/**
* Processes a direct verification request. This is used in the OpenID specification
* to verify signatures generated using stateless mode.
*
* @param Request $request the OpenID request
* @see http://openid.net/specs/openid-authentication-1_1.html#mode_check_authentication, http://openid.net/specs/openid-authentication-2_0.html#verifying_signatures
*/
protected function check_authentication($request)
{
$this->logger->log(LogLevel::DEBUG, 'SimpleID\\Protocols\\OpenID\\OpenIDModule->check_authentication');
$this->logger->log(LogLevel::INFO, 'OpenID direct verification', $request->toArray());
$cache = \Cache::instance();
$response = new Response($request);
$response['is_valid'] = $this->verifySignatures($request) ? 'true' : 'false';
// RP wants to check whether a handle is invalid
if (isset($request['openid.invalidate_handle'])) {
$invalid_assoc = $cache->get(rawurlencode($request['openid.invalidate_handle']) . 'openid_association');
if (!$invalid_assoc || $invalid_assoc->getCreationTime() + SIMPLEID_SHORT_TOKEN_EXPIRES_IN < time()) {
// Yes, it's invalid
$response['invalidate_handle'] = $request['openid.invalidate_handle'];
}
}
$this->logger->log(LogLevel::INFO, 'OpenID direct verification response', $response->toArray());
$response->render();
}
