masq

masq copied to clipboard

ruby-openid 2.5 uses Digest::HMAC which was experimental. Newer version should use OpenSSL::HMAC. According to my simple test, using ruby-openid 2.7.0 did the job.

Glandos

Sorry to wake up people here, but I'm using masq, and I've read this blog article http://www.tetraph.com/blog/2014/05/covert-redirect-vulnerability-related-oauth-2-0-openid-covert-redirect-vulnerability-related-oauth-2-0-openid-%E4%B8%8E-oauth-2-0-openid-%E6%9C%89%E5%85%B3%E7%9A%84-covert-redirect/ The content is not really explicit for provider such as Masq… Can someone...

Glandos

In app/models/masq/account.rb these two validations allow newlines: ``` ruby validates_format_of :login, :with => /^[[email protected]]+$/ validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i ``` That allows e.g. registering with a username containing newline character....

viktors

So I'm not sure exactly how to go about this, so I'm mostly spitballing: - In [my project, Fisheye](https://github.com/evaryont/fisheye), I'd like to support more authentication protocols, like WebID, which requires...

nogweii

Using email as login is broken

13

When trying to log in from masq interface with email_as_login: true in config, the user is logged in but https://www.le-pec.org/openid/[email protected] results in a 404.

jip149

REQUEST FOR A NEW MAINTAINER

7

Are you using masq in production and would like to help maintain the project? Please contact me, because I don't use it anymore and don't have the time to give...

dennisreimann