Class: OpenID::Server::CheckAuthRequest

Inherits:

OpenIDRequest

• Object
• OpenIDRequest
• OpenID::Server::CheckAuthRequest

Defined in:

lib/openid/server.rb

Overview

A request to verify the validity of a previous response.

See OpenID Specs, Verifying Directly with the OpenID Provider <openid.net/specs/openid-authentication-2_0-12.html#verifying_signatures>

Instance Attribute Summary

• #assoc_handle ⇒ Object

  The association handle the response was signed with.

• #invalidate_handle ⇒ Object

  An association handle the client is asking about the validity of.

• #sig ⇒ Object

  Returns the value of attribute sig.

• #signed ⇒ Object

  The message with the signature which wants checking.

Attributes inherited from OpenIDRequest

#message, #mode

Class Method Summary

• .from_message(message, op_endpoint = UNUSED) ⇒ Object

  Construct me from an OpenID::Message.

Instance Method Summary

• #answer(signatory) ⇒ Object

  Respond to this request.

• #initialize(assoc_handle, signed, invalidate_handle = nil) ⇒ CheckAuthRequest constructor

  Construct me.

• #to_s ⇒ Object

Methods inherited from OpenIDRequest

#namespace

Constructor Details

#initialize(assoc_handle, signed, invalidate_handle = nil) ⇒ CheckAuthRequest

Construct me.

These parameters are assigned directly as class attributes.

Parameters:

assoc_handle

the association handle for this request

signed

The signed message

invalidate_handle

An association handle that the relying party is checking to see if it is invalid

# File 'lib/openid/server.rb', line 76

def initialize(assoc_handle, signed, invalidate_handle=nil)
  super()

  @mode = "check_authentication"
  @required_fields = ["identity", "return_to", "response_nonce"].freeze

  @sig = nil
  @assoc_handle = assoc_handle
  @signed = signed
  @invalidate_handle = invalidate_handle
end

Instance Attribute Details

#assoc_handle ⇒ Object

The association handle the response was signed with.

# File 'lib/openid/server.rb', line 56

def assoc_handle
  @assoc_handle
end

#invalidate_handle ⇒ Object

An association handle the client is asking about the validity of. May be nil.

# File 'lib/openid/server.rb', line 63

def invalidate_handle
  @invalidate_handle
end

#sig ⇒ Object

Returns the value of attribute sig.

# File 'lib/openid/server.rb', line 65

def sig
  @sig
end

#signed ⇒ Object

The message with the signature which wants checking.

# File 'lib/openid/server.rb', line 59

def signed
  @signed
end

Class Method Details

.from_message(message, op_endpoint = UNUSED) ⇒ Object

Construct me from an OpenID::Message.

# File 'lib/openid/server.rb', line 89

def self.from_message(message, op_endpoint=UNUSED)
  assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle')
  invalidate_handle = message.get_arg(OPENID_NS, 'invalidate_handle')

  signed = message.copy()
  # openid.mode is currently check_authentication because
  # that's the mode of this request.  But the signature
  # was made on something with a different openid.mode.
  # http://article.gmane.org/gmane.comp.web.openid.general/537
  if signed.has_key?(OPENID_NS, "mode")
    signed.set_arg(OPENID_NS, "mode", "id_res")
  end

  obj = self.new(assoc_handle, signed, invalidate_handle)
  obj.message = message
  obj.sig = message.get_arg(OPENID_NS, 'sig')

  if !obj.assoc_handle or
      !obj.sig
    msg = sprintf("%s request missing required parameter from message %s",
                  obj.mode, message)
      raise ProtocolError.new(message, msg)
  end

  return obj
end

Instance Method Details

#answer(signatory) ⇒ Object

Respond to this request.

Given a Signatory, I can check the validity of the signature and the invalidate_handle. I return a response with an is_valid (and, if appropriate invalidate_handle) field.

# File 'lib/openid/server.rb', line 121

def answer(signatory)
  is_valid = signatory.verify(@assoc_handle, @signed)
  # Now invalidate that assoc_handle so it this checkAuth
  # message cannot be replayed.
  signatory.invalidate(@assoc_handle, true)
  response = OpenIDResponse.new(self)
  valid_str = is_valid ? "true" : "false"
  response.fields.set_arg(OPENID_NS, 'is_valid', valid_str)

  if @invalidate_handle
    assoc = signatory.get_association(@invalidate_handle, false)
    if !assoc
      response.fields.set_arg(
              OPENID_NS, 'invalidate_handle', @invalidate_handle)
    end
  end

  return response
end

#to_s ⇒ Object

# File 'lib/openid/server.rb', line 141

def to_s
  ih = nil

  if @invalidate_handle
    ih = sprintf(" invalidate? %s", @invalidate_handle)
  else
    ih = ""
  end

  s = sprintf("<%s handle: %s sig: %s: signed: %s%s>",
              self.class, @assoc_handle,
              @sig, @signed, ih)
  return s
end