Package: trac-authopenid
Version: 0.4.1-1
Severity: normal
Tags: patch upstream
Control: forwarded -1 https://github.com/dairiki/authopenid-plugin/pull/7
Without the attached patch, when an OpenID provider declines to provide a full
name, trac crashes by accessing the authname variable before it was
initialized.
If no full name is provided, it should fall back to using the OpenID
URL as the user's identity.
The patch attached here should work for 0.4.1-1 -- it's slightly
different from the patch i submitted to upstream's master branch
because upstream has some unreleased changes since 0.4.1.
--dkg
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages trac-authopenid depends on:
ii python 2.7.3-4
ii python-openid 2.2.5-3
ii trac 1.0.1-1
trac-authopenid recommends no packages.
trac-authopenid suggests no packages.
-- debconf-show failed
--- a/authopenid/authopenid.py 2012-06-25 17:06:18.000000000 -0400
+++ b/authopenid/authopenid.py 2013-04-04 16:04:57.542661061 -0400
@@ -584,6 +584,7 @@
remote_user = new_user
if allowed:
+ authname = None
cookie = hex_entropy()
cookie_lifetime = self.trac_auth_cookie_lifetime
@@ -604,9 +605,11 @@
authname = req.session['name']
if self.combined_username:
authname = '%s <%s>' % (authname, remote_user)
+ else:
+ authname = remote_user
# Possibly lower-case the authname.
- if self.lowercase_authname:
+ if authname and self.lowercase_authname:
authname = authname.lower()
# Make authname unique in case of collisions
