note documentation sections of openid 2.0 spec in comments

[citadel.git] / citadel / modules / openid / serv_openid_rp.c

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index d1a660c6b362d283f76f81d47280be7d3b19ba01..1ad50971f9c37303c0cc35da246d5ed1105b5c5e 100644 (file)
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -567,7 +567,7 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) {
        curl_easy_setopt(curl, CURLOPT_ENCODING, "");
 #endif
        curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL);
-       curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180);           /* die after 180 seconds */
+       curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30);            /* die after 30 seconds */
 
        if (
                (!IsEmptyStr(config.c_ip_addr))
@@ -702,21 +702,18 @@ int parse_xrds_document(StrBuf *ReplyBuf) {
 
 /*
  * Callback function for perform_yadis_discovery()
- * We're interested in HTTP headers returned from the server.
+ * We're interested in the X-XRDS-Location: header.
  */
 size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata) {
        char hdr[1024];
-       char *x_xrds_location = (char *) userdata;
+       StrBuf **x_xrds_location = (StrBuf **) userdata;
 
        memcpy(hdr, ptr, (size*nmemb));
        hdr[size*nmemb] = 0;
 
-       /* We are looking for a header like this:
-        * X-XRDS-Location: https://api.screenname.aol.com/auth/openid/xrds
-        */
        if (!strncasecmp(hdr, "X-XRDS-Location:", 16)) {
-               safestrncpy(x_xrds_location, &hdr[16], 1024);
-               striplt(x_xrds_location);
+               *x_xrds_location = NewStrBufPlain(&hdr[16], ((size*nmemb)-16));
+               StrBufTrim(*x_xrds_location);
        }
 
        return(size * nmemb);
@@ -731,14 +728,15 @@ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata
 int perform_yadis_discovery(StrBuf *YadisURL) {
        int docbytes = (-1);
        StrBuf *ReplyBuf = NULL;
-       int r;
+       int return_value = 0;
        CURL *curl;
        CURLcode result;
        char errmsg[1024] = "";
        struct curl_slist *my_headers = NULL;
-       char x_xrds_location[1024] = "";
+       StrBuf *x_xrds_location = NULL;
 
        if (YadisURL == NULL) return(0);
+       syslog(LOG_DEBUG, "perform_yadis_discovery(%s)", ChrPtr(YadisURL));
        if (StrLength(YadisURL) == 0) return(0);
 
        ReplyBuf = NewStrBuf ();
@@ -766,38 +764,42 @@ int perform_yadis_discovery(StrBuf *YadisURL) {
        curl_easy_cleanup(curl);
        docbytes = StrLength(ReplyBuf);
 
-
-       /* FIXME here we need to handle Yadis 1.0 section 6.2.5.
-        *
+       /*
         * The response from the server will be one of:
         * 
         * Option 1: An HTML document with a <head> element that includes a <meta> element with http-equiv
         * attribute, X-XRDS-Location,
         */
+       /* FIXME handle this somehow */
 
        /*
-        * Option 2: HTTP response-headers that include an X-XRDS-Location response-header, together with a
-        * document (NOTE: we can probably recurse for this)
-        * 
-        * Option 3:. HTTP response-headers only, which MAY include an X-XRDS-Location response-header,
-        * a contenttype response-header specifying MIME media type, application/xrds+xml, or both.
+        * Option 2: HTTP response-headers that include an X-XRDS-Location response-header,
+        *           together with a document.
+        * Option 3: HTTP response-headers only, which MAY include an X-XRDS-Location response-header,
+        *           a contenttype response-header specifying MIME media type,
+        *           application/xrds+xml, or both.
         *
-        * If the X-XRDS-Location was set, we know about it at this point...
+        * If the X-XRDS-Location header was delivered, we know about it at this point...
         */
-       if (!IsEmptyStr(x_xrds_location)) {
-               syslog(LOG_DEBUG, "\033[31m FIXME \033[32m %s \033[0m", x_xrds_location);
+       if (    (x_xrds_location)
+               && (strcmp(ChrPtr(x_xrds_location), ChrPtr(YadisURL)))
+       ) {
+               syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location));
+               return_value = perform_yadis_discovery(x_xrds_location);
+               FreeStrBuf(&x_xrds_location);
        }
 
        /*
         * Option 4: the returned web page may *be* an XRDS document.  Try to parse it.
         */
-       r = 0;
-       if (docbytes >= 0) {
-               r = parse_xrds_document(ReplyBuf);
-               FreeStrBuf(&ReplyBuf);
+       else if (docbytes >= 0) {
+               return_value = parse_xrds_document(ReplyBuf);
        }
 
-       return(r);
+       if (ReplyBuf != NULL) {
+               FreeStrBuf(&ReplyBuf);
+       }
+       return(return_value);
 }
 
 
@@ -841,17 +843,18 @@ void cmd_oids(char *argbuf) {
 
        /********** OpenID 2.0 section 7.3 - Discovery **********/
 
-       /* First we're supposed to attempt XRI based resolution.
+       /* Section 7.3.1 says we have to attempt XRI based discovery.
         * No one is using this, no one is asking for it, no one wants it.
         * So we're not even going to bother attempting this mode.
         */
 
-       /* Second we attempt Yadis.
+       /* Section 7.3.2 specifies Yadis discovery.
         * Google uses this so we'd better do our best to implement it.
         */
        int yadis_succeeded = perform_yadis_discovery(oiddata->claimed_id);
 
-       /* Third we attempt HTML-based discovery.  Here we go! */
+       /* Section 7.3.3 specifies HTML-based discovery which is similar to what we did in OpenID 1.1
+        */
        if (    (yadis_succeeded == 0)
                && (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0)
                && (StrLength(ReplyBuf) > 0)