Store OpenID information in database instead of using the filesystem
The OpenID information currently gets stored in the filesystem. Due to security reasons it's preferred to have that sensible data in the database.
The file to be changed is class.tx_openid_sv1.php
(issue imported from #M9683)
#4 Updated by Dmitry Dulepov over 9 years ago
The patch is attached. This version is tested with trunk revision #6513 and the following OpenID providers and servers:
Since some users already use OpenID or backported it to 4.2, they may have troubles logging in to the system because of the store change (missing database tables). Therefore this patch includes elementary workaround that creates database on the fly if they are not there. This can be removed in TYPO3 4.4 but I suggest to release 4.3 with this code.
#6 Updated by Steffen Müller over 9 years ago
Dmitry, thank you for the patch.
I also had no luck, it did not work with BE login. But OpenID worked for me before applying the patch.
I got the same effect as described in #21647 : OpenID provider redirects me to http://lenny.test/typo3/sysext/openid/ instead of the backend.
Also, I don't like the constructor checking and creating missing database tables. It's separate one-time code which blows up the class too much. install tool should do this. This is TYPO3 best practice and users are used to go through the database compare stuff for any other DB changes. It does not hurt. We had that before in trunk. IMHO this is a major issue I see with your patch.
I found also one minor issue:
DB compare in the install tool always shows:
ALTER TABLE tx_openid_nonce_store CHANGE salt salt char(40);
Current value: char(40) default ''
Pressing the "write to database" button does not change anything.
P.S. Tested by using launchpad.net as OpenID provider.
#7 Updated by Dmitry Dulepov over 9 years ago
Marcus, what would you say if somebody reported a problem to you like this: "I was trying out the patch without luck"? This is impossible to fix because it contains zero of information about the problem you have.
Steffen, I cannot confirm those redirections. I afraid you have to search your workspace for issues. Regarding table creation: this was for those who already use OpenID. The idea was to be user friendly and let them upgrade the system automatically. I will get rid of user friendliness in the new version of the patch. This would be true TYPO3 way: make it harder for users ;)
#8 Updated by Steffen Müller over 9 years ago
Dmitry, you know TYPO3 core is already very ugly code design. Upgrading database routines should be kept at a central place, since it is a repeating routine. With your solution we would later have duplicate code in the core, e.g. in each sysext.
On the other hand using the install tool for DB upgrade is well known and gives you full control about what happens to database tables.
You are right, this makes it harder for users to upgrade, but in a way, they are used with the above mentioned advantages.
I have already checked devlog/syslog for errors, but unfortunately there are none. Please give me some more time to debug it.