Library does not handle faulty information in openid.signed

Issue #7 resolved
Peter Tröger
created an issue

The HPI OpenID provider, when asked for a nickname, sends the following response:

{{{ {'openid.sig': ['XXX'], 'openid.return_to': ['XXX'], 'openid.mode': ['id_res'], 'openid.signed': ['mode,identity,return_to,sreg.nickname,'], 'openid.assoc_handle': ['{HMAC-SHA1}{4c51ed00}{JEPGLQ==}'], 'openid.identity': ['XXX']} }}}

The code starting from line 497 does not handle possible key errors in the response dictionary, which happens first for sreg.nickname with this kind of result. I would prefer a dedicated exception with a very explicit description text, since the Django auth backend just forwards the error text from the library in authenticate().

Comments (1)

  1. Log in to comment