Skip Menu |

This queue is for tickets about the Net-OpenID-Consumer CPAN distribution.

Report information
The Basics
Id: 63460
Status: resolved
Priority: 0/
Queue: Net-OpenID-Consumer
People
Owner: Nobody in particular
Requestors: kazumi.hayakawa [...] ntt.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in:
  • 1.11
  • 1.100099_001

History Show all quoted text
  Mon Nov 29 23:05:24 2010 kazumi.hayakawa [...] ntt.com - Ticket created
Subject: The parameters for a direct request to the OP in case of negative response from OP.
Hello authors I'm kazumi.Hayakawa ,a web engineer japan. I report the possibility of a bug in Consumer.pm. Below is in the specs of OpenID 2.0. 11.4.2.1. Request Parameters Exact copies of all fields from the authentication response, except for "openid.mode". But current Consumer.pm targets openid.signed field that OP sent. (see to 846 line from 815 line of Consumer.pm ver. 1.03.) Therefore openid.ns which is required item isn't sometimes included in a request in my case. Please see bellow. I can see that the library of java and php copies all fields. #### VerifyRequest.java (Ver. 0.9.5.593) #### private static ParameterList convertAuthSuccessParams(AuthSuccess authResp) { ParameterList params = new ParameterList(authResp.getParameterMap()); params.set(new Parameter("openid.mode", MODE_CHKAUTH)); return params; } ######################## #### Consumer.php (Ver. 2.2.2) #### function _createCheckAuthRequest($message) { $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if ($signed) { foreach (explode(',', $signed) as $k) { $value = $message->getAliasedArg($k); if ($value === null) { return null; } } } $ca_message = $message->copy(); $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', 'check_authentication'); return $ca_message; } ################### Please confirm and fix if this is problem. Distribution name Net-OpenID-Consumer-1.03 Perl version $ perl -v This is perl, v5.8.8 built for i386-linux-thread-multi Copyright 1987-2006, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. $ OS version $ uname -a Linux c0093i0.cus.y3c.agilit-hosting.com 2.6.18-128.el5PAE #1 SMP Wed Dec 17 12:02:33 EST 2008 i686 i686 i386 GNU/Linux $ Thank you.
  Tue Oct 25 21:22:00 2011 crew [...] cs.stanford.edu - Fixed in 1.100099_001 added
  Sun Nov 06 14:31:23 2011 crew [...] cs.stanford.edu - Fixed in 1.11 added
  Sun Nov 06 14:31:24 2011 crew [...] cs.stanford.edu - Fixed in 1.100099_001 deleted
  Sun Nov 06 14:31:37 2011 crew [...] cs.stanford.edu - Fixed in 1.100099_001 added
  Sat Nov 12 20:29:23 2011 crew [...] cs.stanford.edu - Correspondence added
I believe this is fixed in Net-OpenID-Consumer-1.11 If you want to try it out, please make sure you've also installed the latest Net-OpenID-Common. Feel free to re-open (or start a new ticket) if I'm mistaken about this. Thanks for the report and sorry this took so long to get to... - Roger Crew (new co-maintainer as of a few weeks ago)
  Sat Nov 12 20:29:24 2011 The RT System itself - Status changed from 'new' to 'open'
  Sat Nov 12 20:30:24 2011 crew [...] cs.stanford.edu - Status changed from 'open' to 'resolved'