1.1 --- a/WebStack/Resources/OpenIDRedirect.py Tue Nov 13 23:17:11 2007 +0000
1.2 +++ b/WebStack/Resources/OpenIDRedirect.py Sat Nov 17 00:30:16 2007 +0000
1.3 @@ -37,16 +37,16 @@
1.4
1.5 "Respond using the given transaction 'trans'."
1.6
1.7 - fields_path = trans.get_fields_from_path(self.path_encoding)
1.8 + fields = trans.get_fields(self.path_encoding)
1.9
1.10 # If requested, attempt to verify OpenID assertions.
1.11 # http://openid.net/specs/openid-authentication-2_0-12.html#rfc.section.11
1.12
1.13 - if fields_path.get("openid.ns", [None])[0] == self.openid_ns and \
1.14 - fields_path.get("openid.mode", [None])[0] == "id_res":
1.15 + if fields.get("openid.ns", [None])[0] == self.openid_ns and \
1.16 + fields.get("openid.mode", [None])[0] == "id_res":
1.17
1.18 if self.authenticator.authenticate(trans, verify=1):
1.19 - trans.redirect(fields_path["openid.return_to"][0])
1.20 + trans.redirect(fields["openid.return_to"][0])
1.21
1.22 # Otherwise, handle the usual parameters and request details.
1.23
1.24 @@ -92,18 +92,18 @@
1.25 # If requested, attempt to verify OpenID assertions.
1.26
1.27 if verify:
1.28 - fields_path = trans.get_fields_from_path(self.urlencoding)
1.29 + fields = trans.get_fields(self.urlencoding)
1.30
1.31 # NOTE: Could expose all errors.
1.32
1.33 try:
1.34 # Test the details of the assertion.
1.35
1.36 - if self.test_url(fields_path) and \
1.37 - self.test_signature(fields_path) and \
1.38 - self.test_replay(fields_path):
1.39 + if self.test_url(fields) and \
1.40 + self.test_signature(fields) and \
1.41 + self.test_replay(fields):
1.42
1.43 - self.set_token(trans, fields_path["openid.identity"][0])
1.44 + self.set_token(trans, fields["openid.identity"][0])
1.45 return 1
1.46
1.47 # Incomplete assertion.
1.48 @@ -127,7 +127,7 @@
1.49 trans.set_user(username)
1.50 return valid
1.51
1.52 - def test_url(self, fields_path):
1.53 + def test_url(self, fields):
1.54
1.55 """
1.56 See:
1.57 @@ -136,9 +136,9 @@
1.58
1.59 # NOTE: Currently, this is not strict enough.
1.60
1.61 - return fields_path["openid.return_to"][0].startswith(self.app_url)
1.62 + return fields["openid.return_to"][0].startswith(self.app_url)
1.63
1.64 - def test_signature(self, fields_path):
1.65 + def test_signature(self, fields):
1.66
1.67 """
1.68 See:
1.69 @@ -146,7 +146,7 @@
1.70 http://openid.net/specs/openid-authentication-2_0-12.html#rfc.section.6
1.71 """
1.72
1.73 - handle = fields_path.get("openid.assoc_handle", [None])[0]
1.74 + handle = fields.get("openid.assoc_handle", [None])[0]
1.75
1.76 # With an association handle, look up the appropriate secret key and
1.77 # verify the signed items.
1.78 @@ -156,19 +156,19 @@
1.79 # Where an association exists, use the known secret key.
1.80
1.81 if self.associations.has_key(handle):
1.82 - return check_openid_signature(fields_path, self.associations[handle])
1.83 + return check_openid_signature(fields, self.associations[handle])
1.84
1.85 # Without an association, request verification of the signed items
1.86 # from the OpenID provider.
1.87
1.88 else:
1.89 - return self.test_signature_direct(fields_path)
1.90 + return self.test_signature_direct(fields)
1.91
1.92 # Without a handle, no signature verification can occur.
1.93
1.94 return 0
1.95
1.96 - def test_signature_direct(self, fields_path):
1.97 + def test_signature_direct(self, fields):
1.98
1.99 """
1.100 See:
1.101 @@ -178,7 +178,7 @@
1.102 # Make a POST request using the "openid." fields.
1.103
1.104 d = {}
1.105 - for name, values in fields_path.items():
1.106 + for name, values in fields.items():
1.107 if name.startswith("openid.") and name != "openid.mode":
1.108 d[name] = values[0]
1.109 d["openid.mode"] = "check_authentication"
1.110 @@ -187,7 +187,7 @@
1.111 # Send a POST request to the OpenID provider, reading the response and
1.112 # testing for certain fields and values.
1.113
1.114 - f = urllib.urlopen(fields_path["openid.op_endpoint"][0], data)
1.115 + f = urllib.urlopen(fields["openid.op_endpoint"][0], data)
1.116 try:
1.117 items = []
1.118 for line in f.readlines():
1.119 @@ -200,14 +200,14 @@
1.120 finally:
1.121 f.close()
1.122
1.123 - def test_replay(self, fields_path):
1.124 + def test_replay(self, fields):
1.125
1.126 """
1.127 See:
1.128 http://openid.net/specs/openid-authentication-2_0-12.html#rfc.section.11.3
1.129 """
1.130
1.131 - timestamp = fields_path["openid.response_nonce"][0]
1.132 + timestamp = fields["openid.response_nonce"][0]
1.133 # YYYY-MM-DDTHH:MM:SSZ...
1.134 year, month, day, hour, minute, second, unique = \
1.135 int(timestamp[0:4]), int(timestamp[5:7]), int(timestamp[8:10]), \