Description

In Moin 1.9.2 (and at the time of reporting on 1.9 main branch), MoinMoin/userprefs/oidserv.py uses getPathinfo when building its form. This won't work with the updated HTTP request API in Moin 1.9.x.

Steps to reproduce

1. Enable OpenID.
2. Go to a user's setting page.

3. Select OpenID server.

4. In the Web server log, the following kind of error is shown:

     File ".../lib/python2.5/site-packages/MoinMoin/userprefs/oidserv.py", line 65, in _make_form
       pi = self.request.getPathinfo()
     File ".../lib/python2.5/site-packages/MoinMoin/web/contexts.py", line 224, in __getattr__
       return super(HTTPContext, self).__getattribute__(name)
   AttributeError: 'AllContext' object has no attribute 'getPathinfo'

Component selection

• MoinMoin/userprefs/oidserv.py

• MoinMoin/auth/cas.py also uses getPathinfo

Details

Workaround

Replace getPathinfo() with path, I suppose.

Discussion

Plan

• Priority:
• Assigned to:

• Status: hopefully fixed by http://hg.moinmo.in/moin/1.9/rev/f8e67522e80e - please test and provide feedback. We also need an active openid auth maintainer for moin, so if you use it...

  • I'm thinking about recommending its use for python.org, but it occurred to me that the authentication "stacking" would need to be nicer: currently you get a bunch of fields from different components if you have both normal and OpenID authentication enabled (not the provider stuff), and no help on which to fill out when logging in. You'd need the normal authentication (username and password) in order to let users set up their own OpenID presence (with the provider stuff). I guess a feature request and some patches might be needed, so I might look into this. Thanks for the fix, though! -- PaulBoddie 2010-05-06 19:52:05

    • did you test the fix?

      • This seems not to crash now, yes. Thanks! The "OpenID server" settings are a bit strange - an empty table cell and a "Cancel" button - but I imagine that it's supposed to be like that in the default state. I'll look into improving this, possibly. -- PaulBoddie 2010-05-08 15:13:04

      • I've discovered another bug in Moin 1.9 when associating OpenID identities with users: strictly a consumer (not a provider) problem but related to usage of the old request API. Here's a quick patch suggestion:

        --- a/MoinMoin/userprefs/oid.py Thu May 06 15:36:56 2010 +0200
        +++ b/MoinMoin/userprefs/oid.py Sat May 08 18:44:56 2010 +0200
        @@ -100,8 +100,8 @@
                 oidconsumer = consumer.Consumer(request.session,
                                                 MoinOpenIDStore(request))
                 query = {}
        -        for key in request.form:
        -            query[key] = request.form[key]
        +        for key in request.values:
        +            query[key] = request.values[key]
                 qstr = {'action': 'userprefs',
                         'handler': 'oid',
                         'oid.return': '1'}

        Since the return from a provider employs URL query parameters, not form data, it seems that request.form is inappropriate. -- PaulBoddie 2010-05-08 16:45:54

      • Thanks for the patch, committed by: http://hg.moinmo.in/moin/1.9/rev/f7f9d35f9d23

Note: also did similar fixes for auth.cas, we also need tests and an active maintainer for that.

CategoryMoinMoinBugFixed