Ticket #83 (new defect)

Opened 1 year ago

Re-freshing a page where Consumer->complete() gets called results in a "Duplicate entry" SQL error

Reported by: http://daniel.hahler.de/ Assigned to:
Priority: minor Milestone:
Keywords: Cc:
Project: php-openid OpenID Protocol:
Series: 2.x.x Web Browser:

Description

With the php-openid library version 2.0, reloading a page where a consumer request has been completed results in a "duplicate entry" SQL error, because the nonce already exists: 

MySQL error!
Duplicate entry 'http://www.myopenid.com/server-1197175362-JDTcOa' for key 1(Errno=1062)

Your query:
INSERT INTO evo_plugin_openid_14_nonces (server_url, timestamp, salt)
VALUES ('http://www.myopenid.com/server', '1197175362', 'JDTcOa')

This is the backtrace: 

Backtrace:
   3. DB->query( "INSERT INTO evo_plugin_openid_14_nonces (server_url, timestamp, ..." )
      File: openid_plugin_DatabaseConnection.class.php on line 55
   4. openid_plugin_DatabaseConnection->query( "INSERT INTO evo_plugin_openid_14_nonces (server_url, timestamp, ...", Array(3) )
      File: php-openid/Auth/OpenID/SQLStore.php on line 453
   5. Auth_OpenID_SQLStore->_add_nonce( "http://www.myopenid.com/server", 1197175362, "JDTcOa" )
      File: php-openid/Auth/OpenID/SQLStore.php on line 470
   6. Auth_OpenID_SQLStore->useNonce( "http://www.myopenid.com/server", 1197175362, "JDTcOa" )
      File: php-openid/Auth/OpenID/Consumer.php on line 1244
   7. Auth_OpenID_GenericConsumer->_idResCheckNonce( Object(Auth_OpenID_Message), Object(Auth_OpenID_ServiceEndpoint) )
      File: php-openid/Auth/OpenID/Consumer.php on line 778
   8. Auth_OpenID_GenericConsumer->_doIdRes( Object(Auth_OpenID_Message), NULL, "http://b2cvs.local/blogs/htsrv/call_plugin.php?plugin_ID=14&meth..." )
      File: php-openid/Auth/OpenID/Consumer.php on line 719
   9. Auth_OpenID_GenericConsumer->_complete_id_res( Object(Auth_OpenID_Message), NULL, "http://b2cvs.local/blogs/htsrv/call_plugin.php?plugin_ID=14&meth..." )
      [runtime created function]
  10. call_user_func_array( Array(2), Array(3) )
      File: php-openid/Auth/OpenID/Consumer.php on line 660
  11. Auth_OpenID_GenericConsumer->complete( Object(Auth_OpenID_Message), NULL, "http://b2cvs.local/blogs/htsrv/call_plugin.php?plugin_ID=14&meth..." )
      File: php-openid/Auth/OpenID/Consumer.php on line 422
  12. Auth_OpenID_Consumer->complete( "http://b2cvs.local/blogs/htsrv/call_plugin.php?plugin_ID=14&meth..." )
      File: _openid.plugin.php on line 939
  13. openid_plugin->htsrv_add_openid( Array(0) )
      File: app/inc/plugins/model/_plugins.class.php on line 1186
  14. Plugins->call_method( "14", "htsrv_add_openid", Array(0) )
      File: app/htsrv/call_plugin.php on line 87

Doing the same thing with an older version (2.0rcX) results in a "better"/cleaner error instead: "OpenID authentication failed: Server denied check_authentication"