forked from brianolson/go-openid
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathverify.go
93 lines (75 loc) · 2.37 KB
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Copyright 2010 Florian Duraffourg. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package openid
import (
"io/ioutil"
"bytes"
"errors"
"log"
"net/http"
"net/url"
"regexp"
)
// Verify that the url given match a successfull authentication
// Return:
// * true if authenticated, false otherwise
// * The Claimed identifier if authenticated
// * Eventually an error
func Verify(url_ string) (grant bool, identifier string, err error) {
grant = false
identifier = ""
err = nil
var values url.Values
values, err = url.ParseQuery(url_)
if err != nil {
return false, "", err
}
// The value of "openid.return_to" matches the URL of the current request (Section 11.1)
// To be implemented in a global way
// Discovered information matches the information in the assertion (Section 11.2)
// An assertion has not yet been accepted from this OP with the same value for "openid.response_nonce" (Section 11.3)
// The signature on the assertion is valid and all fields that are required to be signed are signed (Section 11.4)
return VerifyValues(values)
}
var REVerifyDirectIsValid = "is_valid:true"
// Like Verify on a parsed URL
func VerifyValues(values url.Values) (grant bool, identifier string, err error) {
err = nil
var postArgs url.Values
postArgs = url.Values(map[string][]string{})
// Create the url
URLEndPoint := values.Get("openid.op_endpoint")
if URLEndPoint == "" {
log.Printf("no openid.op_endpoint")
return false, "", errors.New("no openid.op_endpoint")
}
for k, v := range values {
postArgs[k] = v
}
postArgs.Set("openid.mode", "check_authentication")
postContent := postArgs.Encode()
// Post the request
var client = new(http.Client)
postReader := bytes.NewBuffer([]byte(postContent))
response, err := client.Post(URLEndPoint, "application/x-www-form-urlencoded", postReader)
if err != nil {
log.Printf("VerifyValues failed at post")
return false, "", err
}
buffer, err := ioutil.ReadAll(response.Body)
if err != nil {
log.Printf("VerifyValues failed reading response")
return false, "", err
}
// Check for is_valid
match, err := regexp.Match(REVerifyDirectIsValid, buffer)
if err != nil {
return false, "", err
}
identifier = values.Get("openid.claimed_id")
if !match {
log.Printf("no is_valid:true in \"%s\"", buffer)
}
return match, identifier, nil
}