#730462: add support for openid.invalidate_handle.

From: Damien Tournoud <damien@tournoud.net>


---
 openid/openid.module |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git modules/openid/openid.module modules/openid/openid.module
index a9f7ab9..9d9d2bf 100644
--- modules/openid/openid.module
+++ modules/openid/openid.module
@@ -711,6 +711,15 @@ function openid_verify_assertion($op_endpoint, $response) {
 
   $valid = FALSE;
 
+  if (!empty($response['invalidate_handle'])) {
+    // This association handle has expired on the OP side, remove it from the
+    // database to avoid reusing it again on a subsequent authentication request.
+    // @see http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication
+    db_delete('openid_association')
+      ->condition('assoc_handle', $response['invalidate_handle'])
+      ->execute();
+  }
+
   $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
   if ($association && isset($association->session_type)) {
     $keys_to_sign = explode(',', $response['openid.signed']);