summaryrefslogtreecommitdiff
path: root/modules/openid
diff options
context:
space:
mode:
authorDavid Rothstein <drothstein@gmail.com>2015-06-17 14:38:44 -0400
committerDavid Rothstein <drothstein@gmail.com>2015-06-17 14:38:44 -0400
commit5cb79b4b217e9aa315d61284398cce132c28bea4 (patch)
treeff85c0695ee9db1178447fa29d7f76a3ff8e67f6 /modules/openid
parent18c5da5028b7c3ba985e598bb8df45613285d437 (diff)
downloadbrdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.gz
brdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.bz2
Drupal 7.38
Diffstat (limited to 'modules/openid')
-rw-r--r--modules/openid/openid.module14
-rw-r--r--modules/openid/openid.test2
-rw-r--r--modules/openid/tests/openid_test.module1
3 files changed, 12 insertions, 5 deletions
diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index a28f452a6..a52dbc3de 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -365,14 +365,20 @@ function openid_complete($response = array()) {
// to the OpenID Provider, we need to do discovery on the returned
// identififer to make sure that the provider is authorized to
// respond on behalf of this.
- if ($response_claimed_id != $claimed_id) {
+ if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) {
$discovery = openid_discovery($response['openid.claimed_id']);
+ $uris = array();
if ($discovery && !empty($discovery['services'])) {
- $uris = array();
foreach ($discovery['services'] as $discovered_service) {
- if (in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) || in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) {
- $uris[] = $discovered_service['uri'];
+ if (!in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) && !in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) {
+ continue;
}
+ // The OP-Local Identifier (if different than the Claimed
+ // Identifier) must be present in the XRDS document.
+ if ($response_claimed_id != $response['openid.identity'] && (!isset($discovered_service['identity']) || $discovered_service['identity'] != $response['openid.identity'])) {
+ continue;
+ }
+ $uris[] = $discovered_service['uri'];
}
}
if (!in_array($service['uri'], $uris)) {
diff --git a/modules/openid/openid.test b/modules/openid/openid.test
index 41af3f82f..5f7493a5a 100644
--- a/modules/openid/openid.test
+++ b/modules/openid/openid.test
@@ -94,7 +94,7 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase {
$identity = url('openid-test/yadis/xrds/dummy-user', array('absolute' => TRUE, 'fragment' => $this->randomName()));
// Tell openid_test.module to respond with this identifier. If the fragment
// part is present in the identifier, it should be retained.
- variable_set('openid_test_response', array('openid.claimed_id' => $identity));
+ variable_set('openid_test_response', array('openid.claimed_id' => $identity, 'openid.identity' => openid_normalize($identity)));
$this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity);
variable_set('openid_test_response', array());
diff --git a/modules/openid/tests/openid_test.module b/modules/openid/tests/openid_test.module
index bcf9f425d..3d6e2926f 100644
--- a/modules/openid/tests/openid_test.module
+++ b/modules/openid/tests/openid_test.module
@@ -150,6 +150,7 @@ function openid_test_yadis_xrds() {
<Service priority="20">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI>
+ <LocalID>' . url('openid-test/yadis/xrds/server', array('absolute' => TRUE)) . '</LocalID>
</Service>';
}
elseif (arg(3) == 'delegate') {
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 01:37:23 +0000