PHP :: Request #59569 :: Order of checks of checkOAuthRequest()

Request #59569	Order of checks of checkOAuthRequest()
Submitted:	2011-01-11 03:00 UTC	Modified:	2011-01-15 13:21 UTC
From:	djpate at gmail dot com	Assigned:	jawed (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5_3 SVN-2011-01-11 (dev)	OS:	Ubuntu 10.10
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	djpate at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2011-01-11 03:00 UTC] djpate at gmail dot com

Description:
------------
I'm trying to implement the nonce handler but I realised that It's launched before the consumer handler.

That doesnt make sense to me because If I understand this right a nonce is associed with a consumer, so making sure the consumer actually exist would be check before you check the nonce ?

Reproduce code:
---------------
public function consumerHandler($provider){
  $this->consumer = Consumer::findByKey($provider->consumer_key)
}

public function checkNonce($provider){
  if($this->consumer->hasNonce($provider->nonce)){
.......
}

Expected result:
----------------
No error

Actual result:
--------------
$this->consumer is not an object
since it doesnt go thru consumerHandler before

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-11 09:11 UTC] jawed@php.net

The definition changed in the RFC to also include the token 
creds:

http://tools.ietf.org/html/rfc5849#section-3.3

I don't have any immediate reservations on making the nonce 
check the last step.

- JJ

[2011-01-11 10:50 UTC] djpate at gmail dot com

Great,

Do you want me to submit a patch or something ?

[2011-01-11 13:40 UTC] jawed@php.net

Any and all patches are appreciated, however, they are not necessary.

I can work with you offline (jawed@php.net, or #php.pecl on EFnet) to help 
you get a feel for the code structure if you'd like.

- JJ

[2011-01-11 18:09 UTC] datibbaw@php.net

No issues here either ;) let me know if you want 
me to add the patch.

[2011-01-12 03:13 UTC] djpate at gmail dot com

Here is my patch, maybe something is missing but from what I've understood from the code it's pretty straight forward.

https://gist.github.com/775860

I compiled it and tested on my provider and It seems to work fine.

[2011-01-15 13:21 UTC] jawed@php.net

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Applied in trunk. Thanks for the patch and making pecl/oauth 
better!

- JJ

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Wed Oct 04 14:01:25 2023 UTC