From c78da981c1bb7d1d80f098245c8dd43a9d126ac0 Mon Sep 17 00:00:00 2001
From: JonTheNiceGuy <jon@spriggs.org.uk>
Date: Wed, 21 Jul 2010 20:12:58 +0100
Subject: Patching issue 17
 (http://github.com/openid/php-openid/issues/#issue/17) This was also logged
 previously as Trac ticket 356

This patch was submitted at the time by https://me.yahoo.com/doulepov
---
 Auth/OpenID/Consumer.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php
index 5e628d1..e498a24 100644
--- a/Auth/OpenID/Consumer.php
+++ b/Auth/OpenID/Consumer.php
@@ -957,6 +957,10 @@ class Auth_OpenID_GenericConsumer {
             }
 
             if (!$assoc->checkMessageSignature($message)) {
+                // If we get a "bad signature" here, it means that the association
+                // is unrecoverabley corrupted in some way. Any futher attempts
+                // to login with this association is likely to fail. Drop it.
+                $this->store->removeAssociation($server_url, $assoc_handle);
                 return new Auth_OpenID_FailureResponse(null,
                                                        "Bad signature");
             }
@@ -1181,7 +1185,7 @@ class Auth_OpenID_GenericConsumer {
         // oidutil.log('Performing discovery on %s' % (claimed_id,))
         list($unused, $services) = call_user_func($this->discoverMethod,
                                                   $claimed_id,
-												  $this->fetcher);
+                                                  $this->fetcher);
 
         if (!$services) {
             return new Auth_OpenID_FailureResponse(null,
-- 
cgit v1.1