[BUGFIX] OpenID service uses incorrect priorities to check returned data 06/41406/2
authorDmitry Dulepov <dmitry.dulepov@gmail.com>
Thu, 16 Jul 2015 08:57:36 +0000 (11:57 +0300)
committerMarkus Klein <markus.klein@typo3.org>
Fri, 17 Jul 2015 15:09:53 +0000 (17:09 +0200)
commit64c67d69ff8dd5a8d8fc0886ff5e17902cf5fded
treec7a70733df178eb70998d63c6541e4aa1e00f247
parent3c75434ce918a989e23bb5e92872ba7912bcb5d6
[BUGFIX] OpenID service uses incorrect priorities to check returned data

OpenID servers return several identifiers that can be used for user
authentication. According to the speciciation openid.claimed_id
is authoritative for authentication if it is set. openid.identity
can be used but openid.claimed_id is more authoritative.

Usually those two identifiers are the same. But some OpenID servers
(namely UNINETT AS server) provide different values for these
identifiers. In such cases preferred value is in the
openid.claimed_id as defined by the specification. However the code
in the OpenID service fails to properly test that because of wrong
priorities during checks.

This fix changes priorities of checks.

Change-Id: I61461f3258ffbd6caad89cd3163e79bfdc70d555
Resolves: #68205
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/41406
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/openid/Classes/OpenidService.php