function do_check_authentication($req) { $handle = $req->get('assoc_handle'); // Last step in dumb mode $assoc = $this->istore->lookup($req->get('assoc_handle'), 'HMAC-SHA1'); if (!$assoc) { // raise ProtocolError('no secret found for %r' % req.assoc_handle) $error = sprintf('no secret found for %r', $req->get('assoc_handle')); // trigger_error( $error, $E_USER_WARNING ); return OpenIDServer::_error_page($error); } $reply = array(); if ($assoc->get_expires_in() > 0) { $token = $req->args; $token['openid.mode'] = 'id_res'; $signed_fields = explode(',', trim($req->get('signed'))); list($ignore, $v_sig) = oidUtil::sign_reply($token, $assoc->secret, $signed_fields); if ($v_sig == $req->get('sig')) { $is_valid = 'true'; // if an invalidate_handle request is present, verify it $invalidate_handle = $req->get('invalidate_handle'); if ($invalidate_handle) { if (!$this->estore->lookup($invalidate_handle, 'HMAC-SHA1')) { $reply['invalidate_handle'] = $invalidate_handle; } } } else { $is_valid = 'false'; } } else { $this->istore->remove($req->get('assoc_handle')); $is_valid = 'false'; } $reply['is_valid'] = $is_valid; return response_page(oidUtil::kvform($reply)); }
function handle($req) { // This is reimplemented in the subclass so that extra tracing // information can be extracted. It isn't necessary in the // general case. return parent::handle($req); }