Defect #5297

openid not validated correctly

Added by Niklas ... over 10 years ago. Updated about 10 years ago.

Status:ClosedStart date:2010-04-12
Priority:LowDue date:
Assignee:Jean-Baptiste Barth% Done:

100%

Category:Accounts / authenticationEstimated time:0.50 hour
Target version:1.0.1
Resolution:Fixed Affected version:

Description

the user supplied a openid with a semicolon instead of the colon. instead of a validation / login error he got a 500. trace is:

NoMethodError (undefined method `downcase' for nil:NilClass):
  app/controllers/account_controller.rb:153:in `open_id_authenticate'
  app/controllers/account_controller.rb:33:in `login'
  passenger (2.2.4) lib/phusion_passenger/rack/request_handler.rb:91:in `process_request'
  passenger (2.2.4) lib/phusion_passenger/abstract_request_handler.rb:206:in `main_loop'
  passenger (2.2.4) lib/phusion_passenger/railz/application_spawner.rb:376:in `start_request_handler'
  passenger (2.2.4) lib/phusion_passenger/railz/application_spawner.rb:181:in `spawn_application!'
  passenger (2.2.4) lib/phusion_passenger/utils.rb:182:in `safe_fork'
  passenger (2.2.4) lib/phusion_passenger/railz/application_spawner.rb:153:in `spawn_application!'
  passenger (2.2.4) lib/phusion_passenger/spawn_manager.rb:271:in `spawn_rails_application'
  passenger (2.2.4) lib/phusion_passenger/abstract_server_collection.rb:80:in `synchronize'
  passenger (2.2.4) lib/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
  passenger (2.2.4) lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application'
  passenger (2.2.4) lib/phusion_passenger/spawn_manager.rb:153:in `spawn_application'
  passenger (2.2.4) lib/phusion_passenger/spawn_manager.rb:286:in `handle_spawn_application'
  passenger (2.2.4) lib/phusion_passenger/abstract_server.rb:351:in `__send__'
  passenger (2.2.4) lib/phusion_passenger/abstract_server.rb:351:in `main_loop'
  passenger (2.2.4) lib/phusion_passenger/abstract_server.rb:195:in `start_synchronously'

History

#1 Updated by Jean-Baptiste Barth about 10 years ago

  • Affected version (unused) changed from 0.9.1 to devel
  • Affected version deleted (0.9.1)

Reproduced on current trunk. Actually, it's a URI or ruby-openid defect. Maybe we could find a workaround to avoid 500 error in Redmine.

#2 Updated by Jean-Baptiste Barth about 10 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Baptiste Barth
  • Target version set to 1.0.1
  • % Done changed from 0 to 100
  • Resolution set to Fixed

Sorry, misread the trace on my laptop, the problem is inside our wrapper in vendor/plugins/open_id_authentication. Patch applied in r3933, but there may be other related bugs, don't hesitate to reopen if so.

#3 Updated by Eric Davis about 10 years ago

  • Status changed from Resolved to Closed

Merged to 1.0-stable for release in 1.0.1.

Also available in: Atom PDF