Added error message when the user gets to the openid login screen with an
obviously non-CC network OpenID URL.

Blogged on labs:
http://labs.creativecommons.org/2009/04/13/updates-to-cc-network-openid-provider/

We're going to show an error message if the user gets to the login form with an
OpenID path that doesn't look right

The problem is caused when the user omits the trailing slash from their OpenID
URL.  For example, https://creativecommons.net/nathan instead of
https://creativecommons.net/nathan/.

Seems to occur with sf.net as well.

---------- Forwarded message ----------
From:  <root@localhost>
Date: Sun, Apr 12, 2009 at 6:46 AM
Subject: [Django] Error (EXTERNAL IP): /o/login/

Traceback (most recent call last):

 File "/var/www/creativecommons.net/commoner/eggs/Django-1.0.2_final-py2.5.egg/django/core/handlers/base.py",
line 86, in get_response
   response = callback(request, *callback_args, **callback_kwargs)

 File "/var/www/creativecommons.net/commoner/src/commoner/server/views.py",
line 59, in login
   if form.is_valid():

 File "/var/www/creativecommons.net/commoner/eggs/Django-1.0.2_final-py2.5.egg/django/forms/forms.py",
line 120, in is_valid
   return self.is_bound and not bool(self.errors)

 File "/var/www/creativecommons.net/commoner/eggs/Django-1.0.2_final-py2.5.egg/django/forms/forms.py",
line 111, in _get_errors
   self.full_clean()

 File "/var/www/creativecommons.net/commoner/eggs/Django-1.0.2_final-py2.5.egg/django/forms/forms.py",
line 241, in full_clean
   self.cleaned_data = self.clean()

 File "/var/www/creativecommons.net/commoner/src/commoner/server/forms.py",
line 31, in clean
   user = auth.authenticate(username=self.cleaned_data['username'],

KeyError: 'username'

<WSGIRequest
GET:<QueryDict: {}>,
POST:<QueryDict: {u'username': [u''], u'secret':
[u'3a8f9258a92747b59b0cf5555d19a15d0766d20f'], u'password': [u''],
u'id': [u'https://creativecommons.net/diti'], u'next':
[u'/o/endpoint/?openid.sreg.required=email%2Cnickname&openid.identity=https%3A%2F%2Fcreativecommons.net%2Fditi&openid.trust_root=http%3A%2F%2Fintensedebate.com%2F&openid.return_to=http%3A%2F%2Fintensedebate.com%2FhandleOpenIDLocalSignup.php%3Ff%3Dedaac1c1bbb0d531d561e365b4eecbed&openid.mode=checkid_setup']}>,
COOKIES:{'sessionid': '470cfb9cf75b113dfe50a910379fc0d3'},
META:{'CONTENT_LENGTH': '475',
 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
 'DOCUMENT_ROOT': '/var/www/creativecommons.net/www',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTPS': '1',
 'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate',
 'HTTP_ACCEPT_LANGUAGE': 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': 'sessionid=470cfb9cf75b113dfe50a910379fc0d3',
 'HTTP_HOST': 'creativecommons.net',
 'HTTP_KEEP_ALIVE': '300',
 'HTTP_REFERER':
'https://creativecommons.net/o/login/?id=https%3A%2F%2Fcreativecommons.net%2Fditi&next=%2Fo%2Fendpoint%2F%3Fopenid.sreg.required%3Demail%252Cnickname%26openid.identity%3Dhttps%253A%252F%252Fcreativecommons.net%252Fditi%26openid.trust_root%3Dhttp%253A%252F%252Fintensedebate.com%252F%26openid.return_to%3Dhttp%253A%252F%252Fintensedebate.com%252FhandleOpenIDLocalSignup.php%253Ff%253Dedaac1c1bbb0d531d561e365b4eecbed%26openid.mode%3Dcheckid_setup',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)',
 'PATH': '/usr/local/bin:/usr/bin:/bin',
 'PATH_INFO': u'/o/login/',
 'PATH_TRANSLATED':
'/var/www/creativecommons.net/commoner/bin/cc.net.wsgi/o/login/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '84.101.180.199',
 'REMOTE_PORT': '2958',
 'REQUEST_METHOD': 'POST',
 'REQUEST_URI': '/o/login/',
 'SCRIPT_FILENAME': '/var/www/creativecommons.net/commoner/bin/cc.net.wsgi',
 'SCRIPT_NAME': u'',
 'SCRIPT_URI': 'https://creativecommons.net/o/login/',
 'SCRIPT_URL': '/o/login/',
 'SERVER_ADDR': '66.135.59.46',
 'SERVER_ADMIN': 'webmaster@creativecommons.org',
 'SERVER_NAME': 'creativecommons.net',
 'SERVER_PORT': '443',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SIGNATURE': '<address>Apache Server at creativecommons.net
Port 443</address>\n',
 'SERVER_SOFTWARE': 'Apache',
 'mod_wsgi.application_group': 'creativecommons.net|',
 'mod_wsgi.callable_object': 'application',
 'mod_wsgi.listener_host': '',
 'mod_wsgi.listener_port': '443',
 'mod_wsgi.process_group': 'cc.net',
 'mod_wsgi.reload_mechanism': '1',
 'mod_wsgi.script_reloading': '1',
 'wsgi.errors': <mod_wsgi.Log object at 0x35d67b0>,
 'wsgi.file_wrapper': <built-in method file_wrapper of
mod_wsgi.Adapter object at 0x334da08>,
 'wsgi.input': <mod_wsgi.Input object at 0x3acf5f0>,
 'wsgi.multiprocess': True,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'https',
 'wsgi.version': (1, 0)}>

Some sites (including http://www.intensedebate.com/openIDSignup) seem to mangle
our OpenID, truncating the last letter of the path.

From a user:

Steps to reproduce:

  1. (Optional: I can log in to https://creativecommons.net/ before)
  2. Go on any website requiring OpenID, for instance
http://www.intensedebate.com/openIDSignup
  3. Enter the address https://creativecommons.net/Diti
  4. Try to log in using "Diti" as login, and an alphanumeric,
14-characters-long, ASCII password
  5. If the password is wrong, "Incorrect password." is displayed. If it is
good, nothing is displayed, and "dit" (it apparently comes from "Diti") is
appears in the login text field. No other error message is displayed.