UserSession.save returns true if signing in with OpenID even when confirmed? returns false
Reported by Daniel | April 4th, 2009 @ 04:53 PM
First, thanks for all the updates, Ben. Yesterday evening's fix is now working.
On to the bug report: UserSession.save returns true if signing in with OpenID even when confirmed? returns false for the user associated with that OpenID identifier.
Items to note: - when attempting to sign into an unconfirmed, password accessed account, UserSession.save correctly returns false. - current_user() correctly returns nil after this save. - when attempting to sign into a confirmed, OpenID accessed account, current_user() correctly returns the newly logged in User object
@user_session.save do |result|
if result
if current_user().login_count == 1 && !current_user().is_admin?
Thank You,
Daniel
Comments and changes to this ticket
-
Ben Johnson April 14th, 2009 @ 04:06 AM
- State changed from “new” to “open”
I'll play around with this some more and get it working.
-
-
Ben Johnson June 20th, 2009 @ 04:54 AM
Hi Dan, Yes, it's still on my list, I just haven't had time lately. If you want to take a crack at it that would be great, otherwise I'll try to get to it next week some time. Thanks!
-
Daniel June 26th, 2009 @ 03:25 PM
Thanks Ben. I've also been busy wrapping up an Alpha and other things. For now, I've worked around it in the controller, but I will try to take a crack at it after this wave passes (maybe end of next week).
Best,
Daniel
-
Daniel July 10th, 2009 @ 08:10 PM
The problem appears to be that the validate_by_openid validation (defined in authlogic_openid/lib/authlogic_openid/session.rb) fires after the validate_magic_states validation (defined in authlogic/lib/authlogic/session/magic_states.rb). So when "validate" is called in the valid? method (see below, from authlogic/lib/authlogic/session/validation.rb), attempted_record is nil at the time validate_magic_states is called (so it just returns true). (Note that validate_by_openid creates an attempted_record, so the line following validate, "ensure_authentication_attempted" does not result in an error being ascribed to the base.)
It seems that a solution would be to change "validate :validate_by_openid, :if => :authenticating_with_openid?" (defined in authlogic_openid/lib/authlogic_openid/session.rb) to "before_validation", though I am not sure what the side-effects of that would be.
Best,
Daniel
@@@ruby def valid?
debugger errors.clear self.attempted_record = nil before_validation new_session? ? before_validation_on_create : before_validation_on_update validate ensure_authentication_attempted -
Daniel July 10th, 2009 @ 08:11 PM
(reposting code)
def valid? debugger errors.clear self.attempted_record = nil before_validation new_session? ? before_validation_on_create : before_validation_on_update validate ensure_authentication_attempted -
Ben Johnson August 7th, 2009 @ 06:20 PM
- State changed from “open” to “moved_to_github”
[state:"moved_to_github" bulk edit command]
-
-
smason October 4th, 2018 @ 01:38 PM
Mostly sharing about great returns and observing the sessions always for great accessed always,keep follow here. More best essay writing website objects and increased the accounts for current returns always,thanks.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.
Ben Johnson
Daniel