Bugfix release v2010-12-08 of the OpenID component

Published on and tagged with cakephp  component  openid

There is a new bugfix release of the OpenID component available: https://github.com/cakebaker/openid-component/downloads.

This release fixes a bug in the isOpenIDResponse() method. So far this method only recognized OpenID responses from a GET request. But as I had to learn, there are OpenID providers (e.g. Hyves) responding with a POST request… So, if you use the isOpenIDResponse() method, please upgrade to the new version.

However, this bug not only affected the component itself but also the examples and the example application. They contained code that looked like:

if ($this->RequestHandler->isPost()) {
    // make OpenID request
} elseif ($this->Openid->isOpenIDResponse()) {
    // handle OpenID response
}

This snippet will fail if the response from an OpenID provider is a POST request. Instead it should look like:

if ($this->RequestHandler->isPost() && !$this->Openid->isOpenIDResponse()) {
    // make OpenID request
} elseif ($this->Openid->isOpenIDResponse()) {
    // handle OpenID response
}

Please fix this in your code if you followed the examples.

Thanks go to Sam Mousa for reporting this issue.

3 comments baked

  • David Thalmann
    if ($this->Openid->isOpenIDResponse()) {
        // handle OpenID response
    } elseif ($this->RequestHandler->isPost() ) {
        // make OpenID request
    }

    Switch it and it will be DRYer :) Or at least factor out the $this->Openid->isOpenIDResponse() … I know, this is silly :)

  • Tweets that mention Bugfix release v2010-12-08 of the OpenID component - cakebaker -- Topsy.com

    […] This post was mentioned on Twitter by Planet CakePHP, openid_retweeter and openid_retweeter, Individual IT. Individual IT said: RT @planetcakephp: #cakephp Bugfix release v2010-12-08 of the OpenID component http://bit.ly/hBrGRn […]

  • cakebaker

    @David: Thanks for your comment.

    I agree with you, your snippet is DRYer. I considered to write the code in this way at first, but somehow it doesn’t feel right to me to have the response handling before making a request. Maybe a better solution would be to split the code into two methods:

    public function login() {
        if ($this->RequestHandler->isPost()) {
            // make OpenID request
        }
    }
    
    public function callback() {
        if ($this->Openid->isOpenIDResponse()) {
            // handle OpenID response
        }
    }

© daniel hofstetter. Licensed under a Creative Commons License