diff options
| -rw-r--r-- | Auth/OpenID/Server.php | 29 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/Server.php | 32 |
2 files changed, 46 insertions, 15 deletions
diff --git a/Auth/OpenID/Server.php b/Auth/OpenID/Server.php index 7c56805..5f9d52d 100644 --- a/Auth/OpenID/Server.php +++ b/Auth/OpenID/Server.php @@ -836,23 +836,22 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { $identity = $message->getArg(Auth_OpenID_OPENID_NS, 'identity'); - - if ($identity && $message->isOpenID2()) { - $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, - 'claimed_id'); - if (!$claimed_id) { - return new Auth_OpenID_ServerError($message, - "OpenID 2.0 message contained openid.identity " . - "but not claimed_id"); + $claimed_id = $message->getArg(Auth_OpenID_OPENID_NS, 'claimed_id'); + if ($message->isOpenID1()) { + if ($identity === null) { + $s = "OpenID 1 message did not contain openid.identity"; + return new Auth_OpenID_ServerError($message, $s); } } else { - $claimed_id = null; - } - - if (($identity === null) && - ($namespace == Auth_OpenID_OPENID1_NS)) { - return new Auth_OpenID_ServerError($message, - "OpenID 1 message did not contain openid.identity"); + if ($identity && !$claimed_id) { + $s = "OpenID 2.0 message contained openid.identity but not " . + "claimed_id"; + return new Auth_OpenID_ServerError($message, $s); + } else if ($claimed_id && !$identity) { + $s = "OpenID 2.0 message contained openid.claimed_id " . + "but not identity"; + return new Auth_OpenID_ServerError($message, $s); + } } // There's a case for making self.trust_root be a TrustRoot diff --git a/Tests/Auth/OpenID/Server.php b/Tests/Auth/OpenID/Server.php index c9efd94..6dd9d61 100644 --- a/Tests/Auth/OpenID/Server.php +++ b/Tests/Auth/OpenID/Server.php @@ -987,6 +987,38 @@ class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase { $this->server); } + function test_fromMessageClaimedIDWithoutIdentityOpenID2() + { + $name = 'https://example.myopenid.com'; + + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', + 'http://invalid:8000/rt'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', $name); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_fromMessageIdentityWithoutClaimedIDOpenID2() + { + $name = 'https://example.myopenid.com'; + + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', + 'http://invalid:8000/rt'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', $name); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + function test_trustRootInvalid() { $this->request->trust_root = "http://foo.unittest/17"; |