class OpenID::Server::CheckAuthRequest

A request to verify the validity of a previous response.

See OpenID Specs, Verifying Directly with the OpenID Provider <openid.net/specs/openid-authentication-2_0-12.html#verifying_signatures>

Attributes

assoc_handle[RW]

The association handle the response was signed with.

invalidate_handle[RW]

An association handle the client is asking about the validity of. May be nil.

sig[RW]
signed[RW]

The message with the signature which wants checking.

Public Class Methods

from_message(message, op_endpoint=UNUSED) click to toggle source

Construct me from an OpenID::Message.

# File lib/openid/server.rb, line 89
def self.from_message(message, op_endpoint=UNUSED)
  assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle')
  invalidate_handle = message.get_arg(OPENID_NS, 'invalidate_handle')

  signed = message.copy()
  # openid.mode is currently check_authentication because
  # that's the mode of this request.  But the signature
  # was made on something with a different openid.mode.
  # http://article.gmane.org/gmane.comp.web.openid.general/537
  if signed.has_key?(OPENID_NS, "mode")
    signed.set_arg(OPENID_NS, "mode", "id_res")
  end

  obj = self.new(assoc_handle, signed, invalidate_handle)
  obj.message = message
  obj.sig = message.get_arg(OPENID_NS, 'sig')

  if !obj.assoc_handle or
      !obj.sig
    msg = sprintf("%s request missing required parameter from message %s",
                  obj.mode, message)
      raise ProtocolError.new(message, msg)
  end

  return obj
end
new(assoc_handle, signed, invalidate_handle=nil) click to toggle source

Construct me.

These parameters are assigned directly as class attributes.

Parameters:

#assoc_handle

the association handle for this request

signed

The signed message

#invalidate_handle

An association handle that the relying party is checking to see if it is invalid

Calls superclass method OpenID::Server::OpenIDRequest.new
# File lib/openid/server.rb, line 76
def initialize(assoc_handle, signed, invalidate_handle=nil)
  super()

  @mode = "check_authentication"
  @required_fields = ["identity", "return_to", "response_nonce"].freeze

  @sig = nil
  @assoc_handle = assoc_handle
  @signed = signed
  @invalidate_handle = invalidate_handle
end

Public Instance Methods

answer(signatory) click to toggle source

Respond to this request.

Given a Signatory, I can check the validity of the signature and the invalidate_handle. I return a response with an is_valid (and, if appropriate #invalidate_handle) field.

# File lib/openid/server.rb, line 121
def answer(signatory)
  is_valid = signatory.verify(@assoc_handle, @signed)
  # Now invalidate that assoc_handle so it this checkAuth
  # message cannot be replayed.
  signatory.invalidate(@assoc_handle, true)
  response = OpenIDResponse.new(self)
  valid_str = is_valid ? "true" : "false"
  response.fields.set_arg(OPENID_NS, 'is_valid', valid_str)

  if @invalidate_handle
    assoc = signatory.get_association(@invalidate_handle, false)
    if !assoc
      response.fields.set_arg(
              OPENID_NS, 'invalidate_handle', @invalidate_handle)
    end
  end

  return response
end
to_s() click to toggle source
# File lib/openid/server.rb, line 141
def to_s
  ih = nil

  if @invalidate_handle
    ih = sprintf(" invalidate? %s", @invalidate_handle)
  else
    ih = ""
  end

  s = sprintf("<%s handle: %s sig: %s: signed: %s%s>",
              self.class, @assoc_handle,
              @sig, @signed, ih)
  return s
end