launchpad oopses when no sreg attributes are returned by openid OP
Bug #810623 reported by
Ricardo Kirkner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Ian Booth |
Bug Description
We're releasing a feature to allow end-users to decide which attributes to share with the consumer site (see bug #121533).
While testing this on staging, we found that if no attributes are being sent back to launchpad (because the user de-selected all of them), launchpad will OOPS.
According to the openid spec, any required attributes shall be specified in the required parameter, but we see that all attributes are marked as optional. Also, according to the spec, the RP should cope with the OP not sending back requested attributes.
Related branches
lp:~wallyworld/launchpad/openid-oops-810623
- Curtis Hovey (community): Approve (code)
-
Diff: 86 lines (+33/-6)2 files modifiedlib/lp/services/webapp/login.py (+20/-6)
lib/lp/services/webapp/tests/test_login.py (+13/-0)
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Ian Booth (wallyworld) |
tags: |
added: qa-untestable removed: qa-needstesting |
tags: | added: openid |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Although this is an OOPS, I'm marking this as Low as it would only be relevant if we were to support other OP than Canonical SSO. As bug 810626 shows, Canonical SSO will always return to us the required attributes.