Commit Graph

25 Commits

Author SHA1 Message Date
Brion Vibber
d470c007fc Quick fix for #2659: unable to login with Livejournal OpenID
The Net::OpenID::Server perl module that LJ uses appears to be very picky about input, and rejects most request types unless the data comes in as GET parameters (apparently following OpenID 1.1 rules, rather than OpenID 2.0 rules which permit any request to be POSTed but requires that if so, the data must all be in the POST body).
Apparently something got updated on LJ at some point that's either added that behavior or (more likely) added the OpenID 2.0 namespace info to discovery, which tells the Janrain-based OpenID libraries that they should go ahead and do POST requests instead of redirects to GET requests... thus breaking everything. ;)

GET should be just fine for both 1.1 and 2.0 though, and also saves having to sit through that lame autosubmit page.

Switched the authentication submission from checking whether it should redirect to GET or do a form POST, to simply always doing the redirect to GET.

Tested against providers:
* LiveJournal
* Google
* LaunchPad
* identi.ca
2010-09-07 16:22:51 -07:00
Brion Vibber
d88b208edc Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	plugins/OpenID/openid.php
2010-06-07 10:19:40 -07:00
Brion Vibber
58fe1a597c OpenID: add option to enable asking for a username to append to the trusted provider's base URL. Good for hooking up with sites like WikiHow, where usernames are appended to a base URL to get a profile URL which is used as the provider.
$config['openid']['append_username'] = true;
or check 'Append a username to base URL' in OpenID admin panel.
2010-05-28 16:52:17 -07:00
Brion Vibber
696aeea113 Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	lib/language.php
	plugins/OpenID/finishaddopenid.php
2010-05-27 14:57:32 -07:00
Brion Vibber
2f2fa10071 Merge branch 'master' of gitorious.org:statusnet/mainline into testing 2010-05-27 14:54:43 -07:00
Brion Vibber
9193c110f1 WikiHowProfile plugin; pulls avatar from WikiHow profile pages when registering or adding account with OpenID. (Full name, location, homepage, and bio are also on the profile page but not marked up in a way they can be easily retrieved yet.)
OpenID plugin: Added events at OpenID account creation and update time to allow additional customizations for particular sites.
2010-05-25 17:11:46 -07:00
Brion Vibber
7005ef6661 Merge branch 'testing' into 0.9.x
Conflicts:
	plugins/OpenID/openidlogin.php
2010-05-19 12:51:25 -07:00
Brion Vibber
7c828ae5f8 OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel:
    $config['admin']['panels'][] = 'openid';

Or to set them manually:
    $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
    $config['openid']['required_team'] = 'my-project-cabal';
    $config['site']['openidonly'] = true;

OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.

Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.

Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.

Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
    https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
2010-05-18 13:28:41 -07:00
Siebrand Mazeland
7ec5e7cd76 Update translator documentation for OpenID plugin. 2010-04-30 23:07:19 +02:00
Brion Vibber
4beaba9fb0 Ticket #93: pretty up the auto-submit for OpenID logins a bit.
* throwing in our spinner
* cleanup of texts
* "If this doesn't go through click the button" instead of just a mystery button
* slightly faster submission: immediate at end of page rather than waiting for jQuery to confirm document setup completion
2010-04-23 11:28:50 -07:00
Evan Prodromou
9c63ae6e44 add whitelist and blacklist for openid URLs 2010-03-25 16:58:05 -04:00
Evan Prodromou
7f6fdb528c remove debugging calls 2010-03-25 16:35:22 -04:00
Brion Vibber
4d7479dcbc OpenID fixes:
- avoid notice spew when checking sreg items that weren't provided
- fix keys spec for user_openid, clears up problems with removing openid associations
- fix keys spec for user_openid_trustroot
2010-03-12 10:07:32 -08:00
Brion Vibber
4b5e977a7b New _m() gettext wrapper with smart detection of plugin domains. Plugin base class registers your gettext files if present at initialization.
update_pot.sh replaced with update_po_templates.php which can do core, plugins, or all (default).
Top-level Makefile added to build .mo files for plugins as well as core.

As described on list:
http://lists.status.net/pipermail/statusnet-dev/2009-December/002869.html
2009-12-08 12:17:11 -08:00
Brion Vibber
50234be398 Fix regression in OpenID autosubmit page.
Since core JS loads were moved to the bottom, the JavaScript was being run before jQuery was loaded, so the onload event never got set. Moved it down to the scripts section.
2009-11-13 15:34:15 -08:00
Brion Vibber
088081675f Revert "Remove more contractions"
This reverts commit 5ab709b739.

Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
b10f362ede Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x 2009-11-08 23:33:58 +01:00
Siebrand Mazeland
5ab709b739 Remove more contractions
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Brion Vibber
fc5002015b Revert "* [Cc]an't -> [Cc]annot"
This reverts commit 0ab17f382b.
2009-11-08 23:28:51 +01:00
Siebrand Mazeland
0ab17f382b * [Cc]an't -> [Cc]annot
* [Cc]ould't -> [Cc]ould not
2009-11-08 23:22:38 +01:00
Craig Andrews
54696f7c46 Moved the public XRDS from the OpenID plugin to core
Added 4 new events involved in XRDS: StartUserXRDS, EndUserXRDS, StartPublicXRDS, EndPublicXRDS
Added OpenID provider functionality (no delegation support [yet])
2009-10-29 16:27:22 -04:00
Craig Andrews
0b4390e7f2 Make email domain checking optional, as some statusnet installations (such as those behind restrictive corporate firewalls, or on home systems on restrictive connections) cannot connect to any mail
systems, and this check will always fail.
2009-10-26 10:31:12 -04:00
Evan Prodromou
5d09b6b3f0 Merge branch '0.8.x' into 0.9.x
Conflicts:
	EVENTS.txt
	actions/finishremotesubscribe.php
	actions/postnotice.php
	actions/public.php
	actions/remotesubscribe.php
	actions/showstream.php
	actions/updateprofile.php
	actions/userauthorization.php
	classes/laconica.ini
	lib/common.php
	lib/oauthstore.php
	lib/omb.php
2009-08-27 11:16:45 -07:00
Evan Prodromou
797f296974 fix require paths for OpenID plugin files 2009-08-04 13:01:23 -04:00
Evan Prodromou
2b79b4d21f Move OpenID-related files to OpenID plugin directory
As a first step to pluginizing our OpenID support, I've moved the
important OpenID-related files to a dedicated plugin directory. Many
of these classes are still referred to by libraries that are still in
core.
2009-08-04 13:01:23 -04:00