diff options
author | David Rothstein <drothstein@gmail.com> | 2015-06-17 14:38:44 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-06-17 14:38:44 -0400 |
commit | 5cb79b4b217e9aa315d61284398cce132c28bea4 (patch) | |
tree | ff85c0695ee9db1178447fa29d7f76a3ff8e67f6 /modules/openid | |
parent | 18c5da5028b7c3ba985e598bb8df45613285d437 (diff) | |
download | brdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.gz brdo-5cb79b4b217e9aa315d61284398cce132c28bea4.tar.bz2 |
Drupal 7.38
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.module | 14 | ||||
-rw-r--r-- | modules/openid/openid.test | 2 | ||||
-rw-r--r-- | modules/openid/tests/openid_test.module | 1 |
3 files changed, 12 insertions, 5 deletions
diff --git a/modules/openid/openid.module b/modules/openid/openid.module index a28f452a6..a52dbc3de 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -365,14 +365,20 @@ function openid_complete($response = array()) { // to the OpenID Provider, we need to do discovery on the returned // identififer to make sure that the provider is authorized to // respond on behalf of this. - if ($response_claimed_id != $claimed_id) { + if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) { $discovery = openid_discovery($response['openid.claimed_id']); + $uris = array(); if ($discovery && !empty($discovery['services'])) { - $uris = array(); foreach ($discovery['services'] as $discovered_service) { - if (in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) || in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { - $uris[] = $discovered_service['uri']; + if (!in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) && !in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { + continue; } + // The OP-Local Identifier (if different than the Claimed + // Identifier) must be present in the XRDS document. + if ($response_claimed_id != $response['openid.identity'] && (!isset($discovered_service['identity']) || $discovered_service['identity'] != $response['openid.identity'])) { + continue; + } + $uris[] = $discovered_service['uri']; } } if (!in_array($service['uri'], $uris)) { diff --git a/modules/openid/openid.test b/modules/openid/openid.test index 41af3f82f..5f7493a5a 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -94,7 +94,7 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { $identity = url('openid-test/yadis/xrds/dummy-user', array('absolute' => TRUE, 'fragment' => $this->randomName())); // Tell openid_test.module to respond with this identifier. If the fragment // part is present in the identifier, it should be retained. - variable_set('openid_test_response', array('openid.claimed_id' => $identity)); + variable_set('openid_test_response', array('openid.claimed_id' => $identity, 'openid.identity' => openid_normalize($identity))); $this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity); variable_set('openid_test_response', array()); diff --git a/modules/openid/tests/openid_test.module b/modules/openid/tests/openid_test.module index bcf9f425d..3d6e2926f 100644 --- a/modules/openid/tests/openid_test.module +++ b/modules/openid/tests/openid_test.module @@ -150,6 +150,7 @@ function openid_test_yadis_xrds() { <Service priority="20"> <Type>http://specs.openid.net/auth/2.0/server</Type> <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> + <LocalID>' . url('openid-test/yadis/xrds/server', array('absolute' => TRUE)) . '</LocalID> </Service>'; } elseif (arg(3) == 'delegate') { |