OpenID throws an error when two accounts try to use the same OpenID

Subscribing.

This patch catches the duplicate key exception and displays an error message. Also, it doesn't check the identity prior to contacting the OpenID Provider, because the actual claimed_id may different from the one supplied by the user. E.g. if the user just enters "yahoo.com", Yahoo responds with a claimed id that looks something like this: https://me.yahoo.com/a/15_jkHfcSwQSxcvmOujhdYhdsnwW-#a73Px

I updated the test to add a query string argument instead of a dummy fragment, because the fragment should be stripped according to section 7.2 of OpenID Authentication 2.0 (though they are currently not).

Reroll.

Test bot glitch.

Bot was failed

trying out a new testing bot that apparently wasn't working

Set #473982: OpenID not checked for duplicity a duplicate of this one.

Tested #6 looks fine but needs another review to rtbc

$exception->errorInfo[0] == 23000 is not a reliable way to detect key conflicts across databases - see #505812: PDO uses inconsistant error codes between DBs.

Subscribing. In D6.15 a similar warning is issued when trying to add the same OpenID twice (within the same Drupal user account).

When trying to add the same Google OpenID (https://www.google.com/accounts/o8/id) on two different accounts, both attempts create an identity using the currently logged in Google account. Of course, if one wants to have different Google OpenIDs on two different Drupal accounts, one must log out of one Google account after having created the first OpenID, then log into a second Google account before creating the second OpenID, in which case twice entering https://www.google.com/accounts/o8/id will work (both attempts will lead to different OpenID keys). Obvious, yes, but to OpenID newbies this might be confusing -- perhaps the error message might be tweaked to help users understand how OpenID works.

Subscribing

Slightly different approach. I'm leaving the validation as it is, becuase it could catch some of the OpenID before whole discovery and authorization process begins and in worst case cost us only one select in DB but should save more DB requests and server load. And I'm not using PDO Exception which is not same for all databases according to #15, but the same approach like in form validation handler.

Test passed, but drupal.org doesn't respond this time because of network trouble, so the test status wasn't updated.

#19: openid_duplicate_key_364348.patch queued for re-testing.

Sent #19 for re-test against D7. However, this needs to be re-rolled against D8 either way.

Should also be covered by tests.

Suppose we should decide on a way of collision detection - I filed #1376778: Consistent 'duplicate key' detection in core

It looks like this bugfix is relevant for D7 so bumping back there because of https://www.drupal.org/node/2116417.

@wojtha last commented 4 years ago on this issue.

Thanks for the reroll @rpayanm