Merge lp:~jamestait/canonical-identity-provider/lp1169635 into lp:canonical-identity-provider/release
Status: | Merged |
---|---|
Approved by: | Ricardo Kirkner |
Approved revision: | no longer in the source branch. |
Merged at revision: | 806 |
Proposed branch: | lp:~jamestait/canonical-identity-provider/lp1169635 |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
61 lines (+23/-6) 2 files modified
identityprovider/tests/test_views_server.py (+16/-4) identityprovider/views/server.py (+7/-2) |
To merge this branch: | bzr merge lp:~jamestait/canonical-identity-provider/lp1169635 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ricardo Kirkner (community) | Approve | ||
Review via email: mp+159358@code.launchpad.net |
Commit message
Don't check whether the unsigned response would result in a form POST, because the signed response will be longer and may do even if the unsigned response wouldn't. Instead, check the signed response and the request mode.
Description of the change
This is a fix for the case where an unsigned OpenID response would be short
enough to allow a URL redirect to be used, but the signed response would be too
long and thus would result in an HTML form POST.
This is all to work around a shortcoming in the openid library. There is a fix
in openid trunk, but:
a) it will probably break existing implementations and
b) according to PyPi there hasn't been a release of the openid library in
almost 3 years.
I would rather we didn't use shortened urls.