urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Fix openid signin secret generation code. This fixes the bug that made 

all openid signins fail the first time, and then succeed the second
  time.
master
joey 2007-01-30 07:21:06 +00:00
parent 7945928cd1
commit 64ca9a921a
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
IkiWiki/Plugin/openid.pm
View File

@ -140,13 +140,14 @@ sub getobj ($$) { #{{{
# Store the secret in the session. # Store the secret in the session.
my $secret=$session->param("openid_secret"); my $secret=$session->param("openid_secret");
if (! defined $secret) { if (! defined $secret) {
$secret=$session->param(openid_secret => time); $secret=rand;
$session->param(openid_secret => $secret);
} }
return Net::OpenID::Consumer->new( return Net::OpenID::Consumer->new(
ua => $ua, ua => $ua,
args => $q, args => $q,
consumer_secret => $secret, consumer_secret => sub { return shift()+$secret },
required_root => $config{cgiurl}, required_root => $config{cgiurl},
); );
} #}}} } #}}}

5
debian/changelog vendored
View File

@ -19,8 +19,11 @@ ikiwiki (1.41) UNRELEASED; urgency=low
which links to the correct remote page, but is displayed nicely. which links to the correct remote page, but is displayed nicely.
* When building the doc wiki, build with LANG=C. * When building the doc wiki, build with LANG=C.
* More gettext fun. * More gettext fun.
* Fix openid signin secret generation code. This fixes the bug that made
all openid signins fail the first time, and then succeed the second
time.
-- Joey Hess <joeyh@debian.org> Sat, 27 Jan 2007 21:16:33 -0500 -- Joey Hess <joeyh@debian.org> Tue, 30 Jan 2007 02:15:33 -0500
ikiwiki (1.40) unstable; urgency=low ikiwiki (1.40) unstable; urgency=low

5
doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
View File

@ -25,7 +25,7 @@ ikiwiki or my OpenID servers. --Pawel
my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || ""); my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || "");
# complain if more than an hour since we sent them off # complain if more than an hour since we sent them off
return $self->_fail("time_expired") if $sig_time < $now - 3600; return $self->_fail("time_expired") if $sig_time < $now - 3600;
# also complain if the signature is from the future by more than 30 seconds, also complain if the signature is from the future by more than 30 seconds,
# which compensates for potential clock drift between nodes in a web farm. # which compensates for potential clock drift between nodes in a web farm.
return $self->_fail("time_in_future") if $sig_time - 30 > $now; return $self->_fail("time_in_future") if $sig_time - 30 > $now;
# and check that the time isn't faked # and check that the time isn't faked
@ -41,3 +41,6 @@ I've had this problem too, but with my track record of reporting OpenID bugs
I thought it best if I held my tongue. I usually experience this the first I thought it best if I held my tongue. I usually experience this the first
time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev, time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev,
betacantrips}, and I think re-logging in always works. --Ethan betacantrips}, and I think re-logging in always works. --Ethan
> Does seem easier to repro than I thought.
> Ok, fixed it.. [[bugs/done]] --[[Joey]]