Changeset 4151 for TI12-security


Ignore:
Timestamp:
28/08/08 16:41:14 (11 years ago)
Author:
pjkersha
Message:

Fixed nasty bug in OpenIDProviderMiddleware._handleCheckIDRequest: update oidRequest EVERY time instead of only when the user is not logged in. This bug resulted in redirect backs to the wrong RP if the user was already logged in.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

    r4146 r4151  
    297297            oidResponse = self._identityApproved(oidRequest, identity) 
    298298            response = self._displayResponse(oidResponse) 
    299             log.debug("do_allow response = \n%s" % response) 
    300             return response 
    301299         
    302300        elif 'No' in self.query: 
     
    305303            # in Authkit.authenticate.open_id.process 
    306304            oidResponse = oidRequest.answer(False) 
    307             #return self._displayResponse(oidResponse) 
    308             response = self._renderer.renderMainPage(environ) 
    309  
     305            #response = self._displayResponse(oidResponse) 
     306            response = self._renderer.renderMainPage(environ)             
    310307        else: 
    311308            raise OpenIDProviderMiddlewareError('Expecting yes/no in allow ' 
    312309                                                'post.  %r' % self.query) 
    313310 
     311        return response 
    314312 
    315313    def do_serveryadis(self, environ, start_response): 
     
    485483         
    486484        log.debug("OpenIDProviderMiddleware._handleCheckIDRequest ...") 
    487  
     485         
     486        # Save request 
     487        self.session['lastCheckIDRequest'] = oidRequest 
     488        self.session.save() 
     489         
    488490        if self._identityIsAuthorized(oidRequest): 
    489491             
     
    508510         
    509511        else: 
    510             # User is not logged in - save request 
    511             self.session['lastCheckIDRequest'] = oidRequest 
    512             self.session.save() 
     512            # User is not logged in 
    513513             
    514514            # Call login and if successful then call decide page to confirm 
     
    554554                                                        webresponse.body 
    555555        else: 
    556             response = '' 
     556            response = webresponse.body 
    557557             
    558558        hdr += [('Content-type', 'text/html'+self.charset), 
    559559                ('Content-length', str(len(response)))] 
    560560             
    561         log.debug("webresponse.code = %d" % webresponse.code) 
    562561        self.start_response('%d %s' % (webresponse.code,  
    563562                                       httplib.responses[webresponse.code]),  
Note: See TracChangeset for help on using the changeset viewer.