Description

When attempting to log in to stackoverflow.com via OpenID, I get a 403 error with the text 'verification failed'.

I am able to log in to other sites, such as sourceforge.net.

Steps to reproduce

  1. visit http://meta.stackoverflow.com/users/login

  2. Enter https://robots.org.uk/ as the OpenID

    • you don't need to be logged into my wiki to try this

The bug appears to be in MoinMoin's handling of the #openiduser directive.

Component selection

Details

MoinMoin Version

1.9.2

OS and Version

Debian GNU/Linux 5.0

Python Version

2.5.2

Server Setup

fcgi

Server Details

Apache 2.2

Workaround

One of the following:

Discussion

Line 146 of _verify_endpoint_identity is returning False. I logged the parameters of the test performed on line 145, while logging into stackoverflow.com:

OpenIDGroup

HomePage

<<class 'MoinMoin.datastruct.backends.wiki_groups.WikiGroup'> name=OpenIDGroup members=set([u'sam']) member_groups=set([])>

and sourceforge.net:

OpenIDGroup

sam

<<class 'MoinMoin.datastruct.backends.wiki_groups.WikiGroup'> name=OpenIDGroup members=set([u'sam']) member_groups=set([])>

Note that when stackoverflow.com performs the request, received_name is not correct. It's the name of the page with the #openiduser directive, not the name of the user referenced in the directive!

If you're doing the "identifier select" using Moin as identity provider, you may come across a bug which I have reported and attempted to patch: see here for details. -- PaulBoddie 2011-03-26 18:55:14

Plan


CategoryMoinMoinBug

MoinMoin: MoinMoinBugs/OpenIDVerificationFailedForStackOverflow (last edited 2011-11-16 22:56:55 by PaulBoddie)