summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/yohcop/openid-go/normalizer.go
blob: 3384143d00d30fe0c0b8ebd5f783f3f00702c753 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package openid

import (
	"errors"
	"net/url"
	"strings"
)

func Normalize(id string) (string, error) {
	id = strings.TrimSpace(id)
	if len(id) == 0 {
		return "", errors.New("No id provided")
	}

	// 7.2 from openID 2.0 spec.

	//If the user's input starts with the "xri://" prefix, it MUST be
	//stripped off, so that XRIs are used in the canonical form.
	if strings.HasPrefix(id, "xri://") {
		id = id[6:]
		return id, errors.New("XRI identifiers not supported")
	}

	// If the first character of the resulting string is an XRI
	// Global Context Symbol ("=", "@", "+", "$", "!") or "(", as
	// defined in Section 2.2.1 of [XRI_Syntax_2.0], then the input
	// SHOULD be treated as an XRI.
	if b := id[0]; b == '=' || b == '@' || b == '+' || b == '$' || b == '!' || b == '(' {
		return id, errors.New("XRI identifiers not supported")
	}

	// Otherwise, the input SHOULD be treated as an http URL; if it
	// does not include a "http" or "https" scheme, the Identifier
	// MUST be prefixed with the string "http://". If the URL
	// contains a fragment part, it MUST be stripped off together
	// with the fragment delimiter character "#". See Section 11.5.2 for
	// more information.
	if !strings.HasPrefix(id, "http://") && !strings.HasPrefix(id,
		"https://") {
		id = "http://" + id
	}
	if fragmentIndex := strings.Index(id, "#"); fragmentIndex != -1 {
		id = id[0:fragmentIndex]
	}
	if u, err := url.ParseRequestURI(id); err != nil {
		return "", err
	} else {
		if u.Host == "" {
			return "", errors.New("Invalid address provided as id")
		}
		if u.Path == "" {
			u.Path = "/"
		}
		id = u.String()
	}

	// URL Identifiers MUST then be further normalized by both
	// following redirects when retrieving their content and finally
	// applying the rules in Section 6 of [RFC3986] to the final
	// destination URL. This final URL MUST be noted by the Relying
	// Party as the Claimed Identifier and be used when requesting
	// authentication.
	return id, nil
}