function do_check_authentication($req)
{
$handle = $req->get('assoc_handle');
// Last step in dumb mode
$assoc = $this->istore->lookup($req->get('assoc_handle'), 'HMAC-SHA1');
if (!$assoc) {
// raise ProtocolError('no secret found for %r' % req.assoc_handle)
$error = sprintf('no secret found for %r', $req->get('assoc_handle'));
// trigger_error( $error, $E_USER_WARNING );
return OpenIDServer::_error_page($error);
}
$reply = array();
if ($assoc->get_expires_in() > 0) {
$token = $req->args;
$token['openid.mode'] = 'id_res';
$signed_fields = explode(',', trim($req->get('signed')));
list($ignore, $v_sig) = oidUtil::sign_reply($token, $assoc->secret, $signed_fields);
if ($v_sig == $req->get('sig')) {
$is_valid = 'true';
// if an invalidate_handle request is present, verify it
$invalidate_handle = $req->get('invalidate_handle');
if ($invalidate_handle) {
if (!$this->estore->lookup($invalidate_handle, 'HMAC-SHA1')) {
$reply['invalidate_handle'] = $invalidate_handle;
}
}
} else {
$is_valid = 'false';
}
} else {
$this->istore->remove($req->get('assoc_handle'));
$is_valid = 'false';
}
$reply['is_valid'] = $is_valid;
return response_page(oidUtil::kvform($reply));
}
function handle($req)
{
// This is reimplemented in the subclass so that extra tracing
// information can be extracted. It isn't necessary in the
// general case.
return parent::handle($req);
}
