From radix at twistedmatrix.com Sun Dec 2 14:26:00 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Sun, 2 Dec 2007 17:26:00 -0500 Subject: Asynchronous operation support for python-openid Message-ID: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> Hi all. I'd like to make it possible to use the Python OpenID asynchronously, specifically with the Twisted library. Unfortunately, doing this with the current public APIs is rather problematic, and would involve a lot of private method access and a lot of code duplication (see Kevin Turner's toid2[1] code for an example of this. Thanks for coming up with the prototype, Kevin, but I think we need something more maintainable :) I've basically come to the conclusion that the best way to do this, that would involve the least code duplication and no outside access of private methods, would be to refactor the existing library to give it the ability to deal with asynchronous I/O. I've come up with a basic strategy for doing this, but I want to make sure that it's acceptable by the maintainers of this library. It's possible to give a synchronous API to an asynchronous implementation, but not the other way around. So with that in mind, we must change the implementation to act asynchronous internally. An asynchronous interface could be added, and the existing synchronous interface can continue to work. With the help of SynchronousDeferred[2], which I wrote specifically to deal with this problem (today), it can work. To give an example of the kind of refactoring I'm proposing, I've included sample implementations of Consumer.begin and Consumer.beginAsynchronous below. I have applied a slightly different version of this change (no parameterized I/O, use maybeDeferred on getNextService) to prove the point that the synchronous API can continue working even with an asynchronous implementation. All of the tests continued to pass. I would like to get an idea of whether the maintainers think that this type of refactoring is acceptable before beginning. def begin(self, user_url, anonymous=False): """Docstring elided. """ # SynchronousIO wraps blocking web request # mechanisms in a SynchronousDeferred io = SynchronousIO() return self._begin(user_url, anonymous, io).synchronize() def beginAsynchronous(self, user_url, anonymous=False): """ Like L{begin}, but return a Deferred instead of a synchronous result. """ # AsynchronousIO uses asynchronous web request # mechanism like twisted.web.client.getPage or similar. io = AsynchrnousIO() return self._begin(user_url, anonymous, io) def _begin(self, user_url, anonymous, io): disco = Discovery(self.session, user_url, self.session_key_prefix) result = disco.getNextService(self._discover, io) def gotService(service): if service is None: raise DiscoveryFailure('No usable OpenID services found for %s' % (user_url,), None) return self.beginWithoutDiscovery(service, anonymous, io) def gotError(failure): failure.trap(fetchers.HTTPFetchingError) raise DiscoveryFailure('Error fetching XRDS document: %s' % (failure.value[0],), None) result.addCallback(gotService) result.addErrback(gotError) return result [1]: http://kevin.janrain.com/darcs/toid2/ [2]: Project: https://launchpad.net/synchronous-deferred code code: http://codebrowse.launchpad.net/~radix/synchronous-deferred/trunk/files -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From kevin at janrain.com Sun Dec 2 18:27:26 2007 From: kevin at janrain.com (Kevin Turner) Date: Sun, 02 Dec 2007 18:27:26 -0800 Subject: Asynchronous operation support for python-openid In-Reply-To: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> Message-ID: <1196648846.25964.48.camel@localhost> On Sun, 2007-12-02 at 17:26 -0500, Christopher Armstrong wrote: > I've basically come to the conclusion that the best way to do this, > that would involve the least code duplication and no outside access of > private methods, would be to refactor the existing library to give it > the ability to deal with asynchronous I/O. I've come up with a basic > strategy for doing this, but I want to make sure that it's acceptable > by the maintainers of this library. This is a pretty invasive change, so I'm hesitant, but 1) I do want asynchronous Python code to have OpenID support. 2) I don't want there to be a lot of duplicated code to support that case. Currently, an asynchronous implementation would be able to make use of many of python-openid's parsing and formatting functions, but there's a lot of logic that heedlessly calls blocking operations which would need to be duplicated and separately maintained. 3) This ("give a synchronous API to an asynchronous implementation") does seem to be the most maintainable approach to #2. We (current OpenID Enabled maintainers) don't have the resources to make that sort of refactoring a priority, but you can probably find a way to get it done. Once it's done, I think enough of us who work on python-openid are comfortable enough with the asynchronous approach that we could maintain it. Except, and this is a thing I only just realized, it would mess with our ability to maintain line-by-line ports to PHP and Ruby. Now, in practice, those aren't precisely line-by-line ports, but as long as we have a single team maintaining all three languages, it is in our interests to keep divergence to a minimum. Are there other costs here we need to weigh in? How would it affect third party openid.store implementations? What impact would SynchronousDeferred have on debugging? Does it make call stacks harder to follow? What changes to the test harness would be necessary, if any? I'll try to collect thoughts on this from a few more people who monkey with the python-openid code. (*pokes Martin, who uses python-openid and IIRC has expressed some interest in Twisted compatibility.*) From radix at twistedmatrix.com Sun Dec 2 19:30:19 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Sun, 2 Dec 2007 22:30:19 -0500 Subject: Asynchronous operation support for python-openid In-Reply-To: <1196648846.25964.48.camel@localhost> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <1196648846.25964.48.camel@localhost> Message-ID: <60ed19d40712021930j1a28e96dwb3bf72274ebc9d7a@mail.gmail.com> On Dec 2, 2007 9:27 PM, Kevin Turner wrote: > How would it affect third party openid.store implementations? I don't think it will affect any openid.store implementations. My current needs do not require an asynchronous openid.store, but I can see the utility in having them. In that case, I think it'll work largely like the HTTP fetching will work; you'll either be able to specify blocking stores which will automatically be wrapped in SynchronousDeferreds, or specify an asynchronous store which must return Deferreds, in which case you must use the asynchronous high-level APIs. Again, I don't really have a need for this, so I have no plans to change anything in this area, but even if it were done it wouldn't break any APIs. > What impact would SynchronousDeferred have on debugging? Does it make > call stacks harder to follow? I made very sure that call stacks will never be lost. Exceptions that get raised out of python-openid code should basically look the same as they do now. And you don't have to worry about hard-to-debug call stacks; SynchronousDeferred.addCallback always *immediately* calls the callback passed to it, so the biggest change to tracebacks is that there will be an occasional addCallback frame inserted between things. I don't think this is a hindrance. > What changes to the test harness would be necessary, if any? For the tests that test the blocking codepaths, none. I imagine that the non-blocking tests will want to use trial's TestCase, so that they can take advantage of its asynchronous testing support, but these should run optionally only if Twisted is available. > I'll try to collect thoughts on this from a few more people who monkey > with the python-openid code. (*pokes Martin, who uses python-openid and > IIRC has expressed some interest in Twisted compatibility.*) Thanks! -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From norman at rasmussen.co.za Mon Dec 3 02:05:30 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Mon, 3 Dec 2007 10:05:30 +0000 Subject: Asynchronous operation support for python-openid In-Reply-To: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> Message-ID: <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> On Dec 2, 2007 10:26 PM, Christopher Armstrong wrote: > Hi all. I'd like to make it possible to use the Python OpenID > asynchronously, specifically with the Twisted library. On Dec 3, 2007 2:27 AM, Kevin Turner wrote: > Except, and this is a thing I only just realized, it would mess with our > ability to maintain line-by-line ports to PHP and Ruby. Btw, (and I'm not sure how well this fits with Twisted), I've been looking into using co-routines [1] for asynchronous operations. What co-routines bring is the ability to keep existing linear code, and just by adding the yield for the blocking operations you gain the asynchronous nature of the call. Co-routines do need a trampoline to 'run' them and keep everything going. The one supplied in the PEP isn't great, and I had to tweak it a fair amount to get it do do what I wanted it to. I'm happy to supply what code I have so far, just let me know. [1] http://www.python.org/dev/peps/pep-0342/ -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071203/1ab154a5/attachment.htm From radix at twistedmatrix.com Mon Dec 3 06:31:31 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Mon, 3 Dec 2007 09:31:31 -0500 Subject: Asynchronous operation support for python-openid In-Reply-To: <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> Message-ID: <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> On Dec 3, 2007 5:05 AM, Norman Rasmussen wrote: > On Dec 3, 2007 2:27 AM, Kevin Turner < kevin at janrain.com> wrote: > > Except, and this is a thing I only just realized, it would mess with our > > ability to maintain line-by-line ports to PHP and Ruby. > > Btw, (and I'm not sure how well this fits with Twisted), I've been looking > into using co-routines [1] for asynchronous operations. > > What co-routines bring is the ability to keep existing linear code, and just > by adding the yield for the blocking operations you gain the asynchronous > nature of the call. > > Co-routines do need a trampoline to 'run' them and keep everything going. > The one supplied in the PEP isn't great, and I had to tweak it a fair amount > to get it do do what I wanted it to. I'm happy to supply what code I have > so far, just let me know. Twisted has a pretty decent implementation of this concept called inlineCallbacks. However, use of it requires Python 2.5 (the yield expression was only introduced then) and python-openid supports python 2.3 and up. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From wichert at wiggy.net Mon Dec 3 06:47:58 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Mon, 3 Dec 2007 15:47:58 +0100 Subject: Asynchronous operation support for python-openid In-Reply-To: <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> Message-ID: <20071203144758.GA6566@wiggy.net> Previously Christopher Armstrong wrote: > On Dec 3, 2007 5:05 AM, Norman Rasmussen wrote: > > On Dec 3, 2007 2:27 AM, Kevin Turner < kevin at janrain.com> wrote: > > > Except, and this is a thing I only just realized, it would mess with our > > > ability to maintain line-by-line ports to PHP and Ruby. > > > > Btw, (and I'm not sure how well this fits with Twisted), I've been looking > > into using co-routines [1] for asynchronous operations. > > > > What co-routines bring is the ability to keep existing linear code, and just > > by adding the yield for the blocking operations you gain the asynchronous > > nature of the call. > > > > Co-routines do need a trampoline to 'run' them and keep everything going. > > The one supplied in the PEP isn't great, and I had to tweak it a fair amount > > to get it do do what I wanted it to. I'm happy to supply what code I have > > so far, just let me know. > > Twisted has a pretty decent implementation of this concept called > inlineCallbacks. However, use of it requires Python 2.5 (the yield > expression was only introduced then) and python-openid supports python > 2.3 and up. I'm sure people won't consider this, but I'll say it anyway: support for older Python versions is paramount. Zope2 (and thus Plone) does not support python 2.5, so we can not use anything that requires it. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From norman at rasmussen.co.za Mon Dec 3 08:23:03 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Mon, 3 Dec 2007 16:23:03 +0000 Subject: Asynchronous operation support for python-openid In-Reply-To: <20071203144758.GA6566@wiggy.net> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> <20071203144758.GA6566@wiggy.net> Message-ID: <5b698f5a0712030823h123c5521u48d867da5ea08e9a@mail.gmail.com> On Dec 3, 2007 2:31 PM, Christopher Armstrong wrote: > Twisted has a pretty decent implementation of this concept called > inlineCallbacks. However, use of it requires Python 2.5 (the yield > expression was only introduced then) and python-openid supports python > 2.3 and up. > It does? Must be the same thing, but I didn't realise that it had made it into Twisted yet. Yea sorry, I forgot to say that co-routines required python 2.5. On Dec 3, 2007 2:47 PM, Wichert Akkerman wrote: > I'm sure people won't consider this, but I'll say it anyway: support for > older Python versions is paramount. Zope2 (and thus Plone) does not > support python 2.5, so we can not use anything that requires it. Sucks, they should upgrade. It has been out for long enough, and there are tons of awesome new features in 2.5. (but what can you do?) -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071203/eeba2a9c/attachment.htm From wichert at wiggy.net Mon Dec 3 08:36:24 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Mon, 3 Dec 2007 17:36:24 +0100 Subject: Asynchronous operation support for python-openid In-Reply-To: <5b698f5a0712030823h123c5521u48d867da5ea08e9a@mail.gmail.com> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> <20071203144758.GA6566@wiggy.net> <5b698f5a0712030823h123c5521u48d867da5ea08e9a@mail.gmail.com> Message-ID: <20071203163624.GA9971@wiggy.net> Previously Norman Rasmussen wrote: > On Dec 3, 2007 2:47 PM, Wichert Akkerman wrote: > > > I'm sure people won't consider this, but I'll say it anyway: support for > > older Python versions is paramount. Zope2 (and thus Plone) does not > > support python 2.5, so we can not use anything that requires it. > > > Sucks, they should upgrade. It has been out for long enough, and there are > tons of awesome new features in 2.5. (but what can you do?) Zope2 has some quite complex C modules that hook into the python interpreter to provide things like a restricted python environment (there is very cool stuff in Zope). For every python version that has to be ported and a receive a full security audit before it can be put into use. So far nobody has had the necessary combination of need, time and knowledge to do that. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From cygnus at janrain.com Mon Dec 3 11:52:54 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 3 Dec 2007 11:52:54 -0800 Subject: [OpenID] PHP Standalone server: profile password change missing? In-Reply-To: References: Message-ID: > One thing I just realized isn't in there is a way for users to change their > passwords!? Seems like a strange functionality to be missing ... but I'd > like to implement it anyways ... easy to do with PHP/forms and I see in the > source that there actually is a password update function? So how come the > item is a visible profile management option? (unless I've got it disabled > somehow) Hello, The short answer to that and other related questions is essentially, "The standalone server is intended as a proof of concept and isn't intended for production use." At any rate, I would gladly accept a patch to implement it. The API includes setPassword() so it can be overridden for other auth storage backend types where the password-setting operation has a different implementation. Good luck! -- Jonathan Daugherty From jan.aerts at bbsrc.ac.uk Tue Dec 4 01:40:30 2007 From: jan.aerts at bbsrc.ac.uk (Jan Aerts) Date: Tue, 04 Dec 2007 09:40:30 +0000 Subject: ruby-openid and proxy Message-ID: <1196761230.6342.7.camel@rilxvm05> All, Is there a way to set the company's proxy server in the ruby implementation 1.1 or 1.9? Thanks, jan. -- Dr Jan Aerts Bioinformatics Group Roslin Institute Roslin EH25 9PS Scotland, UK tel: +44 131 527 4198 ----...and the obligatory disclaimer---- Roslin Institute is a company limited by guarantee, registered in Scotland (registered number SC157100) and a Scottish Charity (registered number SC023592). Our registered office is at Roslin, Midlothian, EH25 9PS. VAT registration number 847380013. The information contained in this e-mail (including any attachments) is confidential and is intended for the use of the addressee only. The opinions expressed within this e-mail (including any attachments) are the opinions of the sender and do not necessarily constitute those of Roslin Institute (Edinburgh) ("the Institute") unless specifically stated by a sender who is duly authorised to do so on behalf of the Institute. From rubys at intertwingly.net Tue Dec 4 07:17:03 2007 From: rubys at intertwingly.net (Sam Ruby) Date: Tue, 4 Dec 2007 10:17:03 -0500 Subject: darcs patch: Correct the following error: Message-ID: <200712041517.lB4FH3Xu032596@rubypad> Tue Dec 4 10:08:41 EST 2007 Sam Ruby * Correct the following error: NameError: global name 'cleanupAssociations' is not defined -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 529 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071204/72e2b880/attachment-0001.bin From brian at janrain.com Tue Dec 4 10:26:43 2007 From: brian at janrain.com (Brian Ellin) Date: Tue, 4 Dec 2007 10:26:43 -0800 Subject: ruby-openid and proxy In-Reply-To: <1196761230.6342.7.camel@rilxvm05> References: <1196761230.6342.7.camel@rilxvm05> Message-ID: <9674d5350712041026m280d5f7bl4ad100d7850b85bb@mail.gmail.com> Jan, There isn't support for this out of the box. I'm sure it's possible to get proxy support by subclassing OpenID::StandardFetcher and adding your own implementation of get_http_obj that returns a Net::HTTP::Proxy object. http://openidenabled.com/files/ruby-openid/docs/1.1.4/classes/OpenID/StandardFetcher.html http://www.ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001143 You'd then pass your implementation of ProxyFetcher into the OpenID::Consumer constructor. It'd probably be best to copy the implementation of get_http_obj and modify it to use the Proxy class, so that you don't lose any of the HTTPS stuff in there. Hope that helps, Brian Ellin JanRain, Inc. On Dec 4, 2007 1:40 AM, Jan Aerts wrote: > All, > > Is there a way to set the company's proxy server in the ruby > implementation 1.1 or 1.9? > > Thanks, > jan. > -- > Dr Jan Aerts > Bioinformatics Group > Roslin Institute > Roslin EH25 9PS > Scotland, UK > tel: +44 131 527 4198 > > ----...and the obligatory disclaimer---- > Roslin Institute is a company limited by guarantee, registered in > Scotland (registered number SC157100) and a Scottish Charity (registered > number SC023592). Our registered office is at Roslin, Midlothian, EH25 > 9PS. VAT registration number 847380013. > > The information contained in this e-mail (including any attachments) is > confidential and is intended for the use of the addressee only. The > opinions expressed within this e-mail (including any attachments) are > the opinions of the sender and do not necessarily constitute those of > Roslin Institute (Edinburgh) ("the Institute") unless specifically > stated by a sender who is duly authorised to do so on behalf of the > Institute. > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > From jan.aerts at bbsrc.ac.uk Tue Dec 4 11:11:15 2007 From: jan.aerts at bbsrc.ac.uk (jan aerts (RI)) Date: Tue, 4 Dec 2007 19:11:15 -0000 Subject: ruby-openid and proxy References: <1196761230.6342.7.camel@rilxvm05> <9674d5350712041026m280d5f7bl4ad100d7850b85bb@mail.gmail.com> Message-ID: <1F16910BB8546C4DA5526FABB0C98D09AA9A35@ebre2ksrv1.ebrc.bbsrc.ac.uk> Thanks for the tip, Brian. I hope I can get that working. Quite unfamiliar with network protocols, I'm afraid. And added to that not much time available... If I can get it working, I'll post back to the list. jan. -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Brian Ellin Sent: Tue 04/12/2007 18:26 To: discuss OpenID libraries and development Subject: Re: ruby-openid and proxy Jan, There isn't support for this out of the box. I'm sure it's possible to get proxy support by subclassing OpenID::StandardFetcher and adding your own implementation of get_http_obj that returns a Net::HTTP::Proxy object. http://openidenabled.com/files/ruby-openid/docs/1.1.4/classes/OpenID/StandardFetcher.html http://www.ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001143 You'd then pass your implementation of ProxyFetcher into the OpenID::Consumer constructor. It'd probably be best to copy the implementation of get_http_obj and modify it to use the Proxy class, so that you don't lose any of the HTTPS stuff in there. Hope that helps, Brian Ellin JanRain, Inc. On Dec 4, 2007 1:40 AM, Jan Aerts wrote: > All, > > Is there a way to set the company's proxy server in the ruby > implementation 1.1 or 1.9? > > Thanks, > jan. > -- > Dr Jan Aerts > Bioinformatics Group > Roslin Institute > Roslin EH25 9PS > Scotland, UK > tel: +44 131 527 4198 > > ----...and the obligatory disclaimer---- > Roslin Institute is a company limited by guarantee, registered in > Scotland (registered number SC157100) and a Scottish Charity (registered > number SC023592). Our registered office is at Roslin, Midlothian, EH25 > 9PS. VAT registration number 847380013. > > The information contained in this e-mail (including any attachments) is > confidential and is intended for the use of the addressee only. The > opinions expressed within this e-mail (including any attachments) are > the opinions of the sender and do not necessarily constitute those of > Roslin Institute (Edinburgh) ("the Institute") unless specifically > stated by a sender who is duly authorised to do so on behalf of the > Institute. > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3854 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071204/b5c5949f/attachment.bin From jan.aerts at bbsrc.ac.uk Tue Dec 4 11:22:46 2007 From: jan.aerts at bbsrc.ac.uk (jan aerts (RI)) Date: Tue, 4 Dec 2007 19:22:46 -0000 Subject: ruby-openid and proxy References: <1196761230.6342.7.camel@rilxvm05> <9674d5350712041026m280d5f7bl4ad100d7850b85bb@mail.gmail.com> <1F16910BB8546C4DA5526FABB0C98D09AA9A35@ebre2ksrv1.ebrc.bbsrc.ac.uk> Message-ID: <1F16910BB8546C4DA5526FABB0C98D09AA9A37@ebre2ksrv1.ebrc.bbsrc.ac.uk> Am just looking at those two classes. I'm not at work at the moment, so can't check this, but wouldn't it just work if StandardFetcher#get_http_obj just took some more arguments? Based on the info at http://www.ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001133 . So changing: def get_http_obj(uri) http = Net::HTTP.new(uri.host, uri.port) ... into def get_http_obj(uri, proxy_server = nil, proxy_port = nil, proxy_user = nil, proxy_pass = nil) http = Net::HTTP.new(uri.host, uri.port, proxy_server, proxy_port, proxy_user, proxy_pass) ... ? I'll check if this hack works when I'm back at work tomorrow. jan. -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of jan aerts (RI) Sent: Tue 04/12/2007 19:11 To: discuss OpenID libraries and development Subject: RE: ruby-openid and proxy Thanks for the tip, Brian. I hope I can get that working. Quite unfamiliar with network protocols, I'm afraid. And added to that not much time available... If I can get it working, I'll post back to the list. jan. -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Brian Ellin Sent: Tue 04/12/2007 18:26 To: discuss OpenID libraries and development Subject: Re: ruby-openid and proxy Jan, There isn't support for this out of the box. I'm sure it's possible to get proxy support by subclassing OpenID::StandardFetcher and adding your own implementation of get_http_obj that returns a Net::HTTP::Proxy object. http://openidenabled.com/files/ruby-openid/docs/1.1.4/classes/OpenID/StandardFetcher.html http://www.ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001143 You'd then pass your implementation of ProxyFetcher into the OpenID::Consumer constructor. It'd probably be best to copy the implementation of get_http_obj and modify it to use the Proxy class, so that you don't lose any of the HTTPS stuff in there. Hope that helps, Brian Ellin JanRain, Inc. On Dec 4, 2007 1:40 AM, Jan Aerts wrote: > All, > > Is there a way to set the company's proxy server in the ruby > implementation 1.1 or 1.9? > > Thanks, > jan. > -- > Dr Jan Aerts > Bioinformatics Group > Roslin Institute > Roslin EH25 9PS > Scotland, UK > tel: +44 131 527 4198 > > ----...and the obligatory disclaimer---- > Roslin Institute is a company limited by guarantee, registered in > Scotland (registered number SC157100) and a Scottish Charity (registered > number SC023592). Our registered office is at Roslin, Midlothian, EH25 > 9PS. VAT registration number 847380013. > > The information contained in this e-mail (including any attachments) is > confidential and is intended for the use of the addressee only. The > opinions expressed within this e-mail (including any attachments) are > the opinions of the sender and do not necessarily constitute those of > Roslin Institute (Edinburgh) ("the Institute") unless specifically > stated by a sender who is duly authorised to do so on behalf of the > Institute. > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4278 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071204/6e20f9eb/attachment.bin From noel.whelan at gmail.com Tue Dec 4 22:55:56 2007 From: noel.whelan at gmail.com (Noel Whelan) Date: Wed, 5 Dec 2007 00:55:56 -0600 Subject: OpenID authentication failed: Server denied check_authentication Message-ID: <1eb3081c0712042255k2d020468n67003adbbbe8c2de@mail.gmail.com> If this is the wrong place to post this, please ignore or let me know where else I ought to be inquire..: In the consumer example included with the latest version of the openidenabled.com php library 2.0.0, I get the following error: OpenID authentication failed: Server denied check_authentication I've found this issue posted elsewhere, but with a few different variations: it's either being experienced with the python library instead of with php, or it's identified as a bug, or a problem with the openid provider itself in one case, etc., but I've not yet found a way to fix the problem. I'm trying to verify with a claimID.com openid. Info on local environment: IIS 5.1/PHP 5.2.5. I've tried this on Lunix, too, with identical outcome. Thank you for any input.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071205/f529439b/attachment.htm From cygnus at janrain.com Wed Dec 5 10:31:50 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 5 Dec 2007 10:31:50 -0800 Subject: OpenID authentication failed: Server denied check_authentication In-Reply-To: <1eb3081c0712042255k2d020468n67003adbbbe8c2de@mail.gmail.com> References: <1eb3081c0712042255k2d020468n67003adbbbe8c2de@mail.gmail.com> Message-ID: > OpenID authentication failed: Server denied check_authentication > > I've found this issue posted elsewhere, but with a few different variations: > it's either being experienced with the python library instead of with php, > or it's identified as a bug, or a problem with the openid provider itself in > one case, etc., but I've not yet found a way to fix the problem. > I'm trying to verify with a claimID.com openid. Info on local environment: > IIS 5.1/PHP 5.2.5. I've tried this on Lunix, too, with identical outcome. What kind of store are you using? Which release candidate of the library are you using? (rc5?) Have you tried to use identifiers that use other servers, e.g., myopenid.com? Part of the problem is that the error message you're seeing actually covers a wide range of conditions, many of which result in a failed check_auth attempt. The libraries need some refactoring and improvements to present a more specific error. -- Jonathan Daugherty From noel.whelan at gmail.com Wed Dec 5 14:42:44 2007 From: noel.whelan at gmail.com (Noel Whelan) Date: Wed, 5 Dec 2007 16:42:44 -0600 Subject: OpenID authentication failed: Server denied check_authentication In-Reply-To: References: <1eb3081c0712042255k2d020468n67003adbbbe8c2de@mail.gmail.com> Message-ID: <1eb3081c0712051442t4a2a6fa8p5884c87dfdf52e7e@mail.gmail.com> Info below: On Dec 5, 2007 12:31 PM, Jonathan Daugherty wrote: > > OpenID authentication failed: Server denied check_authentication > > > > I've found this issue posted elsewhere, but with a few different > variations: > > it's either being experienced with the python library instead of with > php, > > or it's identified as a bug, or a problem with the openid provider > itself in > > one case, etc., but I've not yet found a way to fix the problem. > > I'm trying to verify with a claimID.com openid. Info on local > environment: > > IIS 5.1/PHP 5.2.5. I've tried this on Lunix, too, with identical > outcome. > > What kind of store are you using? I was using a filestore, but for now I went back to trying to execute the example code that was provided with the library (which is a filestore, too). > Which release candidate of the library are you using? (rc5?) yea, it's 5. I ought to have indicated that. Have you tried to use identifiers that use other servers, e.g., myopenid.com > ? Initially, no. I was only using a claimid.com identifier, but when I try one I've got on wordpress instead, it works. Thanks!, I can look into that further then.. Part of the problem is that the error message you're seeing actually > covers a wide range of conditions, many of which result in a failed > check_auth attempt. The libraries need some refactoring and > improvements to present a more specific error. > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > - oeln -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071205/3418fe59/attachment.htm From kevin at janrain.com Thu Dec 6 14:31:27 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 06 Dec 2007 14:31:27 -0800 Subject: darcs patch: Correct the following error: In-Reply-To: <200712041517.lB4FH3Xu032596@rubypad> References: <200712041517.lB4FH3Xu032596@rubypad> Message-ID: <1196980287.13234.1.camel@localhost> Thank you, Sam. Patch applied. From kevin at janrain.com Thu Dec 6 14:39:57 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 06 Dec 2007 14:39:57 -0800 Subject: older Python versions (was: Asynchronous operation support for python-openid) In-Reply-To: <20071203144758.GA6566@wiggy.net> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <5b698f5a0712030205s167bc808g8821cf028753f442@mail.gmail.com> <60ed19d40712030631l29f71aai27df0a60cc9fef81@mail.gmail.com> <20071203144758.GA6566@wiggy.net> Message-ID: <1196980797.13234.8.camel@localhost> On Mon, 2007-12-03 at 15:47 +0100, Wichert Akkerman wrote: > support for older Python versions is paramount. It's getting to the point where I'm not sure how much longer Python 2.3 will be relevant, but we're definitely committed to supporting Python 2.4 for a while yet. (And the new features in Python 2.4 aren't terribly compelling, so we may as well support 2.3 while we're supporting 2.4.) From evan at prodromou.name Fri Dec 7 10:11:41 2007 From: evan at prodromou.name (Evan Prodromou) Date: Fri, 07 Dec 2007 13:11:41 -0500 Subject: problem installing in mediawiki In-Reply-To: References: <474C891A.9080404@civicactions.com> Message-ID: <1197051101.26112.43.camel@zhora.4690ruepontiac.net> On Tue, 2007-11-27 at 13:53 -0800, Jonathan Daugherty wrote: > > I'm trying to set up OpenID login for . I've > > followed instructions at > > http://www.mediawiki.org/wiki/Extension:OpenID > > and > > http://dev.inames.net/wiki/How_to_Setup_an_I-Name-Enabled_Mediawiki > > but I still get "Verification failed" and these warnings: > > > > Warning: parse_url() expects parameter 1 to be string, array given in > > /usr/share/php/Auth/OpenID/Consumer.php on line 809 > > This suggests that the first parameter to complete() is the query > data, not the return_to. The order of those parameters changed. The > first parameter is a string, the return_to URL for the RP. The query > *should* be omitted entirely unless you have an *extremely* good > reason to supply it manually. You'll have to update the extension's > complete()-calling code to fix this. Actually, I recommend using the 1.2.3 version of the libraries with the MW extension, until a new version comes out. Also, Jonathan: why did you introduce this meaningless incompatibility? It's a serious pain in my ass. -Evan -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2738 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071207/9715efa6/attachment.bin From cygnus at janrain.com Fri Dec 7 10:35:57 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Fri, 7 Dec 2007 10:35:57 -0800 Subject: problem installing in mediawiki In-Reply-To: <1197051101.26112.43.camel@zhora.4690ruepontiac.net> References: <474C891A.9080404@civicactions.com> <1197051101.26112.43.camel@zhora.4690ruepontiac.net> Message-ID: > Also, Jonathan: why did you introduce this meaningless incompatibility? > It's a serious pain in my ass. With regard to $query becoming second and optional, this was less an introduction of a meaningless incompatibility and more the improvement of an unnecessary and possibly error-prone behavior. $query should never, ever be passed into the library by anyone except the test code. But since I can't possibly anticipate the needs of every application, the parameter is provided in case it's absolutely necessary. For more details on why, see Auth_OpenID::getQuery(). With regard to $return_to being added, that's required to be compliant with the spec and since it is the only required parameter, it needs to come first. Sorry for the pain this caused. It's documented in the NEWS file along with the other minimal API changes. HTH, -- Jonathan Daugherty From dev-list-openidenabled at thequod.de Sat Dec 8 15:48:53 2007 From: dev-list-openidenabled at thequod.de (dev-list-openidenabled at thequod.de) Date: Sun, 9 Dec 2007 00:48:53 +0100 (CET) Subject: darcs patch: use-time-instead-of-(gm)mktime Message-ID: <20071208234853.43DBC1230D1@base.local> Sun Dec 9 00:40:37 CET 2007 dAniel hAhler * use-time-instead-of-(gm)mktime Use time() instead of (gm)mktime(), when used for getting the current time (called without arguments). According to "hunk ./Auth/OpenID/Nonce.php 99" gmmktime() for PHP4 is buggy and using mktime() makes no sense when called without args: just use time() then directly. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 1337 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071209/8efddd9f/attachment.bin From julian_bond at voidstar.com Sun Dec 9 01:09:11 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Sun, 9 Dec 2007 09:09:11 +0000 Subject: Facebook -> OpenID? Message-ID: With the latest changes in Facebook that let FB Apps be visible to not-logged in people, is there a possibility of producing an App that looks like an OpenID Provider? -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Super Value Size From cygnus at janrain.com Mon Dec 10 13:51:11 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 10 Dec 2007 13:51:11 -0800 Subject: [OpenID] PHP Standalone server: approving identifying oneself always? Trust_root? In-Reply-To: References: Message-ID: > I'm working on my own mods and setup based on the PHP standalone server .. > and one annoying thing I notice is that every time I log in from my consumer > site, I have to verify sharing profile information etc....and choose one of > the Allow Forever, Once, Deny. > Even after I've added the root domain to my trusted sites list. There's a check in render.php, "render_serve()", where the storage backend's isTrusted() method is called. I'd look to the storage implementation, i.e., the database, to see whether the behavior of the SELECT query is correct. Don't hesitate to send a patch to the development list (and possibly move this discussion there). http://lists.openidenabled.com/mailman/listinfo/dev HTH, -- Jonathan Daugherty From brian at janrain.com Mon Dec 10 16:40:39 2007 From: brian at janrain.com (Brian Ellin) Date: Mon, 10 Dec 2007 16:40:39 -0800 Subject: Facebook -> OpenID? In-Reply-To: References: Message-ID: <9674d5350712101640i58169e91ubc9647e6d1783b00@mail.gmail.com> Julian, That is possible. Though, you'd have to provide identity URLs under your app's namespace. For example: http://apps.facebook.com/iamanidpapp/julian hope that helps, Brian Ellin JanRain, Inc. On Dec 9, 2007 1:09 AM, Julian Bond wrote: > With the latest changes in Facebook that let FB Apps be visible to > not-logged in people, is there a possibility of producing an App that > looks like an OpenID Provider? > > -- > Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 > Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 > Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat > Super Value Size > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > From will at willnorris.com Mon Dec 10 19:37:33 2007 From: will at willnorris.com (Will Norris) Date: Mon, 10 Dec 2007 19:37:33 -0800 Subject: php5 dependency? Message-ID: Based on this support ticket[0], it sounds like the JanRain PHP library added a dependency on PHP5 in one of the recent updates. Was this intentional? [0]: http://wordpress.org/support/topic/146956 From kevin at janrain.com Mon Dec 10 20:09:50 2007 From: kevin at janrain.com (Kevin Turner) Date: Mon, 10 Dec 2007 20:09:50 -0800 Subject: php5 dependency? In-Reply-To: References: Message-ID: <1197346190.13234.117.camel@localhost> On Mon, 2007-12-10 at 19:37 -0800, Will Norris wrote: > Based on this support ticket[0], it sounds like the JanRain PHP > library added a dependency on PHP5 in one of the recent updates. Was > this intentional? > > [0]: http://wordpress.org/support/topic/146956 Certainly not. We test[1] on versions 4.3 - 5.2, there does seem to be some test coverage for code (certainly, I hope, enough to catch a parse error!) and I don't see any recent changes to the file in question. Most curious. 1: http://openidenabled.com:8011/ From bill at funnymonkey.com Mon Dec 10 20:40:48 2007 From: bill at funnymonkey.com (Bill Fitzgerald) Date: Mon, 10 Dec 2007 20:40:48 -0800 Subject: php5 dependency? In-Reply-To: References: Message-ID: <475E14D0.5090006@funnymonkey.com> While it appears that the OpenID PHP libraries do not have a requirement for php5, would it be a bad thing if they did? The consensus within the PHP community (or at least as voiced by Rasmus Lerdorf) is that continued support for PHP4 has slowed development/adoption of PHP5. You can see this in a conversation between Rasmus Lerdorf and Dries Buytaert -- the conversation starts at around minute 29, and continues through about minute 34 -- the video is available here: http://drupal.org/node/131691 Toward that end, a requirement for PHP5 within the libraries (particularly if that would allow for a cleaner codebase) would be a Good Thing (tm). Cheers, Bill Will Norris wrote: > Based on this support ticket[0], it sounds like the JanRain PHP > library added a dependency on PHP5 in one of the recent updates. Was > this intentional? > > [0]: http://wordpress.org/support/topic/146956 > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > -- Bill Fitzgerald http://www.funnymonkey.com Tools for Teachers 503.897.7160 From cygnus at janrain.com Mon Dec 10 23:37:02 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 10 Dec 2007 23:37:02 -0800 Subject: php5 dependency? In-Reply-To: <475E14D0.5090006@funnymonkey.com> References: <475E14D0.5090006@funnymonkey.com> Message-ID: > While it appears that the OpenID PHP libraries do not have a requirement > for php5, would it be a bad thing if they did? [As Kevin pointed out, we did not introduce any such requirement with the latest release. (And if we had, we would have made a lot of noise about it.)] Hi Bill, This question has certainly been raised before. In my view this is really a chicken-or-egg problem, since this is a question of whether library authors like ourselves ought to be agents of change by supporting only the latest major language version. I don't think that really matters. Right now, and for some time to come, we need to support PHP 4. Sure, we can recommend that people use PHP 5, but that's not necessarily even up to the people integrating the library with other applications. I would like to see the library moved to 5. At times, writing code to work on both major versions can be a nightmare, possibly downright embarrassing. Moving to a PHP5-only codebase is going to take a *lot* of time and effort if the codebase is to take full advantage of what PHP 5 has to offer over 4. I know that Josh (josh at janrain.com) has said on at least one occasion that we will be happy to consider taking that step, but it doesn't make any sense to do that until there is pretty solid evidence to suggest that 4 is going away. I still think it's worth drawing a distinction between what the PHP language maintainers support and what is _actually deployed everywhere_. (Like the guys in the video, I'm thinking of hosting providers that lag behind; what they run will be driven by the application requirements.) My position is that until most OpenID-supporting applications move to PHP 5 exclusively, we can't afford to. With that said, if anyone has the skill and the interest to maintain a PHP5-only version of the openidenabled.com PHP library, we want to work with you! We (JanRain) don't have the resources to start on that right now, but if someone wants to get started, that would be great. Any such fork needs to have support for the same PHP environments (I'm referring to math, fetcher, and database support here) as well as equal or greater test coverage. HTH, -- Jonathan Daugherty From julian_bond at voidstar.com Tue Dec 11 04:10:50 2007 From: julian_bond at voidstar.com (Julian Bond) Date: Tue, 11 Dec 2007 12:10:50 +0000 Subject: Facebook -> OpenID? In-Reply-To: <9674d5350712101640i58169e91ubc9647e6d1783b00@mail.gmail.com> References: <9674d5350712101640i58169e91ubc9647e6d1783b00@mail.gmail.com> Message-ID: Brian Ellin Mon, 10 Dec 2007 16:40:39 >Julian, > >That is possible. Though, you'd have to provide identity URLs under >your app's namespace. For example: > >http://apps.facebook.com/iamanidpapp/julian Pageing Simon Willison. It seems to me this would be a GOOD THING but unfortunately my PHP skillz are not mad enough to do it myself. -- Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173 Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433 Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat Never Exceed Vehicle Capacity Load From will at willnorris.com Tue Dec 11 18:05:55 2007 From: will at willnorris.com (Will Norris) Date: Tue, 11 Dec 2007 18:05:55 -0800 Subject: php5 dependency? In-Reply-To: References: <475E14D0.5090006@funnymonkey.com> Message-ID: <0D0CE0D8-00D0-4892-9436-5381F62D52E9@willnorris.com> for what it's worth, a php5 dependency would influence me greatly. My primary use of the plugin is a wordpress plugin[0] to enable openid commenting, and Wordpress has no intention of moving[1] to PHP5. Moving the library to PHP5 would just mean that I would stop at a particular version, or my plugin would only be usable for a subset of wordpress users. Not to let one project direct the library, just to let you know how it's being used in the wild. -will [0]: http://wordpress.org/extend/plugins/openid/ [1]: http://trac.wordpress.org/ticket/4591 On Dec 10, 2007, at 11:37 PM, Jonathan Daugherty wrote: >> While it appears that the OpenID PHP libraries do not have a >> requirement >> for php5, would it be a bad thing if they did? > > [As Kevin pointed out, we did not introduce any such requirement with > the latest release. (And if we had, we would have made a lot of noise > about it.)] > > Hi Bill, > > This question has certainly been raised before. In my view this is > really a chicken-or-egg problem, since this is a question of whether > library authors like ourselves ought to be agents of change by > supporting only the latest major language version. > > I don't think that really matters. Right now, and for some time to > come, we need to support PHP 4. Sure, we can recommend that people > use PHP 5, but that's not necessarily even up to the people > integrating the library with other applications. > > I would like to see the library moved to 5. At times, writing code to > work on both major versions can be a nightmare, possibly downright > embarrassing. Moving to a PHP5-only codebase is going to take a *lot* > of time and effort if the codebase is to take full advantage of what > PHP 5 has to offer over 4. I know that Josh (josh at janrain.com) has > said on at least one occasion that we will be happy to consider taking > that step, but it doesn't make any sense to do that until there is > pretty solid evidence to suggest that 4 is going away. I still think > it's worth drawing a distinction between what the PHP language > maintainers support and what is _actually deployed everywhere_. (Like > the guys in the video, I'm thinking of hosting providers that lag > behind; what they run will be driven by the application requirements.) > > My position is that until most OpenID-supporting applications move to > PHP 5 exclusively, we can't afford to. > > With that said, if anyone has the skill and the interest to maintain a > PHP5-only version of the openidenabled.com PHP library, we want to > work with you! We (JanRain) don't have the resources to start on that > right now, but if someone wants to get started, that would be great. > Any such fork needs to have support for the same PHP environments (I'm > referring to math, fetcher, and database support here) as well as > equal or greater test coverage. > > HTH, > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev From kevin at janrain.com Tue Dec 11 18:08:57 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 11 Dec 2007 18:08:57 -0800 Subject: Asynchronous operation support for python-openid In-Reply-To: <1196648846.25964.48.camel@localhost> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <1196648846.25964.48.camel@localhost> Message-ID: <1197425337.13234.217.camel@localhost> On Sun, 2007-12-02 at 18:27 -0800, Kevin Turner wrote: > I'll try to collect thoughts on this from a few more people who monkey > with the python-openid code. So, to follow up on the list for the benefit of the record: We're not really opposed to this proposal. That makes this kind of a crappy message for me to write. But one of the things we already struggle with is this idea that our implementations are too big or too complicated. We argue that the current code is all for good reason, but Converting things to use Deferreds adds enough complexity that it needs a good reason. Sadly, when we conferred, the reason "because Chris wants to" (or even "Chris and Kevin want to") was found lacking. Amongst the lot of us we couldn't name a single handful of sites that might take advantage of this. In summary, Twisted, we don't want to get close to you right now for fear of what the more popular kids will think if they see us together. Come back when you get some more friends. Love, - Kevin Turner, on behalf of OpenID Enabled.com. (who really hopes that he comes back to find a flurry of responses saying "hey, we'd use that!") -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From kevin at janrain.com Tue Dec 11 18:15:07 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 11 Dec 2007 18:15:07 -0800 Subject: upgrading ruby gems Message-ID: <1197425707.13234.219.camel@localhost> Hello, The software! A release! http://openidenabled.com/ruby-openid/ Two Dot Oh! Unfortunately the API is not 100% compatible with the 1.x code. We apologize for the inconvenience; an upgrade guide is available in the file 'UPGRADE' in the distribution and linked from the website. But we're afraid that if I upload a new gem to rubyforge, all your users will "gem upgrade", and the gem installer will heedlessly install the new version with the new major number, rational versioning[1] policies be damned. And then you will all be left with broken applications. We do not want this. So, given this, how does anyone ever ship new versions of software with gems? Should I expecting everyone to be using require_gem with version constraints when they require the code? Thanks, - Kevin 1: http://rubygems.org/read/chapter/7 -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From pleonidas at gmail.com Wed Dec 12 01:28:17 2007 From: pleonidas at gmail.com (Leonidas) Date: Wed, 12 Dec 2007 11:28:17 +0200 Subject: OpenID server PIP and Rails Message-ID: <7b0a7bc60712120128k5497f544p6cb45772bca092c4@mail.gmail.com> Hello, I want to run an openID server. The most complete server that I have found seems to be the one that http://pip.verisignlabs.com/ uses, Personal Identity Provider, but I'm not familiar with Rails and also I found out that Heraldry Project is an abandoned project. Is anyone using it ? Is the available version complete? What other alternative open source scripts to you suggest for an openID server ? thanks in advance -- Leonidas Papadopoulos msn: pleonidas at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071212/c4e2ebc5/attachment.htm From matt at eastmedia.com Wed Dec 12 07:12:32 2007 From: matt at eastmedia.com (Matt Pelletier) Date: Wed, 12 Dec 2007 10:12:32 -0500 Subject: OpenID server PIP and Rails In-Reply-To: <7b0a7bc60712120128k5497f544p6cb45772bca092c4@mail.gmail.com> References: <7b0a7bc60712120128k5497f544p6cb45772bca092c4@mail.gmail.com> Message-ID: The source was moved to heraldry.rubyforge.org. I am on the project and would be happy to give you commits if you are interested in working on it. Matt On Dec 12, 2007, at 4:28 AM, Leonidas wrote: > Hello, > > I want to run an openID server. The most complete server that I have > found seems to be the one that http://pip.verisignlabs.com/ uses, > Personal Identity Provider, > but I'm not familiar with Rails and also I found out that Heraldry > Project is an abandoned project. > Is anyone using it ? Is the available version complete? > What other alternative open source scripts to you suggest for an > openID server ? > > thanks in advance > > -- > Leonidas Papadopoulos > msn: pleonidas at gmail.com > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071212/b39424a1/attachment.html From jason.young at extension.org Wed Dec 12 08:17:38 2007 From: jason.young at extension.org (Jason Young) Date: Wed, 12 Dec 2007 11:17:38 -0500 Subject: upgrading ruby gems In-Reply-To: <1197425707.13234.219.camel@localhost> References: <1197425707.13234.219.camel@localhost> Message-ID: <8FEE2766-65FE-4809-AE8C-51C5B8D5279F@extension.org> On Dec 11, 2007, at 9:15 PM, Kevin Turner wrote: > Hello, > > The software! A release! http://openidenabled.com/ruby-openid/ Two > Dot > Oh! > > Unfortunately the API is not 100% compatible with the 1.x code. We > apologize for the inconvenience; an upgrade guide is available in the > file 'UPGRADE' in the distribution and linked from the website. > > But we're afraid that if I upload a new gem to rubyforge, all your > users > will "gem upgrade", and the gem installer will heedlessly install the > new version with the new major number, rational versioning[1] policies > be damned. And then you will all be left with broken applications. > We > do not want this. > > > So, given this, how does anyone ever ship new versions of software > with > gems? Should I expecting everyone to be using require_gem with > version > constraints when they require the code? My own personal opinion is "tough" There are other gem authors that keep more than one version of the gems out there (rails goes back to 0.6.0) While I know that this has no practical bearing in The Real World(tm) - people that are going to do a blind gem upgrade, break their application, and blame it on you, deserve to break(*) At some point, some kind of personal responsibility has to take over for developers and system admins to understand the libraries and plugins they depend on. You can upgrade individual libraries with gem. If they do upgrade, they can uninstall, reinstall the older version. Been there, done that. I won't offer to show the scars ;-) Jay (* and of course I do this all the time myself, which gives me perfect legitimacy to point out the folly in others that will ;-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jason Young -- Systems Manager, eXtension http://about.extension.org/wiki/Jason_Young ______________________________________ From cygnus at janrain.com Wed Dec 12 14:08:27 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 12 Dec 2007 14:08:27 -0800 Subject: darcs patch: use-time-instead-of-(gm)mktime In-Reply-To: <20071208234853.43DBC1230D1@base.local> References: <20071208234853.43DBC1230D1@base.local> Message-ID: > Sun Dec 9 00:40:37 CET 2007 dAniel hAhler > * use-time-instead-of-(gm)mktime This patch is a no-op, but it's accepted at any rate. The tests passed. Thanks, dAniel. -- Jonathan Daugherty From kevin at janrain.com Wed Dec 12 19:39:27 2007 From: kevin at janrain.com (Kevin Turner) Date: Wed, 12 Dec 2007 19:39:27 -0800 Subject: php5 dependency? In-Reply-To: <0D0CE0D8-00D0-4892-9436-5381F62D52E9@willnorris.com> References: <475E14D0.5090006@funnymonkey.com> <0D0CE0D8-00D0-4892-9436-5381F62D52E9@willnorris.com> Message-ID: <1197517167.13234.294.camel@localhost> On Tue, 2007-12-11 at 18:05 -0800, Will Norris wrote: > Not to let one project direct the library, just to > let you know how it's being used in the wild. This is good information for us. One of the things about letting anyone download your software is that it's hard to get a good picture of how many of those people actually end up using it, what they use it for, what sorts of environments it's used in, etc. So the more of this information we have, the better we can make decisions about what requirements to depend on and how to shape the interfaces. -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From radix at twistedmatrix.com Wed Dec 12 20:56:47 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Wed, 12 Dec 2007 23:56:47 -0500 Subject: Asynchronous operation support for python-openid In-Reply-To: <1197425337.13234.217.camel@localhost> References: <60ed19d40712021426g174b20aau9346aa0af3a3ee77@mail.gmail.com> <1196648846.25964.48.camel@localhost> <1197425337.13234.217.camel@localhost> Message-ID: <60ed19d40712122056x76e785aav2848edd48268a6ab@mail.gmail.com> On Dec 11, 2007 9:08 PM, Kevin Turner wrote: > In summary, Twisted, we don't want to get close to you right now for > fear of what the more popular kids will think if they see us together. > Come back when you get some more friends. > > Love, > > - Kevin Turner, on behalf of OpenID Enabled.com. > > (who really hopes that he comes back to find a flurry of responses > saying "hey, we'd use that!") Thanks for the straight-up response, Kevin. I think now I'll pursue a Twisted Cred checker that spawns stuff off in a thread with deferToThread. I'll be sure to post to this list when I have something to show. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From kevin at janrain.com Fri Dec 14 17:07:19 2007 From: kevin at janrain.com (Kevin Turner) Date: Fri, 14 Dec 2007 17:07:19 -0800 Subject: ANN: python-openid 2.1.1, ruby-openid 2.0.1 Message-ID: <1197680839.13234.347.camel@localhost> I've uploaded new packages for the Python and Ruby OpenID libraries at openidenabled.com. Nothing terribly exciting; a fix for filestore cleanup in python, examples/discover in Ruby, and a few other cosmetic patches there wasn't any point in sitting on for longer. Thanks to Sam Ruby, Jan Aerts, and James Henstridge for their contributions. -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From radix at twistedmatrix.com Sat Dec 15 19:55:48 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Sat, 15 Dec 2007 22:55:48 -0500 Subject: Unit testing code that uses python-openid Message-ID: <60ed19d40712151955l46e90a28w8f5963169464161c@mail.gmail.com> Hi. Is there a fake Consumer or something that I can use in unit tests for my code which uses python-openid? I'd rather not write my own Consumer fake, since it might lead to unnoticed incompatibilities. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From radix at twistedmatrix.com Mon Dec 17 07:06:01 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Mon, 17 Dec 2007 10:06:01 -0500 Subject: consumer docstring wording Message-ID: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> I couldn't figure out how to use "darcs send" in five minutes (and I doubt it would work because my ISP blocks port 25), so here's an attached patch with some obvious grammatical fixes to the docstring of consumer.py. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: consumer-documentation-wording.patch Type: text/x-patch Size: 1539 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071217/f6cdcb42/attachment.bin From josh at janrain.com Mon Dec 17 12:00:09 2007 From: josh at janrain.com (Josh Hoyt) Date: Mon, 17 Dec 2007 12:00:09 -0800 Subject: consumer docstring wording In-Reply-To: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> References: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> Message-ID: <34714aad0712171200y5958bb54jd5468acdd3e69599@mail.gmail.com> On Dec 17, 2007 7:06 AM, Christopher Armstrong wrote: > I couldn't figure out how to use "darcs send" in five minutes (and I > doubt it would work because my ISP blocks port 25), so here's an > attached patch with some obvious grammatical fixes to the docstring of > consumer.py. Thanks a lot for the doc patch! You can darcs send with the --output flag to generate a darcs patch file that you can then attach, just like a normal patch, except we can import it into our repository. e.g.: darcs send --output=consumer-documentation-wording.darcs Josh From radix at twistedmatrix.com Mon Dec 17 12:17:24 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Mon, 17 Dec 2007 15:17:24 -0500 Subject: consumer docstring wording In-Reply-To: <34714aad0712171200y5958bb54jd5468acdd3e69599@mail.gmail.com> References: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> <34714aad0712171200y5958bb54jd5468acdd3e69599@mail.gmail.com> Message-ID: <60ed19d40712171217x58615954qafe54e425d31ee3b@mail.gmail.com> On Dec 17, 2007 3:00 PM, Josh Hoyt wrote: > You can darcs send with the --output flag to generate a darcs patch > file that you can then attach, just like a normal patch, except we can > import it into our repository. e.g.: > > darcs send --output=consumer-documentation-wording.darcs Yeah, I had already tried that, and it doesn't work. radix at haruko ~/Projects/OpenID/2.x.x% darcs send --output=consumer-documentation-wording.darcs Creating patch to "http://openidenabled.com/files/python-openid/repos/2.x.x"... No recorded local changes to send! I don't understand what that message means, given that "darcs diff" does show the changes. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From kevin at janrain.com Mon Dec 17 12:41:22 2007 From: kevin at janrain.com (Kevin Turner) Date: Mon, 17 Dec 2007 12:41:22 -0800 Subject: consumer docstring wording In-Reply-To: <60ed19d40712171217x58615954qafe54e425d31ee3b@mail.gmail.com> References: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> <34714aad0712171200y5958bb54jd5468acdd3e69599@mail.gmail.com> <60ed19d40712171217x58615954qafe54e425d31ee3b@mail.gmail.com> Message-ID: <1197924082.13234.418.camel@localhost> On Mon, 2007-12-17 at 15:17 -0500, Christopher Armstrong wrote: > radix at haruko ~/Projects/OpenID/2.x.x% darcs send > --output=consumer-documentation-wording.darcs > Creating patch to "http://openidenabled.com/files/python-openid/repos/2.x.x"... > No recorded local changes to send! > > I don't understand what that message means, given that "darcs diff" > does show the changes. Key word there is "recorded." I suspect "darcs diff" includes unrecorded changes. From norman at rasmussen.co.za Mon Dec 17 12:51:46 2007 From: norman at rasmussen.co.za (Norman Rasmussen) Date: Mon, 17 Dec 2007 22:51:46 +0200 Subject: consumer docstring wording In-Reply-To: <1197924082.13234.418.camel@localhost> References: <60ed19d40712170706v3aba6cbcrc0265d6191b0f7b4@mail.gmail.com> <34714aad0712171200y5958bb54jd5468acdd3e69599@mail.gmail.com> <60ed19d40712171217x58615954qafe54e425d31ee3b@mail.gmail.com> <1197924082.13234.418.camel@localhost> Message-ID: <5b698f5a0712171251k392b1979o65c70ef748d25278@mail.gmail.com> aka, do a: `darcs record`, before `darcs send` On Dec 17, 2007 10:41 PM, Kevin Turner wrote: > On Mon, 2007-12-17 at 15:17 -0500, Christopher Armstrong wrote: > > radix at haruko ~/Projects/OpenID/2.x.x% darcs send > > --output=consumer-documentation-wording.darcs > > Creating patch to "http://openidenabled.com/files/python-openid/repos/2.x.x"... > > No recorded local changes to send! > > > > I don't understand what that message means, given that "darcs diff" > > does show the changes. > > Key word there is "recorded." I suspect "darcs diff" includes > unrecorded changes. > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -- - Norman Rasmussen - Email: norman at rasmussen.co.za - Home page: http://norman.rasmussen.co.za/ From dev-list-openidenabled at thequod.de Mon Dec 17 13:12:19 2007 From: dev-list-openidenabled at thequod.de (dAniel hAhler) Date: Mon, 17 Dec 2007 22:12:19 +0100 Subject: php5 dependency? In-Reply-To: References: Message-ID: On Dec 11, 2007 4:37 AM, Will Norris wrote: > Based on this support ticket[0], it sounds like the JanRain PHP > library added a dependency on PHP5 in one of the recent updates. Was > this intentional? > > [0]: http://wordpress.org/support/topic/146956 I've diffed the source between the download version of the plugin and the php-openid darcs repository: the particular line causing the problem is different: - function discover($uri, &$fetcher = null, + function discover($uri, &$fetcher, Using a default value for an argument which is passed by reference ("&$fetcher") is not valid in PHP4. So this does not appear to be a bug in the library, but in your modified version. Hope this helps, dAniel. -- http://daniel.hahler.de/ From clive at skure.com Tue Dec 18 15:49:47 2007 From: clive at skure.com (Clive Flatau) Date: Tue, 18 Dec 2007 23:49:47 -0000 Subject: Running 2.x.x examples Message-ID: <013c01c841d0$adde5010$140ba8c0@Skure1> I have installed the consumer and the server. I am able to get redirected from the consumer to the login page of the server. I get logged in but not redirected back to the consumer. DoAuth seems to fail when comparing the sent url against generated url. What is the form of the url that should be entered in the consumer form for these examples? Any other information about pre-requisites to make the examples run would be appreciated. Many thanks Clive Flatau -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openidenabled.com/pipermail/dev/attachments/20071218/eacf8c47/attachment.htm From kevin at janrain.com Tue Dec 18 20:29:46 2007 From: kevin at janrain.com (Kevin Turner) Date: Tue, 18 Dec 2007 20:29:46 -0800 Subject: Running 2.x.x examples In-Reply-To: <013c01c841d0$adde5010$140ba8c0@Skure1> References: <013c01c841d0$adde5010$140ba8c0@Skure1> Message-ID: <1198038586.13234.446.camel@localhost> On Tue, 2007-12-18 at 23:49 +0000, Clive Flatau wrote: > I have installed the consumer and the server. I am able to get > redirected from the consumer to the login page of the server. I get > logged in but not redirected back to the consumer. DoAuth seems to > fail when comparing the sent url against generated url. > > What is the form of the url that should be entered in the consumer > form for these examples? Any other information about pre-requisites to > make the examples run would be appreciated. I would think that if you did not enter the URL in the proper form, you would not get directed to the server, so I do not suspect that is the problem. Can you give us any more logs, error messages, or examples for the DoAuth failure? -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From clive at skure.com Wed Dec 19 02:29:52 2007 From: clive at skure.com (Clive Flatau) Date: Wed, 19 Dec 2007 10:29:52 -0000 Subject: Running 2.x.x examples In-Reply-To: <1198038586.13234.446.camel@localhost> Message-ID: <002f01c8422a$18cb5ea0$140ba8c0@Skure1> In more detail, my setup is as below. I'm doing this as a proof of concept stage at the moment. Consumer - running on localhost:8500 Server - running on localhost but resolved to id.skure.com by my hosts file. The apache virtualhost config is: ServerAdmin webmaster at id.skure.com DocumentRoot c:/projects/skure/openid/webroot/examples/server ServerName id.skure.com I have created a URL page in a folder, named idpage, under the server directory with the link tag: . I thought I needed this for the initial discovery stage. At the consumer I enter id.skure.com/idpage?user=demo. I am redirected to the server login page where I enter 'demo' as the username. DoAuth fails/exits at this line seemingly failing on the second part of the AND. i.e. the request URL is seemingly different from the expected URL. if ((!$info->idSelect()) && ($req_url != idURL($user))) { return login_render(array(), $req_url, $req_url); } When debugging at this point $req_url=http://id.skure.com/idpage/?user=demo and idURL($user)=http://id.skure.com/server.php/idpage?user=demo (although this is done via epxressions in returns so I am reconstructing a little). Hopefully this is some misunderstanding on my part of how to get the url page setup properly. > On Tue, 2007-12-18 at 23:49 +0000, Clive Flatau wrote: > > I have installed the consumer and the server. I am able to get > > redirected from the consumer to the login page of the server. I get > > logged in but not redirected back to the consumer. DoAuth seems to > > fail when comparing the sent url against generated url. > > > > What is the form of the url that should be entered in the consumer > > form for these examples? Any other information about > pre-requisites to > > make the examples run would be appreciated. > > I would think that if you did not enter the URL in the proper > form, you would not get directed to the server, so I do not > suspect that is the problem. Can you give us any more logs, > error messages, or examples for the DoAuth failure? > > > -- > keturn on https://pibb.com/go/openid and irc.freenode.net#openid > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > From clive at skure.com Wed Dec 19 05:06:43 2007 From: clive at skure.com (Clive Flatau) Date: Wed, 19 Dec 2007 13:06:43 -0000 Subject: Running 2.x.x examples In-Reply-To: <002f01c8422a$18cb5ea0$140ba8c0@Skure1> Message-ID: <007701c84240$01e3b6e0$140ba8c0@Skure1> I now have this working. Few things: - should have entered the URI in the consumer in the form http://id.skure.com/server.php/idpage?user=demo - the url page from idpage folder was not necessary this was a hangover in thinking from 1.x.x examples - also needed to turn off displayed PHP warnings/notices which were corrupting the xrds response that was being returned > In more detail, my setup is as below. I'm doing this as a > proof of concept stage at the moment. > > Consumer - running on localhost:8500 > Server - running on localhost but resolved to id.skure.com by > my hosts file. The apache virtualhost config is: > ServerAdmin webmaster at id.skure.com > DocumentRoot c:/projects/skure/openid/webroot/examples/server > ServerName id.skure.com > > > I have created a URL page in a folder, named idpage, under > the server directory with the link tag: rel="openid.server" href="http://id.skure.com/server.php" />. > I thought I needed this for the initial discovery stage. > > At the consumer I enter id.skure.com/idpage?user=demo. I am > redirected to the server login page where I enter 'demo' as > the username. > > DoAuth fails/exits at this line seemingly failing on the > second part of the AND. i.e. the request URL is seemingly > different from the expected URL. > > if ((!$info->idSelect()) && ($req_url != idURL($user))) { > return login_render(array(), $req_url, $req_url); > } > > When debugging at this point > $req_url=http://id.skure.com/idpage/?user=demo > and > idURL($user)=http://id.skure.com/server.php/idpage?user=demo > (although this is done via epxressions in returns so I am > reconstructing a little). > > Hopefully this is some misunderstanding on my part of how to > get the url page setup properly. > > > > > On Tue, 2007-12-18 at 23:49 +0000, Clive Flatau wrote: > > > I have installed the consumer and the server. I am able to get > > > redirected from the consumer to the login page of the > server. I get > > > logged in but not redirected back to the consumer. DoAuth > seems to > > > fail when comparing the sent url against generated url. > > > > > > What is the form of the url that should be entered in the > consumer > > > form for these examples? Any other information about > > pre-requisites to > > > make the examples run would be appreciated. > > > > I would think that if you did not enter the URL in the proper form, > > you would not get directed to the server, so I do not > suspect that is > > the problem. Can you give us any more logs, error messages, or > > examples for the DoAuth failure? > > > > > > -- > > keturn on https://pibb.com/go/openid and irc.freenode.net#openid > > > > > > _______________________________________________ > > Dev mailing list > > Dev at lists.openidenabled.com > > http://lists.openidenabled.com/mailman/listinfo/dev > > > > > > > > > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > > > From sam.alexander at vidoop.com Thu Dec 20 14:39:10 2007 From: sam.alexander at vidoop.com (sam.alexander at vidoop.com) Date: Thu, 20 Dec 2007 16:39:10 -0600 (CST) Subject: darcs patch: Typo in SReg docblock Message-ID: <20071220223910.97B6D4FF18D@localhost.localhost> Thu Dec 20 16:29:57 CST 2007 sam.alexander at vidoop.com * Typo in SReg docblock -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 719 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071220/83790a74/attachment.bin From kevin at janrain.com Thu Dec 20 16:06:43 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 20 Dec 2007 16:06:43 -0800 Subject: darcs patch: Typo in SReg docblock In-Reply-To: <20071220223910.97B6D4FF18D@localhost.localhost> References: <20071220223910.97B6D4FF18D@localhost.localhost> Message-ID: <1198195603.13234.543.camel@localhost> Patch applied, thanks! On Thu, 2007-12-20 at 16:39 -0600, sam.alexander at vidoop.com wrote: > Thu Dec 20 16:29:57 CST 2007 sam.alexander at vidoop.com > * Typo in SReg docblock > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev From kevin at janrain.com Thu Dec 20 19:46:45 2007 From: kevin at janrain.com (Kevin Turner) Date: Thu, 20 Dec 2007 19:46:45 -0800 Subject: ruby-openid and proxy In-Reply-To: <1196761230.6342.7.camel@rilxvm05> References: <1196761230.6342.7.camel@rilxvm05> Message-ID: <1198208805.13234.556.camel@localhost> I'm sorry it took so long for me to get to this, since the change to support this turned out to be very small indeed. See http://trac.openidenabled.com/trac/ticket/80#comment:1 So that plus another fix from Grant and Dag means it's about time for another ruby-openid release. Should it be A) Friday afternoon, right before we start drinking for the holiday party B) *after* we start drinking, and the longest night of the year has begun C) Christmas Eve D) other? On Tue, 2007-12-04 at 09:40 +0000, Jan Aerts wrote: > Is there a way to set the company's proxy server in the ruby > implementation 1.1 or 1.9? -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid From jan.aerts at bbsrc.ac.uk Fri Dec 21 10:20:05 2007 From: jan.aerts at bbsrc.ac.uk (jan aerts (RI)) Date: Fri, 21 Dec 2007 18:20:05 -0000 Subject: ruby-openid and proxy References: <1196761230.6342.7.camel@rilxvm05> <1198208805.13234.556.camel@localhost> Message-ID: <1F16910BB8546C4DA5526FABB0C98D09AA9A62@ebre2ksrv1.ebrc.bbsrc.ac.uk> Great news, Kevin! Thanks. jan. -----Original Message----- From: dev-bounces at lists.openidenabled.com on behalf of Kevin Turner Sent: Fri 21/12/2007 03:46 To: discuss OpenID libraries and development Subject: Re: ruby-openid and proxy I'm sorry it took so long for me to get to this, since the change to support this turned out to be very small indeed. See http://trac.openidenabled.com/trac/ticket/80#comment:1 So that plus another fix from Grant and Dag means it's about time for another ruby-openid release. Should it be A) Friday afternoon, right before we start drinking for the holiday party B) *after* we start drinking, and the longest night of the year has begun C) Christmas Eve D) other? On Tue, 2007-12-04 at 09:40 +0000, Jan Aerts wrote: > Is there a way to set the company's proxy server in the ruby > implementation 1.1 or 1.9? -- keturn on https://pibb.com/go/openid and irc.freenode.net#openid _______________________________________________ Dev mailing list Dev at lists.openidenabled.com http://lists.openidenabled.com/mailman/listinfo/dev -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3034 bytes Desc: not available Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071221/8b15b387/attachment-0001.bin From wp at mcc.org Fri Dec 21 13:02:27 2007 From: wp at mcc.org (Wesley Penner) Date: Fri, 21 Dec 2007 16:02:27 -0500 Subject: Wesley Penner/MCC is on home leave. Message-ID: I will respond to your message when I return. From kevin at janrain.com Fri Dec 21 21:21:07 2007 From: kevin at janrain.com (Kevin Turner) Date: Fri, 21 Dec 2007 21:21:07 -0800 Subject: ANN: ruby-openid-2.0.2 Message-ID: <1198300867.13234.595.camel@localhost> ruby-openid 2.0.2 is now available. In this release: * Corrections to some error handling in IdRes. (If you got tracebacks about an undefined ProtocolError or ProrocolError, this should be fixed now.) * Updated documentation for the rails-openid example. * Support for HTTP proxies. * A fix to the ActiveRecord migration from 1.1.x versions. http://openidenabled.com/ruby-openid/ Happy Solstice, - Kevin and JanRain p.s. congratulations to Misters Glover and Daugherty for their win in today's JanRain Seasonal Foosball Tournament. From radix at twistedmatrix.com Thu Dec 27 14:03:56 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Thu, 27 Dec 2007 17:03:56 -0500 Subject: python-openid https security Message-ID: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Hi all. I've been looking at the python-openid code, and I found that it falls back to urllib2 when curl is unavailable. I think this is a really bad idea (at least without strongly warning the user) because urllib2 does not seem to comply with the security restrictions set forth by RFC 2818, specifically section 3.1 [1]. This is the section about verifying the server's identity by checking if the hostname in the certificate (subjectAltName or a common name) is the same as the hostname with which the client connected to the server. If this identity verification is not done, it makes MITM possible by spoofing DNS. This means even if a user is typing in an HTTPS identity URL into his favorite reliant party, he may not be getting the security that he expects. I really hope all the other openid RP implementations are conforming to the HTTPS spec, and that this is an isolated case. [1]: http://tools.ietf.org/html/rfc2818#section-3.1 -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From martin at paljak.pri.ee Thu Dec 27 18:48:02 2007 From: martin at paljak.pri.ee (Martin Paljak) Date: Fri, 28 Dec 2007 04:48:02 +0200 Subject: python-openid https security In-Reply-To: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Message-ID: On 28.12.2007, at 0:03, Christopher Armstrong wrote: > I think this is a really bad idea (at least without strongly warning > the user) Warning the user is a good idea. Falling back to zero functionality ("I will not work as I don't have the libraries/functionality I would like to have") is a bad idea as this would leave the library user with a non-functioning library in many cases. > because urllib2 does not seem to comply with the security > restrictions set forth by RFC 2818, specifically section 3.1 [1]. This > is the section about verifying the server's identity by checking if > the hostname in the certificate (subjectAltName or a common name) is > the same as the hostname with which the client connected to the > server. > > If this identity verification is not done, it makes MITM possible by > spoofing DNS. This means even if a user is typing in an HTTPS identity > URL into his favorite reliant party, he may not be getting the > security that he expects. Unless I can personally (as a site administrator and python-openid library user) choose the root certificates to *trust* the whole HTTPS/ SSL/TSL thing is... hmm, as broken as the whole PKI thing is... RFC conformance is of course a good thing to have, but in the era of 'security for sale', a self-signed (or crappy CA signed), domain-name- matching-certificate is as good as no "security" at all... > I really hope all the other openid RP implementations are conforming > to the HTTPS spec, and that this is an isolated case. I would like to see an openid RP library that would allow me to easily specify the CA roots I would like to *trust* for OP-s. I don't know any. I don't *trust* the "default decision" done by some 3rd party (think: mozilla.org or microsoft.com). Unless one can specify the roots to trust the hypothetical MITM attack is a waste of time. I believe that me (as well as many other godaddy.com or rapidssl.com SSL cert users) use certificates to just 'get rid of the annoying browser nagging' and get p2p encrypted channels - and most of the users are just fine with their browsers not annoying them with ambiguous security warnings. And we *do* use client certificates for end2end security - not just softcerts but certificates from hardware smart cards. You can of course buy an EV certificate for about 100x the godaddy price. But you can't fix the broken PKI: http://www.schneier.com/paper-pki-ft.txt -- Martin Paljak openid.ee +3725156495 From radix at twistedmatrix.com Thu Dec 27 19:34:57 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Thu, 27 Dec 2007 22:34:57 -0500 Subject: python-openid https security In-Reply-To: References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Message-ID: <60ed19d40712271934s3e33ae08l2f6ec542a45cf37b@mail.gmail.com> On Dec 27, 2007 9:48 PM, Martin Paljak wrote: > On 28.12.2007, at 0:03, Christopher Armstrong wrote: > > I think this is a really bad idea (at least without strongly warning > > the user) > Warning the user is a good idea. Falling back to zero functionality > ("I will not work as I don't have the libraries/functionality I would > like to have") is a bad idea as this would leave the library user with > a non-functioning library in many cases. I think taking a harder line is appropriate when it comes to security. "apt-get install python-pycurl", or equivalent. Anyway, I would be happier than the current situation makes me with a loud warning. > > If this identity verification is not done, it makes MITM possible by > > spoofing DNS. This means even if a user is typing in an HTTPS identity > > URL into his favorite reliant party, he may not be getting the > > security that he expects. > > Unless I can personally (as a site administrator and python-openid > library user) choose the root certificates to *trust* the whole HTTPS/ > SSL/TSL thing is... hmm, as broken as the whole PKI thing is... With curl, you can. There's an environment variable and a default set of CAs to trust. > RFC conformance is of course a good thing to have, but in the era of > 'security for sale', a self-signed (or crappy CA signed), domain-name- > matching-certificate is as good as no "security" at all... I agree that the PKI is pretty broken, but even if you allow *any* CAs, including self-signed, while still checking the hostname, there are fewer attack vectors than trusting "the common set" of CAs but not doing hostname checking! As long as your application is saving the CAs and then complaining any time the host doesn't match the originally-downloaded CA. That way you can be sure that if you're talking to foo.com, it's the same foo.com that you originally talked to. This seriously limits the possibility for MITMs, since they have to be there the very first time you interact with foo.com. This is all orthogonal to the PKI. I'm not a stickler for RFC conformance. In most cases, I don't give a crap as long as the software works. But not verifying the hostname is a very bad idea. > > I really hope all the other openid RP implementations are conforming > > to the HTTPS spec, and that this is an isolated case. > > I would like to see an openid RP library that would allow me to easily > specify the CA roots I would like to *trust* for OP-s. I don't know > any. I don't *trust* the "default decision" done by some 3rd party > (think: mozilla.org or microsoft.com). python-openid lets you do that, because it uses curl (if available), which lets you specify it with an environment variable. See http://curl.haxx.se/docs/sslcerts.html -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From dclark at pobox.com Thu Dec 27 21:20:11 2007 From: dclark at pobox.com (Daniel Clark) Date: Fri, 28 Dec 2007 00:20:11 -0500 Subject: python-openid https security In-Reply-To: References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Message-ID: <5422d5e60712272120t6cfb9e31td2a06be34dd2a0d4@mail.gmail.com> On Dec 27, 2007 9:48 PM, Martin Paljak wrote: > On 28.12.2007, at 0:03, Christopher Armstrong wrote: > > I think this is a really bad idea (at least without strongly warning > > the user) > Warning the user is a good idea. Falling back to zero functionality > ("I will not work as I don't have the libraries/functionality I would > like to have") is a bad idea as this would leave the library user with > a non-functioning library in many cases. This may be something that tlslite - http://trevp.net/tlslite/ , http://trevp.net/tlslite/docs/public/tlslite.integration.HTTPTLSConnection.HTTPTLSConnection-class.html - supports. It's a public domain (so no issues with including with other projects) native python crypto toolkit that calls out to a variety of other libraries if they exist for speed. It's what is used in Bcfg2 - http://trac.mcs.anl.gov/projects/bcfg2 - since the built-in python crypto libraries are missing so much functionality. So there could be a 3rd option - fall back to built-in (possibly slow) tlslite-based functionality (possibly with a warning to install curl for speed). From wichert at wiggy.net Fri Dec 28 00:13:05 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Fri, 28 Dec 2007 09:13:05 +0100 Subject: python-openid https security In-Reply-To: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Message-ID: <20071228081305.GA15894@wiggy.net> Previously Christopher Armstrong wrote: > Hi all. I've been looking at the python-openid code, and I found that > it falls back to urllib2 when curl is unavailable. > > I think this is a really bad idea (at least without strongly warning > the user) because urllib2 does not seem to comply with the security > restrictions set forth by RFC 2818, specifically section 3.1 [1]. This > is the section about verifying the server's identity by checking if > the hostname in the certificate (subjectAltName or a common name) is > the same as the hostname with which the client connected to the > server. > > If this identity verification is not done, it makes MITM possible by > spoofing DNS. This means even if a user is typing in an HTTPS identity > URL into his favorite reliant party, he may not be getting the > security that he expects. Adding curl to the requirements in setup.py (its pypi name appears to be pycurl: http://pypi.python.org/pypi/pycurl) would automatically make sure it is installed for everyone using setuptool to install python-openid. This will include all Plone sites using openid. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From martin at paljak.pri.ee Fri Dec 28 01:10:34 2007 From: martin at paljak.pri.ee (Martin Paljak) Date: Fri, 28 Dec 2007 11:10:34 +0200 Subject: python-openid https security In-Reply-To: <20071228081305.GA15894@wiggy.net> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> <20071228081305.GA15894@wiggy.net> Message-ID: <5B83688A-C0B6-415F-A79E-66E6D86C3F8A@paljak.pri.ee> On 28.12.2007, at 10:13, Wichert Akkerman wrote: > Adding curl to the requirements in setup.py (its pypi name appears > to be pycurl: http://pypi.python.org/pypi/pycurl) would automatically > make sure it is installed for everyone using setuptool to install > python-openid. This will include all Plone sites using openid. If you are lucky and have the right version. OS X 10.5 does not have it. (openid)laptop-2:~ martin$ easy_install pycurl Searching for pycurl ... Downloading http://pycurl.sourceforge.net/download/pycurl-7.16.4.tar.gz ... src/pycurl.c:55:4: error: #error "Need libcurl version 7.16.4 or greater to compile pycurl." (openid)laptop-2:~ martin$ curl-config --version libcurl 7.16.3 (openid)laptop-2:~ martin$ easy_install pycurl==7.16.2 ... Using curl-config (libcurl 7.16.3) src/pycurl.c:52:4: error: #error "Need libcurl version 7.16.2 or greater to compile pycurl." There is no pycurl 7.16.3 Bummer. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 From wichert at wiggy.net Fri Dec 28 01:31:56 2007 From: wichert at wiggy.net (Wichert Akkerman) Date: Fri, 28 Dec 2007 10:31:56 +0100 Subject: python-openid https security In-Reply-To: <5B83688A-C0B6-415F-A79E-66E6D86C3F8A@paljak.pri.ee> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> <20071228081305.GA15894@wiggy.net> <5B83688A-C0B6-415F-A79E-66E6D86C3F8A@paljak.pri.ee> Message-ID: <20071228093156.GA18721@wiggy.net> Previously Martin Paljak wrote: > > On 28.12.2007, at 10:13, Wichert Akkerman wrote: > > > Adding curl to the requirements in setup.py (its pypi name appears > > to be pycurl: http://pypi.python.org/pypi/pycurl) would automatically > > make sure it is installed for everyone using setuptool to install > > python-openid. This will include all Plone sites using openid. > > > If you are lucky and have the right version. OS X 10.5 does not have it. So users will need to install it. That can't be very hard to do. For Plone we should be able to roll it into the installer so users won't notice. Wichert. -- Wichert Akkerman It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. From trevor at tjohns.net Fri Dec 28 04:21:36 2007 From: trevor at tjohns.net (Trevor Johns) Date: Fri, 28 Dec 2007 04:21:36 -0800 Subject: Running PHP tests on Mac OS X Message-ID: <5902A542-C723-4F0A-8478-1F33C874D1B8@tjohns.net> Hi everyone, Sorry if this is explained elsewhere, but I'm having difficulty getting the test suite for the PHP OpenID library to run. I'm running Mac OS X 10.5 and have PHPUnit 1.3.2 installed. When I try to execute admin/runtests, I get the following error: readlink: illegal option -- - usage: readlink [-n] [file ...] Since this is used to determine the location of the other test scripts via $HERE, this is predictably followed by several 'no such file or directory' errors. If I edit runtests so that $HERE is populated with $PWD instead of trying to determine the path via readlink, the PHPUnit tests run but the formatting tests (longlines, nobadbraces, nobadcase, opentag, and docblocks) fail with this error: Running test (...) xargs: illegal option -- l usage: xargs [-0opt] [-E eofstr] [-I replstr [-R replacements]] [- J replstr] [-L number] [-n number [-x]] [-P maxprocs] [-s size] [utility [argument ...]] Am I missing something? -- Trevor Johns http://tjohns.net From bdthomas at gmail.com Fri Dec 28 06:27:59 2007 From: bdthomas at gmail.com (Benjamin Thomas) Date: Fri, 28 Dec 2007 09:27:59 -0500 Subject: Server denied check-authentication (with ClaimID) Message-ID: <7ca5d0370712280627k75c12668w682d50810bb5ddd6@mail.gmail.com> I recently installed 2.x.x and am in the process of testing /examples/consumer. I have been able to successfully authenticate openid's from: - myopenid.com - vidoop.com - pip.verisignlabs.com However, when I try it with ClaimID.com, I get the following error: (in yellow) Server denied check-authentication Additional info: The test sever is running on localhost (10.10.10.100) with MAMP (OS X). Any ideas? Regards, Ben From kevin at janrain.com Fri Dec 28 17:09:55 2007 From: kevin at janrain.com (Kevin Turner) Date: Fri, 28 Dec 2007 17:09:55 -0800 Subject: python-openid https security In-Reply-To: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> Message-ID: <1198890595.13234.1013.camel@localhost> On Thu, 2007-12-27 at 17:03 -0500, Christopher Armstrong wrote: > I think this is a really bad idea (at least without strongly warning > the user) because urllib2 does not seem to comply with the security > restrictions set forth by RFC 2818, specifically section 3.1 [1]. I agree that we need better ways to set policy about this, and/or provide enough information to the caller to allow them to enforce their policy. That means something like # If this is set, calls to fetch() will raise CrappySSLImplementationError # if the hostname for a HTTPS URL cannot be verified. openid.fetchers.REQUIRE_SSL_HOSTNAME_VERIFICATION = True and class HTTPResponse(object): ssl_hostname_verified = True ssl_ca_trusted = True or something like that. The tricky part about reporting the results in the HTTPResponse is because OpenID fetchers follow redirects, one HTTPResponse may be the result of several communications to different HTTPS hosts. If you have ideas about how to represent this, I'd like to hear them. > I really hope all the other openid RP implementations are conforming > to the HTTPS spec, and that this is an isolated case. Sadly, I have pretty low expectations of what's in the wild right now, given that many environments in which OpenID is deployed can't seems to fetch HTTPS at all (I know I've run across PHP, Ruby, and Mono deployments where this is the case), and "why can't we treat HTTPS and HTTP as identical" is a recurring thread on the OpenID list. But I appreciate your optimism. ;) How would we test this? I guess we need a couple of servers, one that serves a cert with an incorrect hostname, another with a correct hostname but an untrusted CA. From kevin at janrain.com Fri Dec 28 17:13:04 2007 From: kevin at janrain.com (Kevin Turner) Date: Fri, 28 Dec 2007 17:13:04 -0800 Subject: python-openid https security In-Reply-To: <5422d5e60712272120t6cfb9e31td2a06be34dd2a0d4@mail.gmail.com> References: <60ed19d40712271403l4d3dca93h701cd7f851c8e7da@mail.gmail.com> <5422d5e60712272120t6cfb9e31td2a06be34dd2a0d4@mail.gmail.com> Message-ID: <1198890784.13234.1015.camel@localhost> On Fri, 2007-12-28 at 00:20 -0500, Daniel Clark wrote: > This may be something that tlslite - http://trevp.net/tlslite/ , Thanks for the pointer. I don't think I've seen this before and it seems worth a look. From trevor at tjohns.net Sat Dec 29 03:04:38 2007 From: trevor at tjohns.net (Trevor Johns) Date: Sat, 29 Dec 2007 03:04:38 -0800 (PST) Subject: darcs patch: Update admin scripts to run under Mac OS X Message-ID: <20071229110438.52802D0F13@laptop.tjohns.net> Sat Dec 29 00:17:29 PST 2007 Trevor Johns * Update admin scripts to run under Mac OS X The scripts in admin use several non-POSIX arguments which do not work on Mac OS X. See my original post to dev at openidenabled.com: message://%3C5902A542-C723-4F0A-8478-1F33C874D1B8 at tjohns.net%3E http://lists.openidenabled.com/pipermail/dev/2007-December/000979.html This patch makes the following changes to fix this: - Changed $HERE in admin/runtests to avoid calling readlink. - Calls to xargs now use '-L 1' instead of '-l1'. - Calls to 'wc -L' were eliminated. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 2053 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071229/03e31033/attachment.bin From trevor at tjohns.net Sat Dec 29 03:06:03 2007 From: trevor at tjohns.net (Trevor Johns) Date: Sat, 29 Dec 2007 03:06:03 -0800 (PST) Subject: darcs patch: Fixed StoreTest to not fail on Mac OS X 10.5 Message-ID: <20071229110604.07874D0F30@laptop.tjohns.net> Sat Dec 29 00:41:13 PST 2007 Trevor Johns * Fixed StoreTest to not fail on Mac OS X 10.5 Mac OS X 10.5 generates a value for $TMPDIR that looks something like this: /var/folders/uU/uXMNhbRIGkOhaxcg60xSGU+++TI/-Tmp-/ The '+++' is causing the DSN in Tests_Auth_OpenID_StoreTest::test_sqlitestore to become invalid. This invalid DSN causes the SQLite driver to attempt creating a file at a nonexistant path, resulting in a failed test. This is fixed by wrapping the value of $TMPDIR received by the system in a call to urlencode(). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 1308 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071229/1b10af18/attachment.bin From trevor at tjohns.net Sat Dec 29 17:35:01 2007 From: trevor at tjohns.net (Trevor Johns) Date: Sat, 29 Dec 2007 17:35:01 -0800 (PST) Subject: darcs patch: Removed unused $http_response from Auth_Yadis_Manager Message-ID: <20071230013501.20A66D1444@laptop.tjohns.net> Sat Dec 29 14:38:13 PST 2007 Trevor Johns * Removed unused $http_response from Auth_Yadis_Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 746 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071229/6fc017a1/attachment.bin From trevor at tjohns.net Sat Dec 29 17:34:50 2007 From: trevor at tjohns.net (Trevor Johns) Date: Sat, 29 Dec 2007 17:34:50 -0800 (PST) Subject: darcs patch: Fixed typo and minor formatting changes for StoreTest. Message-ID: <20071230013451.1AC16D1442@laptop.tjohns.net> Sat Dec 29 13:48:29 PST 2007 Trevor Johns * Fixed typo and minor formatting changes for StoreTest. - Removed extra newline. - Changed comment in test_sqlitestore() to read 'sqlite' instead of 'postgres'. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 1016 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071229/5f726297/attachment.bin From trevor at tjohns.net Sat Dec 29 18:49:25 2007 From: trevor at tjohns.net (Trevor Johns) Date: Sat, 29 Dec 2007 18:49:25 -0800 (PST) Subject: darcs patch: Fixed discovery failure due to case-sensitive comparis... Message-ID: <20071230024926.65BA1D14BB@laptop.tjohns.net> Sat Dec 29 17:50:02 PST 2007 Trevor Johns * Fixed discovery failure due to case-sensitive comparison of 'Location:' header If an HTTP redirect was issued during discovery with a 'Location:' header that doesn't exactly match case (such as 'location:' or 'LOCATION:'), discovery would fail. This is incorrect behavior per RFC 2616, Section 4.2. This behavior is corrected by using a case insensitive compare when checking for HTTP redirects. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/x-darcs-patch Size: 1171 bytes Desc: A darcs patch for your repository! Url : http://lists.openidenabled.com/pipermail/dev/attachments/20071229/0ad4f154/attachment.bin From cygnus at janrain.com Mon Dec 31 11:30:43 2007 From: cygnus at janrain.com (Jonathan Daugherty) Date: Mon, 31 Dec 2007 11:30:43 -0800 Subject: darcs patch: Fixed discovery failure due to case-sensitive comparis... In-Reply-To: <20071230024926.65BA1D14BB@laptop.tjohns.net> References: <20071230024926.65BA1D14BB@laptop.tjohns.net> Message-ID: > Sat Dec 29 17:50:02 PST 2007 Trevor Johns > * Fixed discovery failure due to case-sensitive comparison of 'Location:' header Great! Thanks for the patches! They're now in trunk. The Location header patch uses stripos() which is only available in PHP 5. You can see the build failure here: http://openidenabled.com:8011/ I've added a patch to use a slightly different method to check the same thing. Thanks again! -- Jonathan Daugherty