jro_apps/redmine Commit - r3819:83e4cf3dd420

Prevent 500 error on login when there's a typo in OpenID URI scheme, such as http;// or http.//...

Jean-Baptiste Barth -

r3819:83e4cf3dd420

parent child

Context file:

r3819:83e4cf3dd420

test/functional/account_controller_test.rb +7 0

                  assert_redirected_to 'my/page'
                end
+               def test_login_with_invalid_openid_provider
+                 Setting.self_registration = '0'
+                 Setting.openid = '1'
+                 post :login, :openid_url => 'http;//openid.example.com/good_user'
+                 assert_redirected_to home_url
+               end
                def test_login_with_openid_for_existing_non_active_user
                  Setting.self_registration = '2'
                  Setting.openid = '1'

vendor/plugins/open_id_authentication/lib/open_id_authentication.rb +1 -1

                    begin
                      uri = URI.parse(identifier)
-                     uri.scheme = uri.scheme.downcase  # URI should do this
+                     uri.scheme = uri.scheme.downcase if uri.scheme # URI should do this
                      identifier = uri.normalize.to_s
                    rescue URI::InvalidURIError
                      raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages