ruby-openid 2.1.4 → 2.1.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-openid might be problematic. Click here for more details.
- data/CHANGELOG +15 -8
- data/lib/openid.rb +1 -1
- data/lib/openid/consumer/idres.rb +4 -4
- data/test/test_idres.rb +16 -1
- metadata +2 -2
data/CHANGELOG
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
|
-
Fri
|
|
2
|
-
tagged 2.1.
|
|
1
|
+
Fri Apr 17 11:05:55 PDT 2009 cygnus@janrain.com
|
|
2
|
+
tagged 2.1.5
|
|
3
|
+
Ignore-this: 5f2efd8e91589c54cb0833b6379b9cfa
|
|
4
|
+
|
|
5
|
+
Fri Apr 17 11:05:49 PDT 2009 cygnus@janrain.com
|
|
6
|
+
* Up version to 2.1.5
|
|
7
|
+
Ignore-this: 9f500a47200c6e2edb54057ebe9b19a0
|
|
3
8
|
|
|
4
|
-
Fri
|
|
5
|
-
*
|
|
9
|
+
Fri Apr 17 11:03:31 PDT 2009 cygnus@janrain.com
|
|
10
|
+
* SECURITY FIX: Claimed identifier verification was inadvertently comparing values that would always return true (thanks to jbradley@mac.com)
|
|
11
|
+
Ignore-this: f69797d1383b08b6e58da70f183edb39
|
|
6
12
|
|
|
7
|
-
Fri
|
|
8
|
-
*
|
|
13
|
+
Fri Apr 17 11:01:45 PDT 2009 cygnus@janrain.com
|
|
14
|
+
* Remove redundant test code
|
|
15
|
+
Ignore-this: 78592d7f2d00ff25e4ab07a90df84477
|
|
9
16
|
|
|
10
|
-
|
|
11
|
-
tagged 2.1.
|
|
17
|
+
Fri Dec 19 11:50:10 PST 2008 cygnus@janrain.com
|
|
18
|
+
tagged 2.1.4
|
data/lib/openid.rb
CHANGED
|
@@ -469,14 +469,14 @@ module OpenID
|
|
|
469
469
|
# Fragments do not influence discovery, so we can't compare a
|
|
470
470
|
# claimed identifier with a fragment to discovered information.
|
|
471
471
|
defragged_claimed_id =
|
|
472
|
-
case Yadis::XRI.identifier_scheme(
|
|
472
|
+
case Yadis::XRI.identifier_scheme(to_match.claimed_id)
|
|
473
473
|
when :xri
|
|
474
|
-
|
|
474
|
+
to_match.claimed_id
|
|
475
475
|
when :uri
|
|
476
476
|
begin
|
|
477
|
-
parsed = URI.parse(
|
|
477
|
+
parsed = URI.parse(to_match.claimed_id)
|
|
478
478
|
rescue URI::InvalidURIError
|
|
479
|
-
|
|
479
|
+
to_match.claimed_id
|
|
480
480
|
else
|
|
481
481
|
parsed.fragment = nil
|
|
482
482
|
parsed.to_s
|
data/test/test_idres.rb
CHANGED
|
@@ -685,7 +685,6 @@ module OpenID
|
|
|
685
685
|
'identity' => 'sour grapes',
|
|
686
686
|
'claimed_id' => 'monkeysoft',
|
|
687
687
|
'op_endpoint' => 'Green Cheese'}) do |idres|
|
|
688
|
-
idres.extend(InstanceDefExtension)
|
|
689
688
|
idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
|
|
690
689
|
@endpoint = endpoint
|
|
691
690
|
end
|
|
@@ -694,6 +693,22 @@ module OpenID
|
|
|
694
693
|
assert(endpoint.equal?(result))
|
|
695
694
|
end
|
|
696
695
|
|
|
696
|
+
def test_verify_discovery_single_claimed_id_mismatch
|
|
697
|
+
idres = IdResHandler.new(nil, nil)
|
|
698
|
+
@endpoint.local_id = 'my identity'
|
|
699
|
+
@endpoint.claimed_id = 'http://i-am-sam/'
|
|
700
|
+
@endpoint.server_url = 'Phone Home'
|
|
701
|
+
@endpoint.type_uris = [OPENID_2_0_TYPE]
|
|
702
|
+
|
|
703
|
+
to_match = @endpoint.dup
|
|
704
|
+
to_match.claimed_id = 'http://something.else/'
|
|
705
|
+
|
|
706
|
+
e = assert_raises(ProtocolError) {
|
|
707
|
+
idres.send(:verify_discovery_single, @endpoint, to_match)
|
|
708
|
+
}
|
|
709
|
+
assert(e.to_s =~ /different subjects/)
|
|
710
|
+
end
|
|
711
|
+
|
|
697
712
|
def test_openid2_use_pre_discovered
|
|
698
713
|
@endpoint.local_id = 'my identity'
|
|
699
714
|
@endpoint.claimed_id = 'http://i-am-sam/'
|
metadata
CHANGED
|
@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
|
|
|
3
3
|
specification_version: 1
|
|
4
4
|
name: ruby-openid
|
|
5
5
|
version: !ruby/object:Gem::Version
|
|
6
|
-
version: 2.1.
|
|
7
|
-
date:
|
|
6
|
+
version: 2.1.5
|
|
7
|
+
date: 2009-04-17 00:00:00 -07:00
|
|
8
8
|
summary: A library for consuming and serving OpenID identities.
|
|
9
9
|
require_paths:
|
|
10
10
|
- lib
|