def check_authentication(args)
assoc_handle = args['openid.assoc_handle']
if assoc_handle.nil?
return post_error('Missing openid.assoc_handle')
end
assoc = @store.get_association(@dumb_key, assoc_handle)
reply = {}
if (not assoc.nil?) and assoc.expires_in > 0
signed = args['openid.signed']
return post_error('Missing openid.signed') if signed.nil?
sig = args['openid.sig']
return post_error('Missing openid.sig') if sig.nil?
to_verify = args.dup
to_verify['openid.mode'] = 'id_res'
signed_fields = signed.strip.split(',')
tv_sig = assoc.sign_hash(signed_fields, to_verify)
if tv_sig == sig
@store.remove_association(@normal_key, assoc_handle)
is_valid = 'true'
invalidate_handle = args['openid.invalidate_handle']
unless invalidate_handle.nil?
a = @store.get_association(@normal_key, invalidate_handle)
reply['invalidate_handle'] = invalidate_handle if a.nil?
end
else
is_valid = 'false'
end
else
@store.remove_association(@dumb_key, assoc_handle) unless assoc.nil?
is_valid = 'false'
end
reply['is_valid'] = is_valid
return [REMOTE_OK, OpenID::Util.kvform(reply)]
end