summaryrefslogtreecommitdiff
path: root/modules/openid
diff options
context:
space:
mode:
authorDavid Rothstein <drothstein@gmail.com>2014-01-15 14:46:48 -0500
committerDavid Rothstein <drothstein@gmail.com>2014-01-15 14:46:48 -0500
commitfd710c02edfce294919a82a7e456c3d6b652c7fc (patch)
tree21f4cf47168bfd751e7333eed301a484b0af7bcd /modules/openid
parent1687e382ea7faae78ffd0f316569bd3c41a05c9b (diff)
parentdc791ec5839b52c7616bf66993122aa9a1336384 (diff)
downloadbrdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.gz
brdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.bz2
Merge tag '7.26' into 7.x
7.26 release Conflicts: CHANGELOG.txt includes/bootstrap.inc
Diffstat (limited to 'modules/openid')
-rw-r--r--modules/openid/openid.install76
-rw-r--r--modules/openid/openid.module3
2 files changed, 75 insertions, 4 deletions
diff --git a/modules/openid/openid.install b/modules/openid/openid.install
index 4b77b710b..e382d869a 100644
--- a/modules/openid/openid.install
+++ b/modules/openid/openid.install
@@ -15,13 +15,14 @@ function openid_schema() {
'idp_endpoint_uri' => array(
'type' => 'varchar',
'length' => 255,
- 'description' => 'URI of the OpenID Provider endpoint.',
+ 'not null' => TRUE,
+ 'description' => 'Primary Key: URI of the OpenID Provider endpoint.',
),
'assoc_handle' => array(
'type' => 'varchar',
'length' => 255,
'not null' => TRUE,
- 'description' => 'Primary Key: Used to refer to this association in subsequent messages.',
+ 'description' => 'Used to refer to this association in subsequent messages.',
),
'assoc_type' => array(
'type' => 'varchar',
@@ -51,7 +52,10 @@ function openid_schema() {
'description' => 'The lifetime, in seconds, of this association.',
),
),
- 'primary key' => array('assoc_handle'),
+ 'primary key' => array('idp_endpoint_uri'),
+ 'unique keys' => array(
+ 'assoc_handle' => array('assoc_handle'),
+ ),
);
$schema['openid_nonce'] = array(
@@ -158,3 +162,69 @@ function openid_update_6000() {
/**
* @} End of "addtogroup updates-6.x-to-7.x".
*/
+
+/**
+ * @addtogroup updates-7.x-extra
+ * @{
+ */
+
+/**
+ * Bind associations to their providers.
+ */
+function openid_update_7000() {
+ db_drop_table('openid_association');
+
+ $schema = array(
+ 'description' => 'Stores temporary shared key association information for OpenID authentication.',
+ 'fields' => array(
+ 'idp_endpoint_uri' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'not null' => TRUE,
+ 'description' => 'Primary Key: URI of the OpenID Provider endpoint.',
+ ),
+ 'assoc_handle' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'not null' => TRUE,
+ 'description' => 'Used to refer to this association in subsequent messages.',
+ ),
+ 'assoc_type' => array(
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'description' => 'The signature algorithm used: one of HMAC-SHA1 or HMAC-SHA256.',
+ ),
+ 'session_type' => array(
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'description' => 'Valid association session types: "no-encryption", "DH-SHA1", and "DH-SHA256".',
+ ),
+ 'mac_key' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'description' => 'The MAC key (shared secret) for this association.',
+ ),
+ 'created' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'UNIX timestamp for when the association was created.',
+ ),
+ 'expires_in' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The lifetime, in seconds, of this association.',
+ ),
+ ),
+ 'primary key' => array('idp_endpoint_uri'),
+ 'unique keys' => array(
+ 'assoc_handle' => array('assoc_handle'),
+ ),
+ );
+ db_create_table('openid_association', $schema);
+}
+
+/**
+ * @} End of "addtogroup updates-7.x-extra".
+ */
diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index 1f764e04b..a28f452a6 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -839,7 +839,7 @@ function openid_verify_assertion($service, $response) {
// direct verification: ignore the openid.assoc_handle, even if present.
// See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.1
if (!empty($response['openid.assoc_handle']) && empty($response['openid.invalidate_handle'])) {
- $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
+ $association = db_query("SELECT * FROM {openid_association} WHERE idp_endpoint_uri = :endpoint AND assoc_handle = :assoc_handle", array(':endpoint' => $service['uri'], ':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
}
if ($association && isset($association->session_type)) {
@@ -871,6 +871,7 @@ function openid_verify_assertion($service, $response) {
// database to avoid reusing it again on a subsequent authentication request.
// See http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.2.2
db_delete('openid_association')
+ ->condition('idp_endpoint_uri', $service['uri'])
->condition('assoc_handle', $response['invalidate_handle'])
->execute();
}