Ignore Associations For OpenID2 (Google's Security Bug Fix)

lib/openid/consumer/checkid_request.rb

@@ -121,7 +121,7 @@ def get_message(realm, return_to=nil, immediate=false)
           end
         end
 
-        if @assoc
+        if @assoc && (message.is_openid1 || !['checkid_setup', 'checkid_immediate'].include?(mode))
           message.set_arg(OPENID_NS, 'assoc_handle', @assoc.handle)
           assoc_log_msg = "with assocication #{@assoc.handle}"
         else

test/test_checkid_request.rb

@@ -93,14 +93,6 @@ def test_check_no_assoc_handle
           assert_openid_key_absent(msg, 'assoc_handle')
         end
 
-        def test_check_with_assoc_handle
-          msg = assert_log_matches("Generated checkid") {
-            @checkid_req.get_message(@realm, @return_to, immediate)
-          }
-
-          assert_openid_value_equal(msg, 'assoc_handle', @assoc.handle)
-        end
-
         def test_add_extension_arg
           @checkid_req.add_extension_arg('bag:', 'color', 'brown')
           @checkid_req.add_extension_arg('bag:', 'material', 'paper')
@@ -206,6 +198,13 @@ def test_op_identifier_sends_identifier_select
           assert_has_required_fields(msg)
           assert_has_identifiers(msg, IDENTIFIER_SELECT, IDENTIFIER_SELECT)
         end
+
+        def test_no_assoc_handle
+          msg = assert_log_matches("Generated checkid") {
+            @checkid_req.get_message(@realm, @return_to, immediate)
+          }
+          assert_openid_key_absent(msg, 'assoc_handle')
+        end
       end
 
       class TestCheckIDRequestOpenID1 < Test::Unit::TestCase