[BUGFIX] OpenID service uses incorrect priorities to check returned data 78/41578/2
authorDmitry Dulepov <dmitry.dulepov@gmail.com>
Thu, 16 Jul 2015 08:57:36 +0000 (11:57 +0300)
committerMarkus Klein <markus.klein@typo3.org>
Fri, 17 Jul 2015 15:12:45 +0000 (17:12 +0200)
commit272daa352ea4135683be617cff23703f6f5b1f85
treeb9f536a5e8055816093024a9a63494abd70edadb
parentc45de676a41672f4780875e05fd389cbb66a8a96
[BUGFIX] OpenID service uses incorrect priorities to check returned data

OpenID servers return several identifiers that can be used for user
authentication. According to the speciciation openid.claimed_id
is authoritative for authentication if it is set. openid.identity
can be used but openid.claimed_id is more authoritative.

Usually those two identifiers are the same. But some OpenID servers
(namely UNINETT AS server) provide different values for these
identifiers. In such cases preferred value is in the
openid.claimed_id as defined by the specification. However the code
in the OpenID service fails to properly test that because of wrong
priorities during checks.

This fix changes priorities of checks.

Change-Id: I61461f3258ffbd6caad89cd3163e79bfdc70d555
Resolves: #68205
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/41578
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/openid/Classes/OpenidService.php