Bug in plug-in open_id_authentication

vikrant · February 26, 2009, 11:09am

Hi,
There is a little bug in open_id_authentication plug-in at line 87 of
file lib/open_id_authentication.rb

identifier = “http://#{identifier}” unless identifier =~ /^http/i

this line will silently ignore the uri “httpd.apache.org” without
normalising it to “http://httpd.apache.org/”

at present, writing OpenIdAuthentication.normalize_identifier
(‘httpd.apache.org’) raises a NoMethodError.

Proposed solution is to replace /^http/i with /^http:/i

identifier = “http://#{identifier}” unless identifier =~ /^http:/i

github.com

rails/open_id_authentication/blob/e6df78367b257886021785ba0260a4b5a4eca793/lib/open_id_authentication.rb#L87


      
          def self.normalize_identifier(identifier)
            # clean up whitespace
            identifier = identifier.to_s.strip
          
          
  # if an XRI has a prefix, strip it.
            identifier.gsub!(/xri:\/\//i, '')
          
          
  # dodge XRIs -- TODO: validate, don't just skip.
            unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
              # does it begin with http?  if not, add it.
              identifier = "http://#{identifier}" unless identifier =~ /^http/i
          
          
    # strip any fragments
              identifier.gsub!(/\#(.*)$/, '')
          
          
    begin
                uri = URI.parse(identifier)
                uri.scheme = uri.scheme.downcase  # URI should do this
                identifier = uri.normalize.to_s
              rescue URI::InvalidURIError
                raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")

I’m reporting this bug here, because don’t know how to submit patch
(or whatever we call it) for Git repository. Also guys at
lighthouseapp.com will let you sign-in with an OpenID but won’t let
you sign-up with one! So bad.

vikrant · March 16, 2009, 3:04pm

there is a bug, it actually should be -
identifier = “http://#{identifier}” unless identifier =~ /^https?:/i