| Issue 45: | validate() returns FALSE on realms with wildcard | |
| 2 people starred this issue and may be notified of changes. | Back to list |
When using 'http://*.example.com' realm validate() always returns FALSE from validate() method. It's because of this line in validate(): if ($this->data['openid_return_to'] != $this->returnUrl) $this->returnUrl is improperly constructed in __construct() $this->returnUrl = $this->trustRoot . $uri; (trustRoot may contain wildcard).
Jul 21, 2011
Project Member
#1
mewp...@gmail.com
Jul 21, 2011
Maybe it would be better to check if realm contains wildcard and fallback to $_SERVER['HTTP_HOST'] if it does? In my case the real issue is not '$this->returnUrl' but failed validation. I think it would be ok to check in validate() if returnUrl/realm contains wildcard and if it does check if returnUrl (stripped of wildcard) is suffix of $this->data['openid_return_to']. Another solution would be to throw exception if realm contains wildcard and returnUrl is not set explicitly by user. In this case user of LightOpenID object would be at least aware that it's necessary to set returnUrl properly (I've spent hour tracking cause of failed validation ;))
Dec 2, 2011
Created a merge request to fix this issue: https://gitorious.org/lightopenid/lightopenid/merge_requests/13 |