=?utf-8?q?gofix=20os.ErrorString

=20rearrange=20verify.go=20to=20expose=20new=20VerifyValues=20which=20takes=20parsed=20http.Values.=20Verify(string)=20uses=20http.Values=20and=20calls=20this=20now. =20Write=20regex=20parser=20for=20finding=20YADIS=20in=20HTML.=20HTML=20is=20not=20XML,=20and=20the=20XML=20parser=20can=20fail=20needlessly.=20HTML=20shouldn't=20be=20parsed=20by=20regex=20either,=20but=20a=20regex=20is=20just=20enough=20to=20get=20the=20right=20<meta=20=E2=80=A6>=20tag.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit
brianolson · Sep 14, 2011 · 5da5c9a · 5da5c9a
1 parent dad73b4
commit 5da5c9a
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 26 deletions.
diff --git a/authrequest.go b/authrequest.go
@@ -25,7 +25,7 @@ func GetRedirectURL(Identifier string, realm string, returnto string) (string, o
 	// If the identifier is an XRI, [XRI_Resolution_2.0] will yield an XRDS document that contains the necessary information. It should also be noted that Relying Parties can take advantage of XRI Proxy Resolvers, such as the one provided by XDI.org at http://www.xri.net. This will remove the need for the RPs to perform XRI Resolution locally.
 	if IdType == IdentifierXRI {
 		// Not implemented yet
-		return "", os.ErrorString("XRI identifier not implemented yed")
+		return "", os.NewError("XRI identifier not implemented yed")
 	}
 
 	// If it is a URL, the Yadis protocol [Yadis] SHALL be first attempted. If it succeeds, the result is again an XRDS document.
@@ -36,12 +36,12 @@ func GetRedirectURL(Identifier string, realm string, returnto string) (string, o
 			return "", err
 		}
 		if reader == nil {
-			return "", os.ErrorString("Yadis returned an empty Reader for the ID: " + Id)
+			return "", os.NewError("Yadis returned an empty Reader for the ID: " + Id)
 		}
 
 		var endpoint, claimedid = ParseXRDS(reader)
 		if len(endpoint) == 0 {
-			return "", os.ErrorString("Unable to parse the XRDS document")
+			return "", os.NewError("Unable to parse the XRDS document")
 		}
 
 		// At this point we have the endpoint and eventually a claimed id		 

diff --git a/verify.go b/verify.go
@@ -5,6 +5,7 @@
 package openid
 
 import (
+	"log"
 	"os"
 	"http"
 	"regexp"
@@ -21,8 +22,10 @@ func Verify(url string) (grant bool, identifier string, err os.Error) {
 	identifier = ""
 	err = nil
 
-	var urlm map[string]string
+	//var urlm map[string]string
-	urlm, err = url2map(url)
+	//urlm, err = url2map(url)
+	var values http.Values
+	values, err = http.ParseQuery(url)
 	if err != nil {
 		return false, "", err
 	}
@@ -36,38 +39,49 @@ func Verify(url string) (grant bool, identifier string, err os.Error) {
 
 	// The signature on the assertion is valid and all fields that are required to be signed are signed (Section 11.4)
 
-	grant, err = verifyDirect(urlm)
+	return VerifyValues(values)
-	if err != nil {
+	//if err != nil {
-		return
+	//	return grant, identifier, err
-	}
+	//}
 
-	identifier = urlm["openid.claimed_id"]
+	//identifier = urlm["openid.claimed_id"]
 
-	return
+	//return grant, identifier, err
 }
 
 var REVerifyDirectIsValid = "is_valid:true"
 var REVerifyDirectNs = regexp.MustCompile("ns:([a-zA-Z0-9:/.]*)")
 
-func verifyDirect(urlm map[string]string) (grant bool, err os.Error) {
+// Like Verify on a parsed URL
-	grant = false
+func VerifyValues(values http.Values) (grant bool, identifier string, err os.Error) {
 	err = nil
 
-	urlm["openid.mode"] = "check_authentication"
+	var postArgs http.Values
+	postArgs = http.Values(map[string][]string{})
+	//postArgs = new(http.Values)
+	postArgs.Set("openid.mode", "check_authentication")
 
 	// Create the url
-	URLEndPoint := urlm["openid.op_endpoint"]
+	URLEndPoint := values.Get("openid.op_endpoint")
-	var postContent string
+	if URLEndPoint == "" {
-	for k, v := range urlm {
+		log.Printf("no openid.op_endpoint")
-		postContent += http.URLEscape(k) + "=" + http.URLEscape(v) + "&"
+		return false, "", os.NewError("no openid.op_endpoint")
+	}
+	for k, v := range values {
+		if k == "openid.op_endpoint" {
+			continue  // skip it
+		}
+		postArgs[k] = v
 	}
+	postContent := postArgs.Encode()
 
 	// Post the request
 	var client = new(http.Client)
 	postReader := bytes.NewBuffer([]byte(postContent))
 	response, err := client.Post(URLEndPoint, "application/x-www-form-urlencoded", postReader)
 	if err != nil {
-		return false, err
+		log.Printf("VerifyValues failed at post")
+		return false, "", err
 	}
 
 	// Parse the response
@@ -76,26 +90,29 @@ func verifyDirect(urlm map[string]string) (grant bool, err os.Error) {
 	buffer := make([]byte, 1024)
 	_, err = response.Body.Read(buffer)
 	if err != nil {
-		return false, err
+		log.Printf("VerifyValues failed reading response")
+		return false, "", err
 	}
 
 	// Check for ns
 	rematch := REVerifyDirectNs.FindSubmatch(buffer)
 	if rematch == nil {
-		return false, os.ErrorString("verifyDirect: ns value not found on the response of the OP")
+		return false, "", os.NewError("VerifyValues: ns value not found on the response of the OP")
 	}
 	nsValue := string(rematch[1])
 	if !bytes.Equal([]byte(nsValue), []byte("http://specs.openid.net/auth/2.0")) {
-		return false, os.ErrorString("verifyDirect: ns value not correct: " + nsValue)
+		return false, "", os.NewError("VerifyValues: ns value not correct: " + nsValue)
 	}
 
 	// Check for is_valid
 	match, err := regexp.Match(REVerifyDirectIsValid, buffer)
 	if err != nil {
-		return false, err
+		return false, "", err
 	}
 
-	return match, nil
+	identifier = values.Get("openid.claimed_id")
+
+	return match, identifier, nil
 }
 
 // Transform an url string into a map of parameters/value

diff --git a/yadis.go b/yadis.go
@@ -10,7 +10,9 @@ import (
 	"xml"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"bytes"
+	"regexp"
 	"strings"
 )
 
@@ -87,10 +89,37 @@ func YadisRequest(url string, method string) (resp *http.Response, err os.Error)
 			return response, nil
 		}
 	}
-	return nil, os.ErrorString("Too many redirections")
+	return nil, os.NewError("Too many redirections")
 }
 
+// this is a ridiculous way to make a case insensitive pattern.
+var metaRE *regexp.Regexp
+var xrdsRE *regexp.Regexp
+
+func init() {
+metaRE = regexp.MustCompile("<[ \t]*[mM][eE][tT][aA][^>]*[hH][tT][tT][pP]-[eE][qQ][uU][iI][vV]=[\"'][xX]-[xX][rR][dD][sS]-[lL][oO][cC][aA][tT][iI][oO][nN][\"'][^>]*>")
+xrdsRE = regexp.MustCompile("[cC][oO][nN][tT][eE][nN][tT]=[\"']([^\"]+)[\"']")
+//xrdsRE = regexp.MustCompile("content=[\"']([^\"']+)[\"']")
+}
+
+
 func searchHTMLMetaXRDS(r io.Reader) (string, os.Error) {
+	data, err := ioutil.ReadAll(r)
+	if err != nil {
+		return "", err
+	}
+	part := metaRE.Find(data)
+	if part == nil {
+		return "", os.NewError("No -meta- match")
+	}
+	content := xrdsRE.FindSubmatch(part)
+	if content == nil {
+		return "", os.NewError("No content in meta tag: " + string(part))
+	}
+	return string(content[1]), nil
+}
+
+func searchHTMLMetaXRDS_OLD(r io.Reader) (string, os.Error) {
 	parser := xml.NewParser(r)
 	var token xml.Token
 	var err os.Error
@@ -127,5 +156,5 @@ func searchHTMLMetaXRDS(r io.Reader) (string, os.Error) {
 			}
 		}
 	}
-	return "", os.ErrorString("Value not found")
+	return "", os.NewError("Value not found")
 }