From ba2f31c13615b3db902b31ec7ec927ac3e3a5104 Mon Sep 17 00:00:00 2001
From: Randy Ebersole <randy.ebersole@cerner.com>
Date: Wed, 27 May 2020 10:32:28 -0400
Subject: [PATCH] Issue #125 - Addressing missing server url in check_signature
 method

---
 lib/openid/consumer/idres.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/openid/consumer/idres.rb b/lib/openid/consumer/idres.rb
index 6520c16..b05449f 100644
--- a/lib/openid/consumer/idres.rb
+++ b/lib/openid/consumer/idres.rb
@@ -203,6 +203,21 @@ def verify_return_to_base(msg_return_to)
 
       # Raises ProtocolError if the signature is bad
       def check_signature
+        # ----------------------------------------------------------------------
+        # The server url must be defined within the endpoint instance for the
+        # OpenID2 namespace in order for the signature check to complete
+        # successfully.
+        #
+        # This fix corrects issue #125 - Unable to complete OpenID login
+        #                                with ruby-openid 2.9.0/2.9.1
+        # ---------------------------------------------------------------------
+        set_endpoint_flag = false
+        if @endpoint.nil? && openid_namespace == OPENID2_NS
+          @endpoint = OpenIDServiceEndpoint.new
+          @endpoint.server_url = fetch('op_endpoint')
+          set_endpoint_flag = true
+        end
+
         if @store.nil?
           assoc = nil
         else
@@ -223,6 +238,7 @@ def check_signature
             raise ProtocolError, "Bad signature in response from #{server_url}"
           end
         end
+        @endpoint = nil if set_endpoint_flag  # Clear endpoint if we defined it.
       end
 
       def check_auth