changeset 4885:97d38e725287

Force janrain_nonce at end of URL when asking for username input during the OpenID multiform sequence
author Rowan Kerr <rowan@stasis.org>
date Tue, 26 May 2009 15:03:53 -0400
parents 73f4fbb892b1
children fcb8c47be586
files MoinMoin/auth/__init__.py MoinMoin/auth/openidrp.py
diffstat 2 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py	Tue May 26 10:43:36 2009 -0400
+++ b/MoinMoin/auth/__init__.py	Tue May 26 15:03:53 2009 -0400
@@ -158,8 +158,10 @@
               'stage': auth_name}
     fields.update(extra_fields)
     if request.page:
+        logging.debug("request.page.url: " + request.page.url(request, querystr=fields))
         return request.page.url(request, querystr=fields)
     else:
+        logging.debug("request.abs_href: " + request.abs_href(**fields))
         return request.abs_href(**fields)
 
 class LoginReturn(object):
--- a/MoinMoin/auth/openidrp.py	Tue May 26 10:43:36 2009 -0400
+++ b/MoinMoin/auth/openidrp.py	Tue May 26 15:03:53 2009 -0400
@@ -18,7 +18,7 @@
 from MoinMoin.auth import CancelLogin, ContinueLogin
 from MoinMoin.auth import MultistageFormLogin, MultistageRedirectLogin
 from MoinMoin.auth import get_multistage_continuation_url
-
+from werkzeug.utils import url_encode
 
 class OpenIDAuth(BaseAuth):
     login_inputs = ['openid_identifier']
@@ -140,10 +140,14 @@
                                         MoinOpenIDStore(request))
         query = {}
         for key in request.values.keys():
-            #logging.debug(key + "=" + request.values.get(key))
             query[key] = request.values.get(key)
         current_url = get_multistage_continuation_url(request, self.name,
                                                       {'oidstage': '1'})
+                                                      # 'janrain_nonce': request.values.get('janrain_nonce')})
+        # Because the order of dict keys cannot be guaranteed, this last param must
+        # be appended in string form to make sure order of URL prams matches
+        # between current_url and the OpenID return_to value.
+        current_url += u'&' + url_encode({'janrain_nonce': request.values.get('janrain_nonce')})
         info = oidconsumer.complete(query, current_url)
         if info.status == consumer.FAILURE:
             logging.debug(_("OpenID error: %s.") % info.message)