ruby-openid 2.1.4 → 2.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-openid might be problematic. Click here for more details.
- data/CHANGELOG +15 -8
- data/lib/openid.rb +1 -1
- data/lib/openid/consumer/idres.rb +4 -4
- data/test/test_idres.rb +16 -1
- metadata +2 -2
data/CHANGELOG
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
|
-
Fri
|
|
2
|
-
tagged 2.1.
|
|
1
|
+
Fri Apr 17 11:05:55 PDT 2009 cygnus@janrain.com
|
|
2
|
+
tagged 2.1.5
|
|
3
|
+
Ignore-this: 5f2efd8e91589c54cb0833b6379b9cfa
|
|
4
|
+
|
|
5
|
+
Fri Apr 17 11:05:49 PDT 2009 cygnus@janrain.com
|
|
6
|
+
* Up version to 2.1.5
|
|
7
|
+
Ignore-this: 9f500a47200c6e2edb54057ebe9b19a0
|
|
3
8
|
|
|
4
|
-
Fri
|
|
5
|
-
*
|
|
9
|
+
Fri Apr 17 11:03:31 PDT 2009 cygnus@janrain.com
|
|
10
|
+
* SECURITY FIX: Claimed identifier verification was inadvertently comparing values that would always return true (thanks to jbradley@mac.com)
|
|
11
|
+
Ignore-this: f69797d1383b08b6e58da70f183edb39
|
|
6
12
|
|
|
7
|
-
Fri
|
|
8
|
-
*
|
|
13
|
+
Fri Apr 17 11:01:45 PDT 2009 cygnus@janrain.com
|
|
14
|
+
* Remove redundant test code
|
|
15
|
+
Ignore-this: 78592d7f2d00ff25e4ab07a90df84477
|
|
9
16
|
|
|
10
|
-
|
|
11
|
-
tagged 2.1.
|
|
17
|
+
Fri Dec 19 11:50:10 PST 2008 cygnus@janrain.com
|
|
18
|
+
tagged 2.1.4
|
data/lib/openid.rb
CHANGED
|
@@ -469,14 +469,14 @@ module OpenID
|
|
|
469
469
|
# Fragments do not influence discovery, so we can't compare a
|
|
470
470
|
# claimed identifier with a fragment to discovered information.
|
|
471
471
|
defragged_claimed_id =
|
|
472
|
-
case Yadis::XRI.identifier_scheme(
|
|
472
|
+
case Yadis::XRI.identifier_scheme(to_match.claimed_id)
|
|
473
473
|
when :xri
|
|
474
|
-
|
|
474
|
+
to_match.claimed_id
|
|
475
475
|
when :uri
|
|
476
476
|
begin
|
|
477
|
-
parsed = URI.parse(
|
|
477
|
+
parsed = URI.parse(to_match.claimed_id)
|
|
478
478
|
rescue URI::InvalidURIError
|
|
479
|
-
|
|
479
|
+
to_match.claimed_id
|
|
480
480
|
else
|
|
481
481
|
parsed.fragment = nil
|
|
482
482
|
parsed.to_s
|
data/test/test_idres.rb
CHANGED
|
@@ -685,7 +685,6 @@ module OpenID
|
|
|
685
685
|
'identity' => 'sour grapes',
|
|
686
686
|
'claimed_id' => 'monkeysoft',
|
|
687
687
|
'op_endpoint' => 'Green Cheese'}) do |idres|
|
|
688
|
-
idres.extend(InstanceDefExtension)
|
|
689
688
|
idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
|
|
690
689
|
@endpoint = endpoint
|
|
691
690
|
end
|
|
@@ -694,6 +693,22 @@ module OpenID
|
|
|
694
693
|
assert(endpoint.equal?(result))
|
|
695
694
|
end
|
|
696
695
|
|
|
696
|
+
def test_verify_discovery_single_claimed_id_mismatch
|
|
697
|
+
idres = IdResHandler.new(nil, nil)
|
|
698
|
+
@endpoint.local_id = 'my identity'
|
|
699
|
+
@endpoint.claimed_id = 'http://i-am-sam/'
|
|
700
|
+
@endpoint.server_url = 'Phone Home'
|
|
701
|
+
@endpoint.type_uris = [OPENID_2_0_TYPE]
|
|
702
|
+
|
|
703
|
+
to_match = @endpoint.dup
|
|
704
|
+
to_match.claimed_id = 'http://something.else/'
|
|
705
|
+
|
|
706
|
+
e = assert_raises(ProtocolError) {
|
|
707
|
+
idres.send(:verify_discovery_single, @endpoint, to_match)
|
|
708
|
+
}
|
|
709
|
+
assert(e.to_s =~ /different subjects/)
|
|
710
|
+
end
|
|
711
|
+
|
|
697
712
|
def test_openid2_use_pre_discovered
|
|
698
713
|
@endpoint.local_id = 'my identity'
|
|
699
714
|
@endpoint.claimed_id = 'http://i-am-sam/'
|
metadata
CHANGED
|
@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
|
|
|
3
3
|
specification_version: 1
|
|
4
4
|
name: ruby-openid
|
|
5
5
|
version: !ruby/object:Gem::Version
|
|
6
|
-
version: 2.1.
|
|
7
|
-
date:
|
|
6
|
+
version: 2.1.5
|
|
7
|
+
date: 2009-04-17 00:00:00 -07:00
|
|
8
8
|
summary: A library for consuming and serving OpenID identities.
|
|
9
9
|
require_paths:
|
|
10
10
|
- lib
|