summaryrefslogtreecommitdiff
path: root/plugins/OpenID/finishaddopenid.php
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-05-18 10:39:56 -0700
committerBrion Vibber <brion@pobox.com>2010-05-18 13:28:41 -0700
commit7c828ae5f8ab20f0daa8a1482fadce9b3e858975 (patch)
tree24cf70678bf106cf400a95e349ff4bde8416e943 /plugins/OpenID/finishaddopenid.php
parentb77878f46729d48588fb32b8a54ae13f3752c558 (diff)
OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel: $config['admin']['panels'][] = 'openid'; Or to set them manually: $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/'; $config['openid']['required_team'] = 'my-project-cabal'; $config['site']['openidonly'] = true; OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility. Note: if it's set there, that value will override the setting from the database or config.php. Note that team restrictions are only really meaningful if a trusted provider is set; otherwise, any OpenID server could report back that users are members of the given team. Restrictions are checked only at OpenID authentication time and will not kick off people currently with a session open; existing remembered logins may also survive these changes. Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of WordPress teams integration plugin: https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
Diffstat (limited to 'plugins/OpenID/finishaddopenid.php')
-rw-r--r--plugins/OpenID/finishaddopenid.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/plugins/OpenID/finishaddopenid.php b/plugins/OpenID/finishaddopenid.php
index 991e6584e..df1763a52 100644
--- a/plugins/OpenID/finishaddopenid.php
+++ b/plugins/OpenID/finishaddopenid.php
@@ -103,6 +103,12 @@ class FinishaddopenidAction extends Action
$sreg = $sreg_resp->contents();
}
+ // Launchpad teams extension
+ if (!oid_check_teams($response)) {
+ $this->message(_m('OpenID authentication aborted: you are not allowed to login to this site.'));
+ return;
+ }
+
$cur = common_current_user();
$other = oid_get_user($canonical);