Fix for OpenID-only private sites: we were removing the 'login' and 'register' actions from the routing system entirely, which meant that login links & redirects from unauthenticated views on private sites (as well as various re-auth situations even on non-private sites) would break and send to the main page instead.
Changed it to leave the 'login' and 'register' actions in the system; we're already taking them over and redirecting them to the OpenID login page, so they won't be reached by accident; but now those redirects can be reached on purpose. ;) Better long-term fix may be to allow some aliasing, so we can have common_local_url('login') actually send us straight to the OpenID login page instead of having to go through an intermediate redirect, but this'll do.
This commit is contained in:
parent
20f2167425
commit
93bea7ff28
|
@ -102,9 +102,14 @@ class OpenIDPlugin extends Plugin
|
||||||
function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
|
function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
|
||||||
{
|
{
|
||||||
if (common_config('site', 'openidonly')) {
|
if (common_config('site', 'openidonly')) {
|
||||||
static $block = array('main/login',
|
// Note that we should not remove the login and register
|
||||||
'main/register',
|
// actions. Lots of auth-related things link to them,
|
||||||
'main/recoverpassword',
|
// such as when visiting a private site without a session
|
||||||
|
// or revalidating a remembered login for admin work.
|
||||||
|
//
|
||||||
|
// We take those two over with redirects to ourselves
|
||||||
|
// over in onArgsInitialize().
|
||||||
|
static $block = array('main/recoverpassword',
|
||||||
'settings/password');
|
'settings/password');
|
||||||
|
|
||||||
if (in_array($path, $block)) {
|
if (in_array($path, $block)) {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user