From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Tue, 30 Jan 2007 07:21:06 +0000 (+0000)
Subject: * Fix openid signin secret generation code. This fixes the bug that made
X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/commitdiff_plain/64ca9a921a537baaed8cead9923f24f267f1040a?ds=sidebyside

* Fix openid signin secret generation code. This fixes the bug that made
  all openid signins fail the first time, and then succeed the second
  time.
---

diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm
index f43c4db7f..4a7255069 100644
--- a/IkiWiki/Plugin/openid.pm
+++ b/IkiWiki/Plugin/openid.pm
@@ -140,13 +140,14 @@ sub getobj ($$) { #{{{
 	# Store the secret in the session.
 	my $secret=$session->param("openid_secret");
 	if (! defined $secret) {
-		$secret=$session->param(openid_secret => time);
+		$secret=rand;
+		$session->param(openid_secret => $secret);
 	}
 
 	return Net::OpenID::Consumer->new(
 		ua => $ua,
 		args => $q,
-		consumer_secret => $secret,
+		consumer_secret => sub { return shift()+$secret },
 		required_root => $config{cgiurl},
 	);
 } #}}}
diff --git a/debian/changelog b/debian/changelog
index f590d9e39..ddf209bdc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,8 +19,11 @@ ikiwiki (1.41) UNRELEASED; urgency=low
     which links to the correct remote page, but is displayed nicely.
   * When building the doc wiki, build with LANG=C.
   * More gettext fun.
+  * Fix openid signin secret generation code. This fixes the bug that made
+    all openid signins fail the first time, and then succeed the second
+    time.
 
- -- Joey Hess <joeyh@debian.org>  Sat, 27 Jan 2007 21:16:33 -0500
+ -- Joey Hess <joeyh@debian.org>  Tue, 30 Jan 2007 02:15:33 -0500
 
 ikiwiki (1.40) unstable; urgency=low
 
diff --git a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
index 8b011c22a..f65b572fc 100644
--- a/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
+++ b/doc/bugs/Error:_OpenID_failure:_time_bad_sig:.mdwn
@@ -25,7 +25,7 @@ ikiwiki or my OpenID servers. --Pawel
 		my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || "");
 		# complain if more than an hour since we sent them off
 		return $self->_fail("time_expired")   if $sig_time < $now - 3600;
-		# also complain if the signature is from the future by more than 30 seconds,
+		 also complain if the signature is from the future by more than 30 seconds,
 		# which compensates for potential clock drift between nodes in a web farm.
 		return $self->_fail("time_in_future") if $sig_time - 30 > $now;
 		# and check that the time isn't faked
@@ -40,4 +40,7 @@ ikiwiki or my OpenID servers. --Pawel
 I've had this problem too, but with my track record of reporting OpenID bugs 
 I thought it best if I held my tongue. I usually experience this the first
 time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev, 
-betacantrips}, and I think re-logging in always works. --Ethan
\ No newline at end of file
+betacantrips}, and I think re-logging in always works. --Ethan
+
+> Does seem easier to repro than I thought.
+> Ok, fixed it.. [[bugs/done]] --[[Joey]]