diff options
| author | Brion Vibber <brion@pobox.com> | 2010-05-18 10:39:56 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-05-18 13:28:41 -0700 |
| commit | 7c828ae5f8ab20f0daa8a1482fadce9b3e858975 (patch) | |
| tree | 24cf70678bf106cf400a95e349ff4bde8416e943 /plugins/OpenID/openidlogin.php | |
| parent | b77878f46729d48588fb32b8a54ae13f3752c558 (diff) | |
OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel:
$config['admin']['panels'][] = 'openid';
Or to set them manually:
$config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
$config['openid']['required_team'] = 'my-project-cabal';
$config['site']['openidonly'] = true;
OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.
Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.
Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.
Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
Diffstat (limited to 'plugins/OpenID/openidlogin.php')
| -rw-r--r-- | plugins/OpenID/openidlogin.php | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php index 2a743672c..8c559c934 100644 --- a/plugins/OpenID/openidlogin.php +++ b/plugins/OpenID/openidlogin.php @@ -29,7 +29,12 @@ class OpenidloginAction extends Action if (common_is_real_login()) { $this->clientError(_m('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $openid_url = $this->trimmed('openid_url'); + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $openid_url = $provider; + } else { + $openid_url = $this->trimmed('openid_url'); + } oid_assert_allowed($openid_url); @@ -116,9 +121,18 @@ class OpenidloginAction extends Action $this->elementStart('ul', 'form_data'); $this->elementStart('li'); - $this->input('openid_url', _m('OpenID URL'), - $this->openid_url, - _m('Your OpenID URL')); + $provider = common_config('openid', 'trusted_provider'); + if ($provider) { + $this->element('label', array(), _m('OpenID provider')); + $this->element('span', array(), $provider); + $this->element('p', 'form_guide', + _m('You will be sent to the provider\'s site for authentication.')); + $this->hidden('openid_url', $provider); + } else { + $this->input('openid_url', _m('OpenID URL'), + $this->openid_url, + _m('Your OpenID URL')); + } $this->elementEnd('li'); $this->elementStart('li', array('id' => 'settings_rememberme')); $this->checkbox('rememberme', _m('Remember me'), false, |