Permalink
Browse files

Correction on VerifyDirect response parsing

  • Loading branch information...
1 parent c122fd8 commit 02319b1dfa953675278b3b10cdd3f070f3e014ee @fduraffourg fduraffourg committed Mar 17, 2011
Showing with 19 additions and 21 deletions.
  1. +11 −11 authrequest.go
  2. +8 −10 verify.go
View
@@ -18,10 +18,10 @@ const (
)
-func GetRedirectURL (Identifier string, realm string, returnto string) (string, os.Error) {
+func GetRedirectURL(Identifier string, realm string, returnto string) (string, os.Error) {
var err os.Error
var Id, IdType = NormalizeIdentifier(Identifier)
-
+
// If the identifier is an XRI, [XRI_Resolution_2.0] will yield an XRDS document that contains the necessary information. It should also be noted that Relying Parties can take advantage of XRI Proxy Resolvers, such as the one provided by XDI.org at http://www.xri.net. This will remove the need for the RPs to perform XRI Resolution locally.
if IdType == IdentifierXRI {
// Not implemented yet
@@ -48,8 +48,8 @@ func GetRedirectURL (Identifier string, realm string, returnto string) (string,
// If the Yadis protocol fails and no valid XRDS document is retrieved, or no Service Elements are found in the XRDS document, the URL is retrieved and HTML-Based discovery SHALL be attempted.
-
- return "url", nil
+
+ return "Not implemented", nil
}
func NormalizeIdentifier(Id string) (Identifier string, IdentifierType int) {
@@ -61,24 +61,24 @@ func NormalizeIdentifier(Id string) (Identifier string, IdentifierType int) {
// 2. If the first character of the resulting string is an XRI Global Context Symbol ("=", "@", "+", "$", "!") or "(", as defined in Section 2.2.1 of [XRI_Syntax_2.0] (Reed, D. and D. McAlpin, “Extensible Resource Identifier (XRI) Syntax V2.0,” .), then the input SHOULD be treated as an XRI.
var firstChar = Identifier[0]
- if firstChar == '=' || firstChar == '@' || firstChar == '+' || firstChar == '$' || firstChar == '!' {
+ if firstChar == '=' || firstChar == '@' || firstChar == '+' || firstChar == '$' || firstChar == '!' {
IdentifierType = IdentifierXRI
return
}
// 3. Otherwise, the input SHOULD be treated as an http URL; if it does not include a "http" or "https" scheme, the Identifier MUST be prefixed with the string "http://". If the URL contains a fragment part, it MUST be stripped off together with the fragment delimiter character "#". See Section 11.5.2 (HTTP and HTTPS URL Identifiers) for more information.
IdentifierType = IdentifierURL
- if ! strings.HasPrefix(Identifier, "http://") && ! strings.HasPrefix(Identifier, "https://") {
+ if !strings.HasPrefix(Identifier, "http://") && !strings.HasPrefix(Identifier, "https://") {
Identifier = "http://" + Identifier
}
// 4. URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication (Requesting Authentication).
-
+
return
}
func CreateAuthenticationRequest(OPEndPoint, ClaimedID, Realm, ReturnTo string) string {
- var p = make(map[string] string)
+ var p = make(map[string]string)
p["openid.ns"] = "http://specs.openid.net/auth/2.0"
p["openid.mode"] = "checkid_setup"
@@ -96,9 +96,9 @@ func CreateAuthenticationRequest(OPEndPoint, ClaimedID, Realm, ReturnTo string)
var url string
url = OPEndPoint + "?"
-
- for k,v := range(p) {
+
+ for k, v := range p {
url += http.URLEscape(k) + "=" + http.URLEscape(v) + "&"
}
return url
-}
+}
View
@@ -44,8 +44,8 @@ func Verify(url string) (grant bool, identifier string, err os.Error) {
return
}
-var REVerifyDirectIsValid = "is_valid=true"
-var REVerifyDirectNs = regexp.MustCompile("ns=([^&]*)")
+var REVerifyDirectIsValid = "is_valid:true"
+var REVerifyDirectNs = regexp.MustCompile("ns:([a-zA-Z0-9:/.]*)")
func verifyDirect(urlm map[string]string) (grant bool, err os.Error) {
grant = false
@@ -69,22 +69,20 @@ func verifyDirect(urlm map[string]string) (grant bool, err os.Error) {
}
// Parse the response
- // Convert the reader -- Warning, response.ContentLength might be -1!!
- buffer := make([]byte, response.ContentLength)
+ // Convert the reader
+ // We limit the size of the response to 1024 bytes but it should be large enough for most cases
+ buffer := make([]byte, 1024)
_, err = response.Body.Read(buffer)
if err != nil {
return false, err
}
// Check for ns
- rematchs := REVerifyDirectNs.FindSubmatch(buffer)
- if len(rematchs) < 1 {
+ rematch := REVerifyDirectNs.FindSubmatch(buffer)
+ if rematch == nil {
return false, os.ErrorString("verifyDirect: ns value not found on the response of the OP")
}
- nsValue, err := http.URLUnescape(string(rematchs[1]))
- if err != nil {
- return false, err
- }
+ nsValue := string(rematch[1])
if !bytes.Equal([]byte(nsValue), []byte("http://specs.openid.net/auth/2.0")) {
return false, os.ErrorString("verifyDirect: ns value not correct: " + nsValue)
}

0 comments on commit 02319b1

Please sign in to comment.