Join us at DrupalCon Singapore from 9-11 December 2024, for three exciting days of Drupal content, training, contributions, networking, and the inaugural DrupalCon Splash Awards! Be part of this landmark event as we celebrate and expand Drupal's impact across Asia.Please feel free to close as wontfix, since I'm fairly sure the bug is with trac-authopenid (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602527).
I'm documenting here in case anyone is looking for a work-around.
When using trac-authopenid in combination with Drupal OpenID Provider, you may get an error message like:
TypeError: query dict must have one value for each key, not lists of
values. Query is {'openid.op_endpoint':
u'http://openid.workingdirectory.net/openid/provider', 'openid.sig':
u'cn+nBssfiof37LuzU47H2/bGZTM=', 'openid.ns':
u'http://specs.openid.net/auth/2.0', 'janrain_nonce':
[u'2010-11-05T16:53:24xxxxxxxx', u'2010-11-05T16:53:24xxxxxxxx'],
'openid.return_to':
u'http://ict.ussf2010.org/openidprocess?janrain_nonce=2010-11-05T16%3A53%3...',
'openid.claimed_id':
u'http://openid.workingdirectory.net/user/1/identity', 'openid.mode':
u'id_res', 'openid.sreg.nickname': u'admin', 'openid.response_nonce':
u'2010-11-05T16:53:23ZGUTT', 'openid.signed':
u'op_endpoint,return_to,response_nonce,assoc_handle,identity,claimed_id',
'openid.identity':
u'http://openid.workingdirectory.net/user/1/identity',
'openid.assoc_handle': u'2010-11-05T16:06:22ZYPDX', 'openid.sreg.email':
u'jamie@mayfirst.org'}
The problem seems to be that trac-authopenid sends duplicate janrain_nonce keys.
I've attached a patch with a work-around, however, since it probably only affects trac-authopenid, it might just be cruft.
jamie
| Comment | File | Size | Author |
|---|---|---|---|
| trac.openidprovider.patch | 663 bytes | jmcclelland |
Comments
Comment #2
anarcat CreditAttribution: anarcat commentedPlease mark patchs needs review if you ... want them reviewed! :)
Comment #3
anarcat CreditAttribution: anarcat commentedYou know I think you have found something. This function is weird: on the one hand it signs specific elements of the response, but on the other hand, it also *adds* stuff to the response, based on what is provided in the return_to. ... Why? This is where the duplication occurs. the openid_provider shouldn't *send* duplicate keys either!
I'll try to figure something out here.
Comment #4
anarcat CreditAttribution: anarcat commentedAlright, I think I got it. This is only a problem if you add the return_to items to the $response and you do a 1.0-style HTTP redirection response, which we have fixed now in #831162: cannot login on stackoverflow or dotnetopenid sites. So my guess is this just works in 6.x beta5 and 7.x beta2. Please try again!
I have otherwise cleaned up the code so that the _sign() function doesn't fiddle with the response anymore. It seems that it doesn't need to sign the return_to items its adding (at least it breaks stackoverflow again when I do that).