Commits

Martin von Löwis  committed 54808a0

Check nonce presence for OpenID 2.

  • Participants
  • Parent commits cad7248

Comments (0)

Files changed (1)

File openid2rp/__init__.py

 
 def verify(response, discovery_cache, find_association, nonce_seen):
     response = _prepare_response(response)
+    if 'openid.ns' in response:
+        ns = response['openid.ns'][0]
+        if ns != 'http://specs.openid.net/auth/2.0':
+            raise NotAuthenticated('Unsupported OpenID version')
+    else:
+        ns = None
     mode = response['openid.mode'][0]
     if mode == 'cancel':
         raise NotAuthenticated('Login cancelled')
             raise NotAuthenticated('Replay attack detected')
         if nonce_seen(nonce):
             raise NotAuthenticated('Replay attack deteced')
+    elif ns:
+        raise NotAuthenticated('Nonce missing in OpenID 2 response')
     return signed, claimed_id
 
 def parse_nonce(nonce):