1.0.1 OpenID cannot find URI in valid rds doc

Bug #526447 reported by AMcBain
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
play framework
Won't Fix
Undecided
Unassigned
1.0
Won't Fix
Undecided
Unassigned
1.1
Confirmed
Undecided
Unassigned

Bug Description

Attached is a sample OpenID xml/rds file returned by a django/python plugin used in another open source project. The plugin itself I believe can be found @ http://www.romke.net/django/openid_provider/

The attached file works with other OpenID consumers such as Stack Overflow. Jowever if an OpenID resulting in that file is given to a Play! application, Play! returns that authentication failed, without redirecting anywhere.

My somewhat educated guess is that since no LocalID element is provided, the OpenID implementation skips the step where the URI element is parsed. This is shown by the following snippet from OpenID.java:

// Ok we have the XRDS file
server = XPath.selectText("//Type[text()='http://specs.openid.net/auth/2.0/server']/following-sibling::URI/text()", xrds);
claimedId = XPath.selectText("//Type[text()='http://specs.openid.net/auth/2.0/signon']/following-sibling::LocalID/text()", xrds);
if (claimedId == null) {
    claimedId = "http://specs.openid.net/auth/2.0/identifier_select";
} else {
    server = XPath.selectText("//Type[text()='http://specs.openid.net/auth/2.0/signon']/following-sibling::URI/text()", xrds);
}

if (server == null) {
    return false;
}

Should the "server = " line not be inside an else block?

Revision history for this message
AMcBain (mcbain-asm) wrote :
Revision history for this message
AMcBain (mcbain-asm) wrote :

I attached a proposed fix. All it does is move the server assignment outside of an else block and down near the return false; if the server is null.

Changed in play:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.