My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 45: validate() returns FALSE on realms with wildcard
2 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


 
Reported by MKlepacz...@gmail.com, Jul 21, 2011
When using 'http://*.example.com' realm validate() always returns FALSE from validate() method. It's because of this line in validate():
if ($this->data['openid_return_to'] != $this->returnUrl)

$this->returnUrl is improperly constructed in __construct()
$this->returnUrl = $this->trustRoot . $uri;
(trustRoot may contain wildcard).
Jul 21, 2011
Project Member #1 mewp...@gmail.com
It isn't improper in my opinion. In such case, there's no way to properly guess returnUrl, so the user must do so himself.

Or do you have any idea how to do it properly?
Jul 21, 2011
#2 MKlepacz...@gmail.com
Maybe it would be better to check if realm contains wildcard and fallback to $_SERVER['HTTP_HOST'] if it does?

In my case the real issue is not '$this->returnUrl' but failed validation. I think it would be ok to check in validate() if returnUrl/realm contains wildcard and if it does check if returnUrl (stripped of wildcard) is suffix of $this->data['openid_return_to'].

Another solution would be to throw exception if realm contains wildcard and returnUrl is not set explicitly by user. In this case user of LightOpenID object would be at least aware that it's necessary to set returnUrl properly (I've spent hour tracking cause of failed validation ;))
Dec 2, 2011
#3 woody.gilk
Created a merge request to fix this issue: https://gitorious.org/lightopenid/lightopenid/merge_requests/13

Powered by Google Project Hosting