diff options
author | David Rothstein <drothstein@gmail.com> | 2014-01-15 14:46:48 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2014-01-15 14:46:48 -0500 |
commit | fd710c02edfce294919a82a7e456c3d6b652c7fc (patch) | |
tree | 21f4cf47168bfd751e7333eed301a484b0af7bcd /modules/openid | |
parent | 1687e382ea7faae78ffd0f316569bd3c41a05c9b (diff) | |
parent | dc791ec5839b52c7616bf66993122aa9a1336384 (diff) | |
download | brdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.gz brdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.bz2 |
Merge tag '7.26' into 7.x
7.26 release
Conflicts:
CHANGELOG.txt
includes/bootstrap.inc
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.install | 76 | ||||
-rw-r--r-- | modules/openid/openid.module | 3 |
2 files changed, 75 insertions, 4 deletions
diff --git a/modules/openid/openid.install b/modules/openid/openid.install index 4b77b710b..e382d869a 100644 --- a/modules/openid/openid.install +++ b/modules/openid/openid.install @@ -15,13 +15,14 @@ function openid_schema() { 'idp_endpoint_uri' => array( 'type' => 'varchar', 'length' => 255, - 'description' => 'URI of the OpenID Provider endpoint.', + 'not null' => TRUE, + 'description' => 'Primary Key: URI of the OpenID Provider endpoint.', ), 'assoc_handle' => array( 'type' => 'varchar', 'length' => 255, 'not null' => TRUE, - 'description' => 'Primary Key: Used to refer to this association in subsequent messages.', + 'description' => 'Used to refer to this association in subsequent messages.', ), 'assoc_type' => array( 'type' => 'varchar', @@ -51,7 +52,10 @@ function openid_schema() { 'description' => 'The lifetime, in seconds, of this association.', ), ), - 'primary key' => array('assoc_handle'), + 'primary key' => array('idp_endpoint_uri'), + 'unique keys' => array( + 'assoc_handle' => array('assoc_handle'), + ), ); $schema['openid_nonce'] = array( @@ -158,3 +162,69 @@ function openid_update_6000() { /** * @} End of "addtogroup updates-6.x-to-7.x". */ + +/** + * @addtogroup updates-7.x-extra + * @{ + */ + +/** + * Bind associations to their providers. + */ +function openid_update_7000() { + db_drop_table('openid_association'); + + $schema = array( + 'description' => 'Stores temporary shared key association information for OpenID authentication.', + 'fields' => array( + 'idp_endpoint_uri' => array( + 'type' => 'varchar', + 'length' => 255, + 'not null' => TRUE, + 'description' => 'Primary Key: URI of the OpenID Provider endpoint.', + ), + 'assoc_handle' => array( + 'type' => 'varchar', + 'length' => 255, + 'not null' => TRUE, + 'description' => 'Used to refer to this association in subsequent messages.', + ), + 'assoc_type' => array( + 'type' => 'varchar', + 'length' => 32, + 'description' => 'The signature algorithm used: one of HMAC-SHA1 or HMAC-SHA256.', + ), + 'session_type' => array( + 'type' => 'varchar', + 'length' => 32, + 'description' => 'Valid association session types: "no-encryption", "DH-SHA1", and "DH-SHA256".', + ), + 'mac_key' => array( + 'type' => 'varchar', + 'length' => 255, + 'description' => 'The MAC key (shared secret) for this association.', + ), + 'created' => array( + 'type' => 'int', + 'not null' => TRUE, + 'default' => 0, + 'description' => 'UNIX timestamp for when the association was created.', + ), + 'expires_in' => array( + 'type' => 'int', + 'not null' => TRUE, + 'default' => 0, + 'description' => 'The lifetime, in seconds, of this association.', + ), + ), + 'primary key' => array('idp_endpoint_uri'), + 'unique keys' => array( + 'assoc_handle' => array('assoc_handle'), + ), + ); + db_create_table('openid_association', $schema); +} + +/** + * @} End of "addtogroup updates-7.x-extra". + */ diff --git a/modules/openid/openid.module b/modules/openid/openid.module index 1f764e04b..a28f452a6 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -839,7 +839,7 @@ function openid_verify_assertion($service, $response) { // direct verification: ignore the openid.assoc_handle, even if present. // See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.1 if (!empty($response['openid.assoc_handle']) && empty($response['openid.invalidate_handle'])) { - $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject(); + $association = db_query("SELECT * FROM {openid_association} WHERE idp_endpoint_uri = :endpoint AND assoc_handle = :assoc_handle", array(':endpoint' => $service['uri'], ':assoc_handle' => $response['openid.assoc_handle']))->fetchObject(); } if ($association && isset($association->session_type)) { @@ -871,6 +871,7 @@ function openid_verify_assertion($service, $response) { // database to avoid reusing it again on a subsequent authentication request. // See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.2.2 db_delete('openid_association') + ->condition('idp_endpoint_uri', $service['uri']) ->condition('assoc_handle', $response['invalidate_handle']) ->execute(); } |