Context Navigation

ndg-security-1.5.x

Timestamp:

29/06/10 13:39:34 (9 years ago)

Author:

pjkersha

Message:

task 10: OpenID Provider HTML/Javascript response incompatible with OpenID4Java

1.5.6 release fixes this issue by checking the response at the OpenID Provider before it's submitted and adding the Javascript only if a HTML form is contained.

Location:

TI12-security/branches/ndg-security-1.5.x

Files:

r6925	r7122
42	42	setup(
43	43	name = 'ndg_security',
44		version = '1.5.5',
	44	version = '1.5.6',
45	45	description = 'NERC DataGrid Security Utilities',
46	46	long_description = _longDescription,

r6925	r7122
44	44	setup(
45	45	name = 'ndg_security_client',
46		version = '1.5.5',
	46	version = '1.5.6',
47	47	description = 'NERC DataGrid Security Client side interface',
48	48	long_description = _longDescription,

r6925	r7122
69	69	setup(
70	70	name = 'ndg_security_common',
71		version = '1.5.5',
	71	version = '1.5.6',
72	72	description = 'NERC DataGrid Security package containing common '
73	73	'utilities used by both server and client '

-                      r7119
+                      r7122
     @type: defPaths: dict
+    @cvar FORM_MATCH_TEXT: if the response from the server starts with this
+    text (i.e. it's a HTML form), return the response wrapped in a Javascript/
+    HTML wrapper which selects from submit onload.  This avoids the button
+    appearing on screen and the user having to click on it.
+    @type FORM_MATCH_TEXT: string
     @cvar FORM_RESP_WRAPPER_TMPL: If the response to the Relying Party is too
     long it's rendered as form with the POST method instead of query arguments
 …
     @type FORM_RESP_WRAPPER_TMPL: basestring"""
+    FORM_MATCH_TEXT = '<form'
     FORM_RESP_WRAPPER_TMPL = """<html>
     <head>
 …
         # give consistent answers.  Testing based on body content should work
         # OK
+#        if webresponse.body:
+        if oidResponse.renderAsForm():
+        if webresponse.body.startswith(
+                                    OpenIDProviderMiddleware.FORM_MATCH_TEXT):
+#        if oidResponse.renderAsForm():
             # Wrap in HTML with Javascript OnLoad to submit the form
             # automatically without user intervention

r6925	r7122
64	64	setup(
65	65	name = 'ndg_security_server',
66		version = '1.5.5',
	66	version = '1.5.6',
67	67	description = 'Server side components for running NERC DataGrid '
68	68	'Security Services',

-                      r7121
+                      r7122
 S'https://localhost:7443/openid/philip.kershaw'
 p5
 sS'_accessed_time'
+sS'openid.ax'
 p6
+F1277811997.112184
+(dp7
+S'username'
+p8
+(tsS'city'
+p9
+(tsS'uuid'
+p10
+(tsS'firstname'
+p11
+(S'Philip'
+tp12
+sS'middlename'
+p13
+(tsS'country'
+p14
+(tsS'email'
+p15
+(S'pjk@somewhere.ac.uk'
+tp16
+sS'state'
+p17
+(tsS'lastname'
+p18
+(S'Kershaw'
+tp19
+sS'organization'
+p20
+(tsS'gateway'
+p21
+(tssS'sessionManagerURI'
+p22
+NsS'sessionId'
+p23
+NsS'_accessed_time'
+p24
+F1277815004.138315
 sS'_creation_time'
 p7
+p25
 F1277811962.9224689
 ss.

r6925	r7122
20	20	setup(
21	21	name = 'ndg_security_test',
22		version = '1.5.5',
	22	version = '1.5.6',
23	23	description = 'NERC DataGrid Security Unit tests',
24	24	long_description = 'Unit tests client - server side',

Note: See TracChangeset for help on using the changeset viewer.