Merge tag '7.26' into 7.x

7.26 release

Conflicts:
	CHANGELOG.txt
	includes/bootstrap.inc

2 files changed, 75 insertions, 4 deletions

diff --git a/modules/openid/openid.install b/modules/openid/openid.install
index 4b77b710b..e382d869a 100644
--- a/modules/openid/openid.install
+++ b/modules/openid/openid.install
@@ -15,13 +15,14 @@ function openid_schema() {
       'idp_endpoint_uri' => array(
         'type' => 'varchar',
         'length' => 255,
-        'description' => 'URI of the OpenID Provider endpoint.',
+        'not null' => TRUE,
+        'description' => 'Primary Key: URI of the OpenID Provider endpoint.',
       ),
       'assoc_handle' => array(
         'type' => 'varchar',
         'length' => 255,
         'not null' => TRUE,
-        'description' => 'Primary Key: Used to refer to this association in subsequent messages.',
+        'description' => 'Used to refer to this association in subsequent messages.',
       ),
       'assoc_type' => array(
         'type' => 'varchar',
@@ -51,7 +52,10 @@ function openid_schema() {
         'description' => 'The lifetime, in seconds, of this association.',
       ),
     ),
-    'primary key' => array('assoc_handle'),
+    'primary key' => array('idp_endpoint_uri'),
+    'unique keys' => array(
+      'assoc_handle' => array('assoc_handle'),
+    ),
   );
 
   $schema['openid_nonce'] = array(
@@ -158,3 +162,69 @@ function openid_update_6000() {
 /**
  * @} End of "addtogroup updates-6.x-to-7.x".
  */
+
+/**
+ * @addtogroup updates-7.x-extra
+ * @{
+ */
+
+/**
+ * Bind associations to their providers.
+ */
+function openid_update_7000() {
+  db_drop_table('openid_association');
+
+  $schema = array(
+    'description' => 'Stores temporary shared key association information for OpenID authentication.',
+    'fields' => array(
+      'idp_endpoint_uri' => array(
+        'type' => 'varchar',
+        'length' => 255,
+        'not null' => TRUE,
+        'description' => 'Primary Key: URI of the OpenID Provider endpoint.',
+      ),
+      'assoc_handle' => array(
+        'type' => 'varchar',
+        'length' => 255,
+        'not null' => TRUE,
+        'description' => 'Used to refer to this association in subsequent messages.',
+      ),
+      'assoc_type' => array(
+        'type' => 'varchar',
+        'length' => 32,
+        'description' => 'The signature algorithm used: one of HMAC-SHA1 or HMAC-SHA256.',
+      ),
+      'session_type' => array(
+        'type' => 'varchar',
+        'length' => 32,
+        'description' => 'Valid association session types: "no-encryption", "DH-SHA1", and "DH-SHA256".',
+      ),
+      'mac_key' => array(
+        'type' => 'varchar',
+        'length' => 255,
+        'description' => 'The MAC key (shared secret) for this association.',
+      ),
+      'created' => array(
+        'type' => 'int',
+        'not null' => TRUE,
+        'default' => 0,
+        'description' => 'UNIX timestamp for when the association was created.',
+      ),
+      'expires_in' => array(
+        'type' => 'int',
+        'not null' => TRUE,
+        'default' => 0,
+        'description' => 'The lifetime, in seconds, of this association.',
+      ),
+    ),
+    'primary key' => array('idp_endpoint_uri'),
+    'unique keys' => array(
+      'assoc_handle' => array('assoc_handle'),
+    ),
+  );
+  db_create_table('openid_association', $schema);
+}
+
+/**
+ * @} End of "addtogroup updates-7.x-extra".
+ */
diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index 1f764e04b..a28f452a6 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -839,7 +839,7 @@ function openid_verify_assertion($service, $response) {
   // direct verification: ignore the openid.assoc_handle, even if present.
   // See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.1
   if (!empty($response['openid.assoc_handle']) && empty($response['openid.invalidate_handle'])) {
-    $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
+    $association = db_query("SELECT * FROM {openid_association} WHERE idp_endpoint_uri = :endpoint AND assoc_handle = :assoc_handle", array(':endpoint' => $service['uri'], ':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
   }
 
   if ($association && isset($association->session_type)) {
@@ -871,6 +871,7 @@ function openid_verify_assertion($service, $response) {
           // database to avoid reusing it again on a subsequent authentication request.
           // See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.2.2
           db_delete('openid_association')
+            ->condition('idp_endpoint_uri', $service['uri'])
             ->condition('assoc_handle', $response['invalidate_handle'])
             ->execute();
         }