diff options
| -rw-r--r-- | Auth/OpenID/Consumer.php | 34 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/Consumer.php | 3 |
2 files changed, 28 insertions, 9 deletions
diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index b944252..76f2ae2 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -1126,18 +1126,38 @@ class Auth_OpenID_GenericConsumer { $whitelist = array('assoc_handle', 'sig', 'signed', 'invalidate_handle'); - $signed = array_merge(explode(",", $signed), $whitelist); - $check_args = array(); - foreach ($message->toPostArgs() as $key => $value) { - if (in_array(substr($key, 7), $signed)) { - $check_args[$key] = $value; + foreach ($whitelist as $k) { + $val = $message->getArg(Auth_OpenID_OPENID_NS, $k); + if ($val !== null) { + $check_args[$k] = $val; + } + } + + $signed = $message->getArg(Auth_OpenID_OPENID_NS, + 'signed'); + + if ($signed) { + foreach (explode(',', $signed) as $k) { + if ($k == 'ns') { + $check_args['ns'] = $message->getOpenIDNamespace(); + continue; + } + + if (!$message->hasKey(Auth_OpenID_OPENID_NS, + $k)) { + return null; + } + + $val = $message->getArg(Auth_OpenID_OPENID_NS, + $k); + $check_args[$k] = $val; } } - $check_args['openid.mode'] = 'check_authentication'; - return Auth_OpenID_Message::fromPostArgs($check_args); + $check_args['mode'] = 'check_authentication'; + return Auth_OpenID_Message::fromOpenIDArgs($check_args); } /** diff --git a/Tests/Auth/OpenID/Consumer.php b/Tests/Auth/OpenID/Consumer.php index b468dd6..244c6e0 100644 --- a/Tests/Auth/OpenID/Consumer.php +++ b/Tests/Auth/OpenID/Consumer.php @@ -1324,8 +1324,7 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuth extends _TestIdRes { $message = Auth_OpenID_Message::fromPostArgs($query); - $consumer->_checkAuth($message, 'does://not.matter'); - $this->assertEquals(__getError(), E_ASSERTION_ERROR); + $this->assertFalse($consumer->_checkAuth($message, 'does://not.matter')); } function test_signedList() |