[TYPO3-core] State of TYPO3 OpenID

Dmitry Dulepov dmitry.dulepov at gmail.com
Wed Jul 10 16:41:19 CEST 2013


Christian Weiske wrote:
> This code checks if the sanitized OpenID identifier given by the user
> in the login form equals the OpenID in his database record. This means
> that it is not possible to login with an endpoint URL.

When the code was developed, it was a requirement that the openid url must 
match the url in the user record. This is why this check exists.

> And yes, I move the code up in the file - this has the effect that the
> checks are done later, after the OpenID login process happened.

The check you moved is the check that the login is in progress. If not, it 
returns. Basically you did an early return, thatš all. I do not see how 
this changes the functionality. May be, there is a hidden magic somewhere 
there? :) Or, may be, I should just try it in the debugger.

Dmitry Dulepov

More information about the TYPO3-team-core mailing list