diff options
| -rw-r--r-- | Auth/OpenID/Consumer.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index 5e628d1..e498a24 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -957,6 +957,10 @@ class Auth_OpenID_GenericConsumer { } if (!$assoc->checkMessageSignature($message)) { + // If we get a "bad signature" here, it means that the association + // is unrecoverabley corrupted in some way. Any futher attempts + // to login with this association is likely to fail. Drop it. + $this->store->removeAssociation($server_url, $assoc_handle); return new Auth_OpenID_FailureResponse(null, "Bad signature"); } @@ -1181,7 +1185,7 @@ class Auth_OpenID_GenericConsumer { // oidutil.log('Performing discovery on %s' % (claimed_id,)) list($unused, $services) = call_user_func($this->discoverMethod, $claimed_id, - $this->fetcher); + $this->fetcher); if (!$services) { return new Auth_OpenID_FailureResponse(null, |