summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/Plugin/openid.pm5
-rw-r--r--debian/changelog5
-rw-r--r--doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn7
3 files changed, 12 insertions, 5 deletions
diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm
index f43c4db7f..4a7255069 100644
--- a/IkiWiki/Plugin/openid.pm
+++ b/IkiWiki/Plugin/openid.pm
@@ -140,13 +140,14 @@ sub getobj ($$) { #{{{
# Store the secret in the session.
my $secret=$session->param("openid_secret");
if (! defined $secret) {
- $secret=$session->param(openid_secret => time);
+ $secret=rand;
+ $session->param(openid_secret => $secret);
}
return Net::OpenID::Consumer->new(
ua => $ua,
args => $q,
- consumer_secret => $secret,
+ consumer_secret => sub { return shift()+$secret },
required_root => $config{cgiurl},
);
} #}}}
diff --git a/debian/changelog b/debian/changelog
index f590d9e39..ddf209bdc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,8 +19,11 @@ ikiwiki (1.41) UNRELEASED; urgency=low
which links to the correct remote page, but is displayed nicely.
* When building the doc wiki, build with LANG=C.
* More gettext fun.
+ * Fix openid signin secret generation code. This fixes the bug that made
+ all openid signins fail the first time, and then succeed the second
+ time.
- -- Joey Hess <joeyh@debian.org> Sat, 27 Jan 2007 21:16:33 -0500
+ -- Joey Hess <joeyh@debian.org> Tue, 30 Jan 2007 02:15:33 -0500
ikiwiki (1.40) unstable; urgency=low
diff --git a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
index 8b011c22a..f65b572fc 100644
--- a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
+++ b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
@@ -25,7 +25,7 @@ ikiwiki or my OpenID servers. --Pawel
my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || "");
# complain if more than an hour since we sent them off
return $self->_fail("time_expired") if $sig_time < $now - 3600;
- # also complain if the signature is from the future by more than 30 seconds,
+ also complain if the signature is from the future by more than 30 seconds,
# which compensates for potential clock drift between nodes in a web farm.
return $self->_fail("time_in_future") if $sig_time - 30 > $now;
# and check that the time isn't faked
@@ -40,4 +40,7 @@ ikiwiki or my OpenID servers. --Pawel
I've had this problem too, but with my track record of reporting OpenID bugs
I thought it best if I held my tongue. I usually experience this the first
time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev,
-betacantrips}, and I think re-logging in always works. --Ethan \ No newline at end of file
+betacantrips}, and I think re-logging in always works. --Ethan
+
+> Does seem easier to repro than I thought.
+> Ok, fixed it.. [[bugs/done]] --[[Joey]]