php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59569 Order of checks of checkOAuthRequest()
Submitted: 2011-01-11 03:00 UTC Modified: 2011-01-15 13:21 UTC
From: djpate at gmail dot com Assigned: jawed (profile)
Status: Closed Package: oauth (PECL)
PHP Version: 5_3 SVN-2011-01-11 (dev) OS: Ubuntu 10.10
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: djpate at gmail dot com
New email:
PHP Version: OS:

 

 [2011-01-11 03:00 UTC] djpate at gmail dot com
Description:
------------
I'm trying to implement the nonce handler but I realised that It's launched before the consumer handler.

That doesnt make sense to me because If I understand this right a nonce is associed with a consumer, so making sure the consumer actually exist would be check before you check the nonce ?

Reproduce code:
---------------
public function consumerHandler($provider){
  $this->consumer = Consumer::findByKey($provider->consumer_key)
}

public function checkNonce($provider){
  if($this->consumer->hasNonce($provider->nonce)){
.......
}

Expected result:
----------------
No error

Actual result:
--------------
$this->consumer is not an object
since it doesnt go thru consumerHandler before

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-11 09:11 UTC] jawed@php.net
The definition changed in the RFC to also include the token 
creds:

http://tools.ietf.org/html/rfc5849#section-3.3

I don't have any immediate reservations on making the nonce 
check the last step.

- JJ
 [2011-01-11 10:50 UTC] djpate at gmail dot com
Great,

Do you want me to submit a patch or something ?
 [2011-01-11 13:40 UTC] jawed@php.net
Any and all patches are appreciated, however, they are not necessary.

I can work with you offline (jawed@php.net, or #php.pecl on EFnet) to help 
you get a feel for the code structure if you'd like.

- JJ
 [2011-01-11 18:09 UTC] datibbaw@php.net
No issues here either ;) let me know if you want 
me to add the patch.
 [2011-01-12 03:13 UTC] djpate at gmail dot com
Here is my patch, maybe something is missing but from what I've understood from the code it's pretty straight forward.

https://gist.github.com/775860

I compiled it and tested on my provider and It seems to work fine.
 [2011-01-15 13:21 UTC] jawed@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Applied in trunk. Thanks for the patch and making pecl/oauth 
better!

- JJ
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC