search

Mrjndong / socialauth

Automatically exported from code.google.com/p/socialauth
0 stars 0 forks source link

Keep profile information in OpenIdImpl #178

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Authentificate using OpenID URL as provider.
2. Call AuthProvider#getUserProfile

What is the expected output? What do you see instead?
I expect to get the Profile constructed in OpenIdImpl#verifyResponse
I get the null instead.
Also, I can't reuse the `verifyResponse`:
  ERROR org.openid4java.consumer.InMemoryNonceVerifier - Possible replay attack! Already seen nonce: 2012-05-10T18:18:05Z5_lK3JI0M7RU8A
  ERROR org.openid4java.consumer.ConsumerManager - Nonce verification failed.

What version of the product are you using? On what operating system?
socialauth-2.2, openid4java-0.9.6

Please provide any additional information below.

Original issue reported on code.google.com by Artemciy on 10 May 2012 at 6:23

GoogleCodeExporter commented 8 years ago 
Workaround:

    final Profile p;
    if (request.getParameter("openid.mode") != null) {
      // Need different handling to obtain the Profile.
      // See http://code.google.com/p/socialauth/issues/detail?id=178
      final Field authProviderField = SocialAuthManager.class.getDeclaredField ("authProvider");
      authProviderField.setAccessible (true);
      final OpenIdImpl provider = (OpenIdImpl) authProviderField.get (manager);
      if (provider == null) throw new RuntimeException ("Internal error: provider not initialized");
      p = provider.verifyResponse (requestParameterMap);
    } else {
      final AuthProvider provider = manager.connect (requestParameterMap);
      p = provider.getUserProfile();
    }
    if (p == null) throw new RuntimeException ("No user profile");

Original comment by Artemciy on 10 May 2012 at 6:54

GoogleCodeExporter commented 8 years ago 
Improved workaround in Scala (checks if the authProvider is an OpenIdImpl):

    // OpenID needs different handling to obtain the Profile.
    // See http://code.google.com/p/socialauth/issues/detail?id=178
    lazy val authProvider: AuthProvider = {
      val authProviderField = classOf[SocialAuthManager] getDeclaredField "authProvider"
      authProviderField setAccessible true
      val provider = authProviderField.get (manager) .asInstanceOf[AuthProvider]
      if (provider == null) throw new RuntimeException ("Internal error: provider not initialized")
      provider
    }
    val profile: Profile = if (request.getParameter ("openid.mode") != null && authProvider.isInstanceOf[OpenIdImpl]) {
      authProvider.asInstanceOf[OpenIdImpl].verifyResponse (requestParameterMap)
    } else {
      val provider = manager.connect (requestParameterMap)
      provider.getUserProfile()
    }
    if (profile == null) throw new RuntimeException ("No user profile")

Original comment by Artemciy on 12 May 2012 at 7:14

GoogleCodeExporter commented 8 years ago 
Hi Artemicy,

Thanks for catching this bug, we have now stored the profile received in the 
provider object and returned the same object from getUserProfile().

The code has been checked in but since we do not release the updated jars for 
every bugfix, this will be incorporated in the upcoming release.

Thanks again !

Warm regards,
SocialAuth team

Original comment by l...@brickred.com on 14 May 2012 at 7:54

GoogleCodeExporter commented 8 years ago

Original comment by l...@brickred.com on 14 May 2012 at 8:07

GoogleCodeExporter commented 8 years ago 
This issue was closed by revision r589.

Original comment by tar...@brickred.com on 16 May 2012 at 12:28

GoogleCodeExporter commented 8 years ago 
Code has been checked-in in svn. It will be available in next release

Original comment by tar...@brickred.com on 16 May 2012 at 12:29