Merge lp:~benji/launchpad/bug-597324 into lp:launchpad
Proposed by
Benji York
Status: | Merged |
---|---|
Approved by: | Robert Collins |
Approved revision: | no longer in the source branch. |
Merge reported by: | Benji York |
Merged at revision: | not available |
Proposed branch: | lp:~benji/launchpad/bug-597324 |
Merge into: | lp:launchpad |
Diff against target: |
229 lines (+144/-7) 3 files modified
lib/canonical/launchpad/webapp/login.py (+28/-5) lib/canonical/launchpad/webapp/tests/test_login.py (+111/-1) lib/lp/testopenid/browser/server.py (+5/-1) |
To merge this branch: | bzr merge lp:~benji/launchpad/bug-597324 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Collins (community) | Approve | ||
Review via email: mp+30330@code.launchpad.net |
Description of the change
Fix bug #597324 as well as two other bugs found while investigating (one in the development OpenID provider, the other in Launchpad).
To post a comment you must log in.
It strikes me that my description above could use some fleshing out. Here goes.
The bug was triggered when the OpenID provider chooses to present the user with a form with a single Continue button to click on instead of redirecting the user directly to Launchpad (because the redirect would have contained a Location header that is too long for some browsers).
Launchpad wasn't expecting this behavior and couldn't handle it. The solution was to gather the data needed to complete the OpenID handshaking from POST requests as well as GET requests (the data ends up in different data structures in the two scenarios).
There was also a bug in the development OpenID provider such that it did not set the content-type correctly when generating the aforementioned continue- button- containing- form, so the user only saw raw HTML.