Attachment 'patch-action-serveopenid-changing-endpoint.diff'

Download

   1 # HG changeset patch
   2 # User Paul Boddie <paul@boddie.org.uk>
   3 # Date 1299970091 -3600
   4 # Node ID 3931b6a8b535c151d17b8969fe8da64c6e88ecdd
   5 # Parent  45714fde847dbbd79fb2d0189da374cc320c9d9b
   6 Introduced the invalidation of associations where the endpoint to be returned in
   7 a response is different from the endpoint for the page being used to handle
   8 OpenID requests. This changing endpoint behaviour occurs when an "identifier
   9 select" request is handled by the front page of a Wiki, where an
  10 identity-specific endpoint is then returned, confusing relying parties which
  11 store their associations in endpoint-specific mappings (as is done by the
  12 python-openid library).
  13 
  14 diff -r 45714fde847d -r 3931b6a8b535 MoinMoin/action/serveopenid.py
  15 --- a/MoinMoin/action/serveopenid.py	Mon Mar 07 20:39:30 2011 +0100
  16 +++ b/MoinMoin/action/serveopenid.py	Sat Mar 12 23:48:11 2011 +0100
  17 @@ -16,7 +16,7 @@
  18  from openid import sreg
  19  from openid.cryptutil import randomString
  20  from openid.server import server
  21 -from openid.message import IDENTIFIER_SELECT
  22 +from openid.message import IDENTIFIER_SELECT, OPENID_NS
  23  from MoinMoin.widget import html
  24  from MoinMoin.web.request import MoinMoinFinish
  25  
  26 @@ -301,7 +301,24 @@
  27          #       sreg_resp = sreg.SRegResponse.extractResponse(openidreq, sreg_data)
  28          #       sreg_resp.addToOpenIDResponse(reply.fields)
  29  
  30 -        reply = openidreq.answer(True, identity=identity, server_url=server_url)
  31 +        request = self.request
  32 +
  33 +        # obtain the endpoint if not overridden by an identity endpoint
  34 +        page_url = request.getQualifiedURL(
  35 +                         request.page.url(request, querystr={'action': 'serveopenid'}))
  36 +        endpoint_changed = server_url != page_url
  37 +
  38 +        # prepare the response
  39 +        reply = openidreq.answer(True, identity=identity, server_url=server_url or page_url)
  40 +
  41 +        # if the endpoint has changed, perhaps reflecting an identity-specific
  42 +        # endpoint, remove any association handle in use, working around any
  43 +        # association-related issues in relying parties (such as python-openid)
  44 +        if openidreq.assoc_handle and endpoint_changed:
  45 +            store = MoinOpenIDStore(request)
  46 +            signatory = server.Signatory(store)
  47 +            reply.fields.setArg(OPENID_NS, "invalidate_handle", openidreq.assoc_handle)
  48 +            signatory.invalidate(openidreq.assoc_handle, dumb=False)
  49          return reply
  50  
  51      def user_trusts_url(self, trustroot):

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
  • [get | view] (2011-03-12 23:37:15, 2.4 KB) [[attachment:patch-action-serveopenid-changing-endpoint-1.8.diff]]
  • [get | view] (2011-03-12 23:36:53, 2.4 KB) [[attachment:patch-action-serveopenid-changing-endpoint.diff]]
 All files | Selected Files: delete move to page copy to page

You are not allowed to attach a file to this page.