#80 ✓moved_to_github
Daniel

UserSession.save returns true if signing in with OpenID even when confirmed? returns false

Reported by Daniel | April 4th, 2009 @ 04:53 PM

First, thanks for all the updates, Ben. Yesterday evening's fix is now working.

On to the bug report: UserSession.save returns true if signing in with OpenID even when confirmed? returns false for the user associated with that OpenID identifier.

Items to note: - when attempting to sign into an unconfirmed, password accessed account, UserSession.save correctly returns false. - current_user() correctly returns nil after this save. - when attempting to sign into a confirmed, OpenID accessed account, current_user() correctly returns the newly logged in User object


@user_session.save do |result|
  if result
    if current_user().login_count == 1 && !current_user().is_admin?

Thank You,

Daniel

Comments and changes to this ticket

  • Ben Johnson

    Ben Johnson April 14th, 2009 @ 04:06 AM

    • State changed from “new” to “open”

    I'll play around with this some more and get it working.

  • Daniel

    Daniel June 19th, 2009 @ 03:40 PM

    Hi Ben,

    Any progress on this?

    Thank You,

    Daniel

  • Ben Johnson

    Ben Johnson June 20th, 2009 @ 04:54 AM

    Hi Dan, Yes, it's still on my list, I just haven't had time lately. If you want to take a crack at it that would be great, otherwise I'll try to get to it next week some time. Thanks!

  • Daniel

    Daniel June 26th, 2009 @ 03:25 PM

    Thanks Ben. I've also been busy wrapping up an Alpha and other things. For now, I've worked around it in the controller, but I will try to take a crack at it after this wave passes (maybe end of next week).

    Best,

    Daniel

  • Daniel

    Daniel July 10th, 2009 @ 08:10 PM

    The problem appears to be that the validate_by_openid validation (defined in authlogic_openid/lib/authlogic_openid/session.rb) fires after the validate_magic_states validation (defined in authlogic/lib/authlogic/session/magic_states.rb). So when "validate" is called in the valid? method (see below, from authlogic/lib/authlogic/session/validation.rb), attempted_record is nil at the time validate_magic_states is called (so it just returns true). (Note that validate_by_openid creates an attempted_record, so the line following validate, "ensure_authentication_attempted" does not result in an error being ascribed to the base.)

    It seems that a solution would be to change "validate :validate_by_openid, :if => :authenticating_with_openid?" (defined in authlogic_openid/lib/authlogic_openid/session.rb) to "before_validation", though I am not sure what the side-effects of that would be.

    Best,

    Daniel

    @@@ruby def valid?
    debugger errors.clear self.attempted_record = nil before_validation new_session? ? before_validation_on_create : before_validation_on_update validate ensure_authentication_attempted

    
    
  • Daniel

    Daniel July 10th, 2009 @ 08:11 PM

    (reposting code)

    def valid?
      debugger
      errors.clear
      self.attempted_record = nil
      before_validation
      new_session? ? before_validation_on_create : before_validation_on_update
      validate
      ensure_authentication_attempted
    
  • Ben Johnson

    Ben Johnson August 7th, 2009 @ 06:20 PM

    • State changed from “open” to “moved_to_github”

    [state:"moved_to_github" bulk edit command]

  • AMSA2018
  • smason

    smason October 4th, 2018 @ 01:38 PM

    Mostly sharing about great returns and observing the sessions always for great accessed always,keep follow here. More best essay writing website objects and increased the accounts for current returns always,thanks.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Tags

Pages