def get_auth_response(authorized, args)
mode = args['openid.mode']
unless ['checkid_immediate', 'checkid_setup'].member?(mode)
e = "invalid openid.mode (#{mode}) for GET requests"
return get_error(args, e)
end
identity = args['openid.identity']
get_error(args, "No identity specified") if identity.nil?
begin
return_to = check_trust_root(args)
rescue ArgumentError => e
return get_error(args, e.to_s)
end
unless authorized
if mode == 'checkid_immediate'
nargs = args.dup
nargs['openid.mode'] = 'checkid_setup'
setup_url = OpenID::Util.append_args(@url, nargs)
redirect_args = {
'openid.mode' => 'id_res',
'openid.user_setup_url' => setup_url
}
return [REDIRECT, OpenID::Util.append_args(return_to, redirect_args)]
elsif mode == 'checkid_setup'
return [DO_AUTH, AuthorizationInfo.new(@url, args)]
else
raise ArgumentError, "unable to handle openid.mode (#{mode})"
end
end
reply = {
'openid.mode' => 'id_res',
'openid.return_to' => return_to,
'openid.identity' => identity
}
assoc_handle = args['openid.assoc_handle']
if assoc_handle.nil?
assoc = create_association('HMAC-SHA1')
@store.store_association(@dumb_key, assoc)
else
assoc = @store.get_association(@normal_key, assoc_handle)
if assoc.nil? or assoc.expired?
unless assoc.nil?
@store.remove_association(@normal_key, assoc.handle)
end
assoc = create_association('HMAC-SHA1')
@store.store_association(@dumb_key, assoc)
reply['openid.invalidate_handle'] = assoc_handle
end
end
reply['openid.assoc_handle'] = assoc.handle
assoc.add_signature(@@SIGNED_FIELDS, reply)
return [REDIRECT, OpenID::Util.append_args(return_to, reply)]
end