# HG changeset patch
# User Paul Boddie <paul@boddie.org.uk>
# Date 1259176372 -3600
# Node ID 127c9715df148fb48194dfe6d5609ed868dba0c8
# Parent  28844d7a5ffb7841a2d727059c78cd26a159c37d
Added a test for empty identifiers in OpenID initiation.
Changed the user identity to be the claimed identity (not the local identity
from the provider) for users authenticated via OpenID.
Made the local identities distinct from the claimed identities in the
login/provider example.

diff -r 28844d7a5ffb -r 127c9715df14 WebStack/Resources/OpenIDInitiation.py
--- a/WebStack/Resources/OpenIDInitiation.py	Tue Jul 07 01:12:55 2009 +0200
+++ b/WebStack/Resources/OpenIDInitiation.py	Wed Nov 25 20:12:52 2009 +0100
@@ -76,10 +76,18 @@
         if identity.startswith("xri://"):
             identity = openid[6:]
 
+        # Detect empty identifiers.
+
+        if not identity:
+            return None, None, None
+
         # NOTE: Not yet discovering XRI providers.
 
-        if identity[0] in ("=", "@", "+", "$", "!", "("):
+        elif identity[0] in ("=", "@", "+", "$", "!", "("):
             pass
+
+        # Handle URL-based identifiers.
+
         else:
             if not identity.startswith("http"):
                 identity = "http://" + identity
diff -r 28844d7a5ffb -r 127c9715df14 WebStack/Resources/OpenIDRedirect.py
--- a/WebStack/Resources/OpenIDRedirect.py	Tue Jul 07 01:12:55 2009 +0200
+++ b/WebStack/Resources/OpenIDRedirect.py	Wed Nov 25 20:12:52 2009 +0100
@@ -90,7 +90,7 @@
         otherwise.
 
         If the optional 'verify' parameter is specified as a true value, perform
-        verification on any 
+        verification on any incoming OpenID credentials.
         """
 
         # If requested, attempt to verify OpenID assertions.
@@ -107,7 +107,7 @@
                     self.test_signature(trans, fields) and \
                     self.test_replay(fields):
 
-                    self.set_token(trans, fields["openid.identity"][0])
+                    self.set_token(trans, fields["openid.claimed_id"][0])
                     return 1
 
             # Incomplete assertion.
@@ -140,7 +140,8 @@
 
         # NOTE: Currently, this is not strict enough.
 
-        return fields["openid.return_to"][0].startswith(self.app_url)
+        return fields.has_key("openid.return_to") and \
+            fields["openid.return_to"][0].startswith(self.app_url)
 
     def test_signature(self, trans, fields):
 
diff -r 28844d7a5ffb -r 127c9715df14 examples/Common/OpenIDLogin/__init__.py
--- a/examples/Common/OpenIDLogin/__init__.py	Tue Jul 07 01:12:55 2009 +0200
+++ b/examples/Common/OpenIDLogin/__init__.py	Wed Nov 25 20:12:52 2009 +0100
@@ -20,10 +20,13 @@
         app_url=app_url,
         authenticator=Authenticator(
             credentials=(
-                # Local identifier,           username,  password
-                ((deployment_url + "/badger", "badger"), "abc"),
-                ((deployment_url + "/vole",   "vole"),   "xyz"),
-                ((deployment_url + u"/זרו",   u"זרו"),   u"ֶ״ֵ"),
+                # Local identifier, username, password
+                (( "badger",  "badger"), "abc"),
+                (( "vole",    "vole"),   "xyz"),
+                ((u"זרו",    u"זרו"),   u"ֶ״ֵ"),
+                (( "badger2", "badger"), "abc"),
+                (( "vole2",   "vole"),   "xyz"),
+                ((u"זרו2",   u"זרו"),   u"ֶ״ֵ"),
                 )
             )
         )
@@ -39,40 +42,74 @@
                 <html>
                   <head>
                     <link rel="openid2.provider openid.server" href="%s/login" />
-                    <link rel="openid2.local_id openid.delegate" href="%s/badger" />
+                    <link rel="openid2.local_id openid.delegate" href="badger" />
                     <title>Badger's Home Page</title>
                   </head>
                   <body>
                     <p>Home page for the OpenID authenticated user, <code>badger</code>.</p>
                   </body>
                 </html>
-            """ % (deployment_url, deployment_url), ContentType("text/html")),
+            """ % deployment_url, ContentType("text/html")),
         u"זרו" :
             StringResource(u"""
                 <html>
                   <head>
                     <link rel="openid2.provider openid.server" href="%s/login" />
-                    <link rel="openid2.local_id openid.delegate" href="%s/זרו" />
+                    <link rel="openid2.local_id openid.delegate" href="זרו" />
                     <title>Home Page for זרו</title>
                   </head>
                   <body>
                     <p>Home page for the OpenID authenticated user, <code>זרו</code>.</p>
                   </body>
                 </html>
-            """ % (deployment_url, deployment_url), ContentType("text/html", "iso-8859-1")),
+            """ % deployment_url, ContentType("text/html", "iso-8859-1")),
         "vole" :
             StringResource("""
                 <html>
                   <head>
                     <link rel="openid2.provider openid.server" href="%s/login" />
-                    <link rel="openid2.local_id openid.delegate" href="%s/vole" />
+                    <link rel="openid2.local_id openid.delegate" href="vole" />
                     <title>Vole's Home Page</title>
                   </head>
                   <body>
                     <p>Home page for the OpenID authenticated user, <code>vole</code>.</p>
                   </body>
                 </html>
-            """ % (deployment_url, deployment_url), ContentType("text/html"))
+            """ % deployment_url, ContentType("text/html")),
+
+        # OpenID 2.0 resources.
+        # See: http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.html#_Ref129424065
+        #      ("3.3 Media Types for XRI Resolution")
+        # See: http://openid.net/specs/openid-authentication-2_0.html#discovery
+        #      ("7.3. Discovery")
+
+        "badger2" :
+            StringResource("""
+                <?xml version="1.0"?>
+                <Service xmlns="xri://$xrd*($v*2.0)">
+                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
+                  <URI>%s/login</URI>
+                  <LocalID>badger2</LocalID>
+                </Service>
+            """ % deployment_url, ContentType("application/xrd+xml")),
+        u"זרו2" :
+            StringResource(u"""
+                <?xml version="1.0" encoding="iso-8859-1"?>
+                <Service xmlns="xri://$xrd*($v*2.0)">
+                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
+                  <URI>%s/login</URI>
+                  <LocalID>זרו2</LocalID>
+                </Service>
+            """ % deployment_url, ContentType("application/xrd+xml", "iso-8859-1")),
+        "vole2" :
+            StringResource("""
+                <?xml version="1.0"?>
+                <Service xmlns="xri://$xrd*($v*2.0)">
+                  <Type>http://specs.openid.net/auth/2.0/signon</Type>
+                  <URI>%s/login</URI>
+                  <LocalID>vole2</LocalID>
+                </Service>
+            """ % deployment_url, ContentType("application/xrd+xml")),
         })
 
 # vim: tabstop=4 expandtab shiftwidth=4