Modify

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#1007 closed defect (fixed)

OpenID return_to generation broken when req.href() is empty

Reported by: cygnus@… Owned by: wkornewald
Priority: high Component: OpenidPlugin
Severity: major Keywords: openid return_to href
Cc: cygnus@…, ilias@… Trac Release: 0.10

Description

When req.href() is empty, the slice used to build the return_to and trust_root URLs for OpenID results in an empty return_to base URL, which causes OpenID to fail. The attached patch applies the slice only if len(req.href()) > 0.

Attachments (1)

patch (2.3 KB) - added by cygnus@… 10 years ago.
Patch to fix return_to and trust_root generation

Download all attachments as: .zip

Change History (10)

Changed 10 years ago by cygnus@…

Attachment: patch added

Patch to fix return_to and trust_root generation

comment:1 Changed 10 years ago by anonymous

Cc: cygnus@… added; anonymous removed

comment:2 Changed 10 years ago by wkornewald

Resolution: fixed
Status: newclosed

Thanks for the patch. I've applied it, now.

Would you be interested in taking this plugin over?

After having played with OpenID and thought about it again, I think it doesn't work the way I want (too much dependence on the provider). I prefer CardSpace because it can be used for critical authentication whereas I would never trust OpenID for accessing my bank account or even my emails, for example.

comment:3 Changed 10 years ago by lazaridis_com

Cc: ilias@… added; cygnus@… removed

comment:4 Changed 10 years ago by lazaridis_com

Cc: cygnus@… added

readded CC

comment:5 Changed 10 years ago by cygnus@…

Yeah, I'm interested in taking it over. (ilias@…: turns out I get CC'd as owner, but thanks for fixing the CC anyway.)

comment:6 Changed 10 years ago by wkornewald

Then, just register an account, tell me your username, and I'll contact Alec Thomas to give you svn access (or you can do it).

comment:7 Changed 10 years ago by cygnus

Thanks! I've sent him an email and await SVN access.

comment:8 Changed 10 years ago by lazaridis_com

you may want to take a look at this thread and this ticket: trac:#2456

comment:9 Changed 10 years ago by Alec Thomas

Okay I've provided write permissions to cygnus.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain wkornewald.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.