diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2021-01-05 15:58:39 +0900 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2021-01-05 15:58:39 +0900 |
| commit | 35c2b39e79e6f3520ccdae8694b5f8f968e36844 (patch) | |
| tree | 279cfc0aaec4a6d357a3c5d6f58af542954ef2a9 | |
| parent | 3f9b3423bbf7d920beacd29f251978c37454a6ba (diff) | |
| download | woocommerce-taler-35c2b39e79e6f3520ccdae8694b5f8f968e36844.tar.gz woocommerce-taler-35c2b39e79e6f3520ccdae8694b5f8f968e36844.tar.bz2 woocommerce-taler-35c2b39e79e6f3520ccdae8694b5f8f968e36844.zip | |
fix
| -rw-r--r-- | snippets/oidc-woocommerce.php | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/snippets/oidc-woocommerce.php b/snippets/oidc-woocommerce.php index 0ce5ddb..64bc5fc 100644 --- a/snippets/oidc-woocommerce.php +++ b/snippets/oidc-woocommerce.php @@ -93,11 +93,12 @@ function get_claim( $claimname, $userinfo, &$claimvalue ) { if ( ! array_key_exists( $claimname, $claim_src_ptr ) ) { return False; } - $src = $claim_src_ptr[$claimname]; + $src_name = $claim_src_ptr[$claimname]; //Reference found, but no corresponding JWT. This is a malformed userinfo - if ( ! array_key_exists( $src, $userinfo['_claim_sources']) ) { + if ( ! array_key_exists( $src_name, $userinfo['_claim_sources']) ) { return False; } + $src = $userinfo['_claim_sources'][$src_name]; //Source claim is not a JWT. Abort. if ( ! array_key_exists( 'JWT', $src ) ) { return False; @@ -107,14 +108,17 @@ function get_claim( $claimname, $userinfo, &$claimvalue ) { * FIXME: We probably want to verify the JWT signature/issuer here! */ $jwt = $src['JWT']; - list ($header, $body, $rest) = split('.', $jwt, 3); - $body_decoded = base64_decode ( $body, false ); - if ( ( isset ( $body_decoded ) ) && - ( array_key_exists( $claimname, $body_decoded ) ) ) { - $claimvalue = $body_decoded[$claimname]; - return True; + list ($header, $body, $rest) = explode('.', $jwt, 3); + $body_str = base64_decode ( $body, false ); + $body_json = json_decode ($body_str, True); + if ( !isset ( $body_json ) ) { + return False; + } + if ( !array_key_exists( $claimname, $body_json ) ) { + return False; } - return False; + $claimvalue = $body_json[$claimname]; + return True; } /** |