class OpenID::Server::CheckAuthRequest
A request to verify the validity of a previous response.
See OpenID Specs, Verifying Directly with the OpenID Provider <openid.net/specs/openid-authentication-2_0-12.html#verifying_signatures>
Attributes
The association handle the response was signed with.
An association handle the client is asking about the validity of. May be nil.
The message with the signature which wants checking.
Public Class Methods
Construct me from an OpenID::Message.
# File lib/openid/server.rb, line 89 def self.from_message(message, op_endpoint=UNUSED) assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle') invalidate_handle = message.get_arg(OPENID_NS, 'invalidate_handle') signed = message.copy() # openid.mode is currently check_authentication because # that's the mode of this request. But the signature # was made on something with a different openid.mode. # http://article.gmane.org/gmane.comp.web.openid.general/537 if signed.has_key?(OPENID_NS, "mode") signed.set_arg(OPENID_NS, "mode", "id_res") end obj = self.new(assoc_handle, signed, invalidate_handle) obj.message = message obj.sig = message.get_arg(OPENID_NS, 'sig') if !obj.assoc_handle or !obj.sig msg = sprintf("%s request missing required parameter from message %s", obj.mode, message) raise ProtocolError.new(message, msg) end return obj end
Construct me.
These parameters are assigned directly as class attributes.
Parameters:
- #assoc_handle
-
the association handle for this request
- signed
-
The signed message
- #invalidate_handle
-
An association handle that the relying party is checking to see if it is invalid
# File lib/openid/server.rb, line 76 def initialize(assoc_handle, signed, invalidate_handle=nil) super() @mode = "check_authentication" @required_fields = ["identity", "return_to", "response_nonce"].freeze @sig = nil @assoc_handle = assoc_handle @signed = signed @invalidate_handle = invalidate_handle end
Public Instance Methods
Respond to this request.
Given a Signatory, I can check the validity of the signature and the invalidate_handle. I return a response with an is_valid (and, if appropriate #invalidate_handle) field.
# File lib/openid/server.rb, line 121 def answer(signatory) is_valid = signatory.verify(@assoc_handle, @signed) # Now invalidate that assoc_handle so it this checkAuth # message cannot be replayed. signatory.invalidate(@assoc_handle, true) response = OpenIDResponse.new(self) valid_str = is_valid ? "true" : "false" response.fields.set_arg(OPENID_NS, 'is_valid', valid_str) if @invalidate_handle assoc = signatory.get_association(@invalidate_handle, false) if !assoc response.fields.set_arg( OPENID_NS, 'invalidate_handle', @invalidate_handle) end end return response end
# File lib/openid/server.rb, line 141 def to_s ih = nil if @invalidate_handle ih = sprintf(" invalidate? %s", @invalidate_handle) else ih = "" end s = sprintf("<%s handle: %s sig: %s: signed: %s%s>", self.class, @assoc_handle, @sig, @signed, ih) return s end