diff options
| author | tailor <dag@janrain.com> | 2008-05-29 22:49:36 +0000 |
|---|---|---|
| committer | tailor <dag@janrain.com> | 2008-05-29 22:49:36 +0000 |
| commit | 3db1da32330040bcd337bbe1960cf3527857c394 (patch) | |
| tree | 03328c659c80c55960717ed8fa0803d7629001b2 /Auth | |
| parent | cd137b4af73e8f794e065b7f9d0b6e2101d1e609 (diff) | |
| download | php-openid-3db1da32330040bcd337bbe1960cf3527857c394.zip php-openid-3db1da32330040bcd337bbe1960cf3527857c394.tar.gz php-openid-3db1da32330040bcd337bbe1960cf3527857c394.tar.bz2 | |
[project @ PAPE: use auth_time instead of auth_age]
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/OpenID/PAPE.php | 38 |
1 files changed, 13 insertions, 25 deletions
diff --git a/Auth/OpenID/PAPE.php b/Auth/OpenID/PAPE.php index ba9f9f6..6b2e3f4 100644 --- a/Auth/OpenID/PAPE.php +++ b/Auth/OpenID/PAPE.php @@ -20,6 +20,8 @@ define('PAPE_AUTH_MULTI_FACTOR', define('PAPE_AUTH_PHISHING_RESISTANT', 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant'); +define('PAPE_TIME_VALIDATOR', + '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$'); /** * A Provider Authentication Policy request, sent from a relying party * to a provider @@ -159,7 +161,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { var $ns_alias = 'pape'; var $ns_uri = Auth_OpenID_PAPE_NS_URI; - function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_age=null, + function Auth_OpenID_PAPE_Response($auth_policies=null, $auth_time=null, $nist_auth_level=null) { if ($auth_policies) { @@ -168,7 +170,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { $this->auth_policies = array(); } - $this->auth_age = $auth_age; + $this->auth_time = $auth_time; $this->nist_auth_level = $nist_auth_level; } @@ -258,19 +260,12 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { } } - $auth_age_str = Auth_OpenID::arrayGet($args, 'auth_age'); - if ($auth_age_str !== null) { - $auth_age = Auth_OpenID::intval($auth_age_str); - if ($auth_age === false) { - if ($strict) { - return false; - } - } else { - if ($auth_age >= 0) { - $this->auth_age = $auth_age; - } else if ($strict) { - return false; - } + $auth_time = Auth_OpenID::arrayGet($args, 'auth_time'); + if ($auth_time !== null) { + if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) { + $this->auth_time = $auth_time; + } else if ($strict) { + return false; } } } @@ -289,19 +284,12 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { $ns_args['nist_auth_level'] = strval($this->nist_auth_level); } - if ($this->auth_age !== null) { - if ($this->auth_age < 0) { - return false; - } - - $result = Auth_OpenID::intval($this->auth_age); - - if ($result === false) { + if ($this->auth_time !== null) { + if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) { return false; } - $ns_args['auth_age'] = - strval($result); + $ns_args['auth_time'] = $this->auth_time; } return $ns_args; |