def _verifyDiscoverySingle(self, endpoint, to_match):
"""Verify that the given endpoint matches the information
extracted from the OpenID assertion, and raise an exception if
there is a mismatch.
@type endpoint: openid.consumer.discover.OpenIDServiceEndpoint
@type to_match: openid.consumer.discover.OpenIDServiceEndpoint
@rtype: NoneType
@raises ProtocolError: when the endpoint does not match the
discovered information.
"""
# Every type URI that's in the to_match endpoint has to be
# present in the discovered endpoint.
for type_uri in to_match.type_uris:
if not endpoint.usesExtension(type_uri):
raise TypeURIMismatch(type_uri, endpoint)
# Fragments do not influence discovery, so we can't compare a
# claimed identifier with a fragment to discovered information.
defragged_claimed_id, _ = urldefrag(to_match.claimed_id)
if defragged_claimed_id != endpoint.claimed_id:
raise ProtocolError(
'Claimed ID does not match (different subjects!), '
'Expected %s, got %s' %
(defragged_claimed_id, endpoint.claimed_id))
if to_match.getLocalID() != endpoint.getLocalID():
raise ProtocolError('local_id mismatch. Expected %s, got %s' %
(to_match.getLocalID(), endpoint.getLocalID()))
# If the server URL is None, this must be an OpenID 1
# response, because op_endpoint is a required parameter in
# OpenID 2. In that case, we don't actually care what the
# discovered server_url is, because signature checking or
# check_auth should take care of that check for us.
if to_match.server_url is None:
assert to_match.preferredNamespace() == OPENID1_NS, (
"""The code calling this must ensure that OpenID 2
responses have a non-none `openid.op_endpoint' and
that it is set as the `server_url' attribute of the
`to_match' endpoint.""")
elif to_match.server_url != endpoint.server_url:
raise ProtocolError('OP Endpoint mismatch. Expected %s, got %s' %
(to_match.server_url, endpoint.server_url))
评论列表
文章目录
