1.1 --- a/WebStack/Resources/OpenIDRedirect.py Tue Jul 07 01:12:55 2009 +0200
1.2 +++ b/WebStack/Resources/OpenIDRedirect.py Wed Nov 25 20:12:52 2009 +0100
1.3 @@ -90,7 +90,7 @@
1.4 otherwise.
1.5
1.6 If the optional 'verify' parameter is specified as a true value, perform
1.7 - verification on any
1.8 + verification on any incoming OpenID credentials.
1.9 """
1.10
1.11 # If requested, attempt to verify OpenID assertions.
1.12 @@ -107,7 +107,7 @@
1.13 self.test_signature(trans, fields) and \
1.14 self.test_replay(fields):
1.15
1.16 - self.set_token(trans, fields["openid.identity"][0])
1.17 + self.set_token(trans, fields["openid.claimed_id"][0])
1.18 return 1
1.19
1.20 # Incomplete assertion.
1.21 @@ -140,7 +140,8 @@
1.22
1.23 # NOTE: Currently, this is not strict enough.
1.24
1.25 - return fields["openid.return_to"][0].startswith(self.app_url)
1.26 + return fields.has_key("openid.return_to") and \
1.27 + fields["openid.return_to"][0].startswith(self.app_url)
1.28
1.29 def test_signature(self, trans, fields):
1.30