_attributes(req, params, attributes); + } catch (id_res_mismatch &ex) { + sid_request_respond (req, 403, "Signature mismatch", NULL); + sid_request_log_error (req, "signature did not match data", ex.what()); + } catch (bad_input &ex) { + sid_request_respond (req, 403, "Bad authentication input", NULL); + sid_request_log_error (req, "bad input", ex.what()); + } catch (id_res_bad_return_to &ex) { + sid_request_respond (req, 403, "Bad authenticated address", NULL); + sid_request_log_error (req, "bad return to", ex.what()); + } catch (id_res_failed &ex) { + sid_request_respond (req, 503, "Service error, try again", NULL); + sid_request_log_error (req, "checking response failed", ex.what()); } catch (exception &ex) { sid_request_respond (req, 500, NULL, NULL); sid_request_log_error (req, "error while completing authentication", ex.what()); -- cgit v1.2.3