search

fritte02 / lightopenid

Automatically exported from code.google.com/p/lightopenid
0 stars 0 forks source link

Possible Erroneous YADIS Discovery #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi mewp, this is Alix from StackOverflow.

While working on the porting of your library to the phunction framework I've 
noticed several bugs, one of them was related to several calls in the form of:

`$content = preg_match('...', $content, $...);`

This one seems to be solved with the latest release, but I can still spot one 
that can produce non-optimal, erroneous YADIS discoveries. Imagine the 
following scenario:

1) Content-Type: application/xrds+xml is matched.
2) You find a server that uses the http://specs.openid.net/auth/2.0/ namespace, 
and grab the $server.
3) You'll still try to search (due to the lack of else if) for the 
http://openid.net/signon/1.1/ namespace (why not also 1.0?), and if you find 
it, you'll grab the $server again. If you don't it's still inefficient, since 
you already have a 2.0 URI.

I suggest you either drop the $ns variable altogether and use if ... else if 
directly, or switch the order of the conditions, that the most preferable URI 
(2.0) overrides the previously one found (1.1).

Original issue reported on code.google.com by alix.axel on 25 Jul 2010 at 10:51

GoogleCodeExporter commented 9 years ago 
If the OpenID 2.0 namespace is matched, there is no way that the library would 
still search for OpenID 1.1. It'll either return false[#221], or the server 
url[#233].

I don't know any provider which uses OpenID 1.0, and doesn't support newer 
versions, so I don't really see the point in supporting an outdated and unused 
version.

Also, I don't think you need to port the library -- that way you would lose the 
ability to (easily) update. It'd be better to just write a wrapper, or 
something.

  [#221]: http://gitorious.org/lightopenid/lightopenid/blobs/master/openid.php#line221 
  [#233]: http://gitorious.org/lightopenid/lightopenid/blobs/master/openid.php#line233

Original comment by mewp...@gmail.com on 26 Jul 2010 at 12:07

GoogleCodeExporter commented 9 years ago 
Oh yes - silly me, I overlooked the returns!

Original comment by alix.axel on 26 Jul 2010 at 12:11