PHP :: Request #59569 :: Order of checks of checkOAuthRequest()

Request #59569	Order of checks of checkOAuthRequest()
Submitted:	2011-01-11 03:00 UTC	Modified:	2011-01-15 13:21 UTC
From:	djpate at gmail dot com	Assigned:	jawed (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5_3 SVN-2011-01-11 (dev)	OS:	Ubuntu 10.10
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	djpate at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-01-11 03:00 UTC] djpate at gmail dot com

Description:
------------
I'm trying to implement the nonce handler but I realised that It's launched before the consumer handler.

That doesnt make sense to me because If I understand this right a nonce is associed with a consumer, so making sure the consumer actually exist would be check before you check the nonce ?

Reproduce code:
---------------
public function consumerHandler($provider){
  $this->consumer = Consumer::findByKey($provider->consumer_key)
}

public function checkNonce($provider){
  if($this->consumer->hasNonce($provider->nonce)){
.......
}

Expected result:
----------------
No error

Actual result:
--------------
$this->consumer is not an object
since it doesnt go thru consumerHandler before

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-11 09:11 UTC] jawed@php.net

The definition changed in the RFC to also include the token 
creds:

http://tools.ietf.org/html/rfc5849#section-3.3

I don't have any immediate reservations on making the nonce 
check the last step.

- JJ

[2011-01-11 10:50 UTC] djpate at gmail dot com

Great,

Do you want me to submit a patch or something ?

[2011-01-11 13:40 UTC] jawed@php.net

Any and all patches are appreciated, however, they are not necessary.

I can work with you offline (jawed@php.net, or #php.pecl on EFnet) to help 
you get a feel for the code structure if you'd like.

- JJ

[2011-01-11 18:09 UTC] datibbaw@php.net

No issues here either ;) let me know if you want 
me to add the patch.

[2011-01-12 03:13 UTC] djpate at gmail dot com

Here is my patch, maybe something is missing but from what I've understood from the code it's pretty straight forward.

https://gist.github.com/775860

I compiled it and tested on my provider and It seems to work fine.

[2011-01-15 13:21 UTC] jawed@php.net

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Applied in trunk. Thanks for the patch and making pecl/oauth 
better!

- JJ

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 22:01:28 2024 UTC