Last modified: 2013-02-10 09:35:50 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20527, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 18527 - Yahoo claims the RP to be untrusted
Yahoo claims the RP to be untrusted
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
OpenID (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-20 01:24 UTC by Sergey Chernyshev
Modified: 2013-02-10 09:35 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sergey Chernyshev 2009-04-20 01:24:02 UTC 
Yahoo has no reason to trust a wiki to be RP - add XRDS as described here:
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
Comment 1 WebCD 2010-01-04 02:45:04 UTC 
You can solve this issue by putting an file "xrds.php" in the script root, where https://wiki.your.wiki/w/ is the script root:
-----------------------------------
<?php header("Content-Type: application/xrds+xml"); ?><?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
    <XRD>
        <Service priority="1">
            <Type>http://specs.openid.net/auth/2.0/return_to</Type>
            <URI>https://wiki.your.wiki/w/</URI>
        </Service>
    </XRD>
</xrds:XRDS>
-----------------------------------
After it you have to add to all Wikipages:
header("X-XRDS-Location: https://wiki.your.wiki/w/xrds.php");
and
<meta http-equiv="X-XRDS-Location" content="https://wiki.your.wiki/w/xrds.php"/>
Comment 2 Sergey Chernyshev 2010-01-04 02:46:58 UTC 
I think there is some XRDS support in extension which probably got disabled or something and worth recovering.
Comment 3 Sergey Chernyshev 2010-01-04 04:50:10 UTC 
Yes, right now Special:OpenIDXRDS is only enabled for user pages and code there and in OpenIDHooks::onArticleViewHeader is a bit messy anyway:
- for example it seems to forbid login using user's page if user in turn is logging in using OpenID. I'm not sure if this is OpenID limitation or something else.
- even though XRDS is using user name as parameter (Special:OpenIDXRDS/Sergey_Chernyshev), this parameter is used in "delegate" variable in intermediary array, but never used in actual XRDS code that is output.

I think it needs to be rewritten completely with multiple use cases in mind:
- user using their page as OpenID URL
- XRDS is used for the use case on this bug (return_to)
- any other usecases?
Comment 4 Siebrand Mazeland 2011-05-16 09:54:32 UTC 
Mass maintainer change.
Comment 5 Tyler Romeo 2013-02-10 02:00:01 UTC 
Based on the fix described in this bug, I'm pretty sure this was just fixed with the recent version upgrade. I haven't tested it yet, but it's possible this bug can be closed.
Comment 6 T. Gries 2013-02-10 02:04:16 UTC 
(In reply to comment #5)
> Based on the fix described in this bug, I'm pretty sure this was just fixed
> with the recent version upgrade. I haven't tested it yet, but it's possible
> this bug can be closed.

may be - or may not be. Nevertheless thanky for *pinging* me.
Comment 7 T. Gries 2013-02-10 09:35:50 UTC 
I tried it with the 1.004 and with the new 2.01 version of E:OpenID, works as designed.

Yahoo OpenID (Yahoo is OpenID Provider only) works with E:OpenID as Consumer.

Thus: closing the issue now.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links