From b1e37043ded3470146bc0a6f5d81bb2456a809f1 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Thu, 18 Jun 2009 20:54:06 +0000
Subject: Pass GET arguments through authentication properly.

---
 module/consumer.cc | 32 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 20 deletions(-)

(limited to 'module/consumer.cc')

diff --git a/module/consumer.cc b/module/consumer.cc
index 9933eeb..1016f84 100644
--- a/module/consumer.cc
+++ b/module/consumer.cc
@@ -42,7 +42,7 @@ private: // types
 	typedef vector<openid_endpoint_t> endpoints;
 
 public: // interface
-	Consumer(const char *url, sid_storage_t *store)
+	Consumer(const string& url, sid_storage_t *store)
 		: _store(store), _url(url), _index(0)
 		{ }
 
@@ -254,21 +254,13 @@ static void
 begin_auth (sid_request_t *req, Consumer &consumer, params_t &params,
             const string& trust_root, const string &identity)
 {
-	params_t openid;
-
-	/* Remove all openid params, and stash away extensions */
-	filter_openid_params (params, openid);
-	string return_to = consumer.get_this_url();
-	if (!params.empty())
-		return_to = params.append_query (return_to, "");
-
 	params_t result;
 	string redirect;
 
 	try {
 		openid_message_t cm;
 		consumer.initiate (identity);
-		consumer.checkid_ (cm, opkele::mode_checkid_setup, return_to, trust_root);
+		consumer.checkid_ (cm, opkele::mode_checkid_setup, consumer.get_this_url(), trust_root);
 		redirect = cm.append_query (consumer.get_endpoint().uri);
 
 	} catch (failed_xri_resolution &ex) {
@@ -305,12 +297,8 @@ begin_auth (sid_request_t *req, Consumer &consumer, params_t &params,
 static void
 complete_auth (sid_request_t *req, Consumer &consumer, params_t &params)
 {
-	params_t openid;
-
-	filter_openid_params (params, openid);
-
 	try {
-		consumer.id_res(openid);
+		consumer.id_res(params);
 		string identity = consumer.get_claimed_id();
 		sid_request_authenticated (req, identity.c_str());
 	} catch (exception &ex) {
@@ -330,22 +318,26 @@ sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store,
                           const char *trust_root, const char *identity)
 {
 	params_t params;
+	params_t openid;
 
 	assert (req);
 
 	const char *qs = sid_request_qs (req);
 	parse_query_string (qs, params);
+	filter_openid_params (params, openid);
 
-	const char *url = sid_request_url (req, 1);
+	string url = sid_request_url (req, 1);
+	if (!params.empty())
+		url = params.append_query (url, "");
 	Consumer consumer(url, store);
 
 	/* Returning (hopefully successful) authentication */
-	if (params.has_param("openid.assoc_handle")) {
-		complete_auth (req, consumer, params);
+	if (openid.has_param("assoc_handle")) {
+		complete_auth (req, consumer, openid);
 
 	/* Returning cancelled authentication */
-	} else if (params.has_param("openid.mode") && params.get_param("openid.mode") == "cancel") {
-		cancelled_auth (req, consumer, params);
+	} else if (openid.has_param("mode") && openid.get_param("mode") == "cancel") {
+		cancelled_auth (req, consumer, openid);
 
 	/* Begin a new authentication */
 	} else {
-- 
cgit v1.2.3