diff options
| -rw-r--r-- | IkiWiki/Plugin/openid.pm | 5 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn | 7 |
3 files changed, 12 insertions, 5 deletions
diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm index f43c4db7f..4a7255069 100644 --- a/IkiWiki/Plugin/openid.pm +++ b/IkiWiki/Plugin/openid.pm @@ -140,13 +140,14 @@ sub getobj ($$) { #{{{ # Store the secret in the session. my $secret=$session->param("openid_secret"); if (! defined $secret) { - $secret=$session->param(openid_secret => time); + $secret=rand; + $session->param(openid_secret => $secret); } return Net::OpenID::Consumer->new( ua => $ua, args => $q, - consumer_secret => $secret, + consumer_secret => sub { return shift()+$secret }, required_root => $config{cgiurl}, ); } #}}} diff --git a/debian/changelog b/debian/changelog index f590d9e39..ddf209bdc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,8 +19,11 @@ ikiwiki (1.41) UNRELEASED; urgency=low which links to the correct remote page, but is displayed nicely. * When building the doc wiki, build with LANG=C. * More gettext fun. + * Fix openid signin secret generation code. This fixes the bug that made + all openid signins fail the first time, and then succeed the second + time. - -- Joey Hess <joeyh@debian.org> Sat, 27 Jan 2007 21:16:33 -0500 + -- Joey Hess <joeyh@debian.org> Tue, 30 Jan 2007 02:15:33 -0500 ikiwiki (1.40) unstable; urgency=low diff --git a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn index 8b011c22a..f65b572fc 100644 --- a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn +++ b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn @@ -25,7 +25,7 @@ ikiwiki or my OpenID servers. --Pawel my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || ""); # complain if more than an hour since we sent them off return $self->_fail("time_expired") if $sig_time < $now - 3600; - # also complain if the signature is from the future by more than 30 seconds, + also complain if the signature is from the future by more than 30 seconds, # which compensates for potential clock drift between nodes in a web farm. return $self->_fail("time_in_future") if $sig_time - 30 > $now; # and check that the time isn't faked @@ -40,4 +40,7 @@ ikiwiki or my OpenID servers. --Pawel I've had this problem too, but with my track record of reporting OpenID bugs I thought it best if I held my tongue. I usually experience this the first time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev, -betacantrips}, and I think re-logging in always works. --Ethan
\ No newline at end of file +betacantrips}, and I think re-logging in always works. --Ethan + +> Does seem easier to repro than I thought. +> Ok, fixed it.. [[bugs/done]] --[[Joey]] |