[TYPO3-core] RFC #13977: Improve OpenID association handling

Dmitry Dulepov dmitry.dulepov at gmail.com
Fri Apr 2 17:45:03 CEST 2010 

Hi!

Steffen Kamper wrote:
> What is the second chunk?

We use a 3rd party library for doing authentication with OpenID servers.  We have certain changes to this library. If we decide to upgrade the library, we will need to incorporate our changes to a newer version. For that we have a patch with TYPO3–related stuff (typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch). The second chunk updates that patch with a new code inside the library:

Index: typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch
===================================================================
--- typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch	(revision 7119)
+++ typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch	(working copy)
@@ -41,3 +41,21 @@
          curl_exec($c);
  
          $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
+Index: typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php
+===================================================================
+--- typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php	(revision 7119)
++++ typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php	(working copy)
+@@ -957,7 +957,11 @@
+             }
+ 
+             if (!$assoc->checkMessageSignature($message)) {
+-                return new Auth_OpenID_FailureResponse(null,
++				// If we get a "bad signature" here, it means that the association
++				// is unrecoverabley corrupted in some way. Any futher attempts
++				// to login with this association is likely to fail. Drop it.
++				$this->store->removeAssociation($server_url, $assoc_handle);
++				return new Auth_OpenID_FailureResponse(null,
+                                                        "Bad signature");
+             }
+         } else {
+

Note that it is a single chunk, not two chunks!

> Could you convert spaces to tabs when commit?

Hmmm. Where are they? I checked the patch, the editor (mcedit) shows me tabs. I would definitely use tab instead of spaces but I can't find spaces :( Or do you mean that second chunk? If yes, it has to be like that or the php-openid-typo3.patch will be broken.

-- 
Dmitry Dulepov
TYPO3 expert / TYPO3 security team member
Read more @ http://dmitry-dulepov.com/

More information about the TYPO3-team-core mailing list