? 501702-5-openid_client_ax_update_url.patch ? 501702-6-openid_client_ax_update_url.patch Index: openid_client_ax.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/openid_client_ax/openid_client_ax.module,v retrieving revision 1.2.2.8 diff -u -p -r1.2.2.8 openid_client_ax.module --- openid_client_ax.module 6 Jul 2009 16:19:11 -0000 1.2.2.8 +++ openid_client_ax.module 25 Oct 2010 16:40:24 -0000 @@ -24,6 +24,10 @@ function openid_client_ax_menu() { 'page arguments' => array('openid_client_ax_admin_settings'), 'access arguments' => array('administer openid client ax'), ); + $items['openid/update'] = array( + 'page callback' => 'openid_client_ax_update', + 'access callback' => '_openid_client_ax_access', + ); return $items; } @@ -44,6 +48,7 @@ function openid_client_ax_openid($op, $r $request = array(); $request[sprintf('openid.ns.%s', variable_get('openid_client_ax_alias', 'ax'))] = 'http://openid.net/srv/ax/1.0'; $request[sprintf('openid.%s.mode', variable_get('openid_client_ax_alias', 'ax'))] = 'fetch_request'; + $request[sprintf('openid.%s.update_url', variable_get('openid_client_ax_alias', 'ax'))] = url('openid/update', array('absolute' => TRUE)); $short_names = $attributes = array(); $attributes = module_invoke_all('openid_client', 'get'); foreach ($attributes as $attrib_url) { @@ -61,6 +66,32 @@ function openid_client_ax_openid($op, $r } /** + * Handles unsolicited positive assertion from OPs. + */ +function openid_client_ax_update() { + module_load_include('inc', 'openid', 'openid'); + + $response = _openid_response(); + $account = user_external_load($response['openid.claimed_id']); + + // Make sure if the RP is valid, do Direct Verification. + $disco = openid_discovery($response['openid.claimed_id']); + //$endpoint = $disco[0]['uri']; + $endpoint = array('uri' => $disco[0]['uri'], 'version' => $disco[0]['version']); + + $valid = openid_verify_assertion($endpoint, $response); + + // Ask the OP to stop sending updates + if ($valid == FALSE || !$account->uid) { + header("HTTP/1.0 404 Not Found"); + return; + } + + // Update the profile data + module_invoke_all('openid_client', 'update', $response, $account); +} + +/** * Settings function for the module */ function openid_client_ax_admin_settings() { @@ -194,6 +225,14 @@ function _openid_client_ax_get_multiple_ } /** + * Allow access to openid AX update URL. + * @see hook_menu(). + */ +function _openid_client_ax_access() { + return TRUE; +} + +/** * Create an array containing the identifiers as listed in * http://www.axschema.org/types/ *