From d6068a8c29bd450049a73cac76f7c4c397c160e3 Mon Sep 17 00:00:00 2001
From: Sebastian Marcet <smarcet@gmail.com>
Date: Wed, 16 Mar 2016 11:57:12 -0300
Subject: [PATCH] Fixed DH error

added to DHRequest a validation for g parameter ( > 1 )

Change-Id: If436ff7a558028043bb7a52e31c81b7fd3b6eb44
---
 .../OpenIdSessionAssociationRequestHandler.php       | 12 ++++++------
 .../requests/OpenIdDHAssociationSessionRequest.php   | 10 ++++++----
 app/start/global.php                                 |  4 ++--
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/app/libs/openid/handlers/OpenIdSessionAssociationRequestHandler.php b/app/libs/openid/handlers/OpenIdSessionAssociationRequestHandler.php
index b5349ac9..7ee6a90b 100644
--- a/app/libs/openid/handlers/OpenIdSessionAssociationRequestHandler.php
+++ b/app/libs/openid/handlers/OpenIdSessionAssociationRequestHandler.php
@@ -44,23 +44,23 @@ final class OpenIdSessionAssociationRequestHandler extends OpenIdMessageHandler
         } catch (InvalidSessionTypeException $inv_session_ex) {
             $this->checkpoint_service->trackException($inv_session_ex);
             $response = new OpenIdAssociationSessionUnsuccessfulResponse($inv_session_ex->getMessage());
-            $this->log_service->error($inv_session_ex);
+            $this->log_service->warning($inv_session_ex);
             if(!is_null($this->current_request))
-                $this->log_service->error_msg("current request: ".$this->current_request->toString());
+                $this->log_service->warning_msg("current request: ".$this->current_request->toString());
             return $response;
         } catch (InvalidAssociationTypeException $inv_assoc_ex) {
             $this->checkpoint_service->trackException($inv_assoc_ex);
             $response = new OpenIdAssociationSessionUnsuccessfulResponse($inv_assoc_ex->getMessage());
-            $this->log_service->error($inv_assoc_ex);
+            $this->log_service->warning($inv_assoc_ex);
             if(!is_null($this->current_request))
-                $this->log_service->error_msg("current request: ".$this->current_request->toString());
+                $this->log_service->warning_msg("current request: ".$this->current_request->toString());
             return $response;
         } catch (InvalidOpenIdMessageException $inv_msg_ex) {
             $response = new OpenIdDirectGenericErrorResponse($inv_msg_ex->getMessage());
             $this->checkpoint_service->trackException($inv_msg_ex);
-            $this->log_service->error($inv_msg_ex);
+            $this->log_service->warning($inv_msg_ex);
             if(!is_null($this->current_request))
-                $this->log_service->error_msg("current request: ".$this->current_request->toString());
+                $this->log_service->warning_msg("current request: ".$this->current_request->toString());
             return $response;
         } catch (Exception $ex) {
             $this->checkpoint_service->trackException($ex);
diff --git a/app/libs/openid/requests/OpenIdDHAssociationSessionRequest.php b/app/libs/openid/requests/OpenIdDHAssociationSessionRequest.php
index 2511f6d2..594c8246 100644
--- a/app/libs/openid/requests/OpenIdDHAssociationSessionRequest.php
+++ b/app/libs/openid/requests/OpenIdDHAssociationSessionRequest.php
@@ -28,8 +28,8 @@ class OpenIdDHAssociationSessionRequest extends OpenIdAssociationSessionRequest
     public function __construct(OpenIdMessage $message)
     {
         parent::__construct($message);
-        $this->g_number = null;
-        $this->p_number = null;
+        $this->g_number   = null;
+        $this->p_number   = null;
         $this->rp_pub_key = null;
     }
 
@@ -57,11 +57,13 @@ class OpenIdDHAssociationSessionRequest extends OpenIdAssociationSessionRequest
     {
         $res = parent::isValid();
         if (!$res) return false;
-        $dh_modulus = $this->getDHModulus();
-        $dh_gen = $this->getDHGen();
+        $dh_modulus         = $this->getDHModulus();
+        $dh_gen             = $this->getDHGen();
         $dh_consumer_public = $this->getDHConsumerPublic();
         if (!empty($dh_modulus) && !empty($dh_gen) && !empty($dh_consumer_public))
             return true;
+        // not a positive natural number greater than 1 ...
+        if($dh_gen <= 1) return false;
         return true;
     }
 
diff --git a/app/start/global.php b/app/start/global.php
index 955821be..a284a148 100644
--- a/app/start/global.php
+++ b/app/start/global.php
@@ -39,7 +39,7 @@ ClassLoader::addDirectories(array(
 
 $logFile = 'log-' . php_sapi_name() . '.txt';
 
-Log::useDailyFiles(storage_path() . '/logs/' . $logFile,$days = 0, $level = 'debug');
+Log::useDailyFiles(storage_path() . '/logs/' . $logFile, $days = 0, $level = 'debug');
 
 //set email log
 $to          = Config::get('log.to_email');
@@ -48,7 +48,7 @@ $from        = Config::get('log.from_email');
 if(!empty($to) && !empty($from)){
     $subject     = 'openstackid error';
     $mono_log    = Log::getMonolog();
-    $handler = new NativeMailerHandler($to, $subject, $from,$level = Logger::WARNING);
+    $handler = new NativeMailerHandler($to, $subject, $from, $level = Logger::ERROR);
     $mono_log->pushHandler($handler);
 }