Description
A user reported that openid authentication failed when the user was asked to enter a username. The error was inconclusive, but looking at the code showed that the openidrp.py code tried to verify the openid twice, rather than just the first time.
After more analysis, it turned out that this is due to a bug in the POST vs. GET variable handling. The URL in question looks like this:
http://example.org/wiki?action=login&...&oidstage=1
and contains a POST form <form method="POST"><input type="hidden" name="oidstage" value="2">.... When this form is posted using mod_python, the value of request.form.get(oidstage, [None])[0] is "1" rather than "2".
Steps to reproduce
- install mod python-based moin wiki
- enable openid login
- try to create an account with an openid URL, go to the stage where it asks for the username, and click create account (or whatever the button is called)
- observe an openid error rather than "your account was created"
Example
N/A, the wiki in question uses mod_wsgi now.
Component selection
- request or mod_python
Details
MoinMoin Version |
1.7.1 |
OS and Version |
? |
Python Version |
? |
Server Setup |
apache/mod_python |
Server Details |
? |
Language you are using the wiki in (set in the browser/UserPreferences) |
? |
Workaround
use mod_wsgi
Discussion
Plan
- Priority:
- Assigned to:
- Status: