php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #59569 Order of checks of checkOAuthRequest()
Submitted: 2011-01-11 03:00 UTC Modified: 2011-01-15 13:21 UTC
From: djpate at gmail dot com Assigned: jawed (profile)
Status: Closed Package: oauth (PECL)
PHP Version: 5_3 SVN-2011-01-11 (dev) OS: Ubuntu 10.10
Private report: No CVE-ID: None
View Developer Edit
 [2011-01-11 03:00 UTC] djpate at gmail dot com 
Description:
------------
I'm trying to implement the nonce handler but I realised that It's launched before the consumer handler.

That doesnt make sense to me because If I understand this right a nonce is associed with a consumer, so making sure the consumer actually exist would be check before you check the nonce ?

Reproduce code:
---------------
public function consumerHandler($provider){
  $this->consumer = Consumer::findByKey($provider->consumer_key)
}

public function checkNonce($provider){
  if($this->consumer->hasNonce($provider->nonce)){
.......
}

Expected result:
----------------
No error

Actual result:
--------------
$this->consumer is not an object
since it doesnt go thru consumerHandler before

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-11 09:11 UTC] jawed@php.net 
The definition changed in the RFC to also include the token 
creds:

http://tools.ietf.org/html/rfc5849#section-3.3

I don't have any immediate reservations on making the nonce 
check the last step.

- JJ
 [2011-01-11 10:50 UTC] djpate at gmail dot com 
Great,

Do you want me to submit a patch or something ?
 [2011-01-11 13:40 UTC] jawed@php.net 
Any and all patches are appreciated, however, they are not necessary.

I can work with you offline (jawed@php.net, or #php.pecl on EFnet) to help 
you get a feel for the code structure if you'd like.

- JJ
 [2011-01-11 18:09 UTC] datibbaw@php.net 
No issues here either ;) let me know if you want 
me to add the patch.
 [2011-01-12 03:13 UTC] djpate at gmail dot com 
Here is my patch, maybe something is missing but from what I've understood from the code it's pretty straight forward.

https://gist.github.com/775860

I compiled it and tested on my provider and It seems to work fine.
 [2011-01-15 13:21 UTC] jawed@php.net 
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Applied in trunk. Thanks for the patch and making pecl/oauth 
better!

- JJ
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 06:01:30 2024 UTC