[#1661] Remove repoze.who OpenID plugin

ckan · Nov 18, 2014 · e7f87ac · e7f87ac
1 parent 4e9fbf7
commit e7f87ac
Show file tree

Hide file tree

Showing 10 changed files with 2 additions and 365 deletions.
diff --git a/ckan/config/middleware.py b/ckan/config/middleware.py
@@ -117,21 +117,6 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf):
     who_parser = WhoConfig(conf['here'])
     who_parser.parse(open(app_conf['who.config_file']))
 
-    if asbool(config.get('openid_enabled', 'true')):
-        from repoze.who.plugins.openid.identification import OpenIdIdentificationPlugin
-        # Monkey patches for repoze.who.openid
-        # Fixes #1659 - enable log-out when CKAN mounted at non-root URL
-        from ckan.lib import repoze_patch
-        OpenIdIdentificationPlugin.identify = repoze_patch.identify
-        OpenIdIdentificationPlugin.redirect_to_logged_in = repoze_patch.redirect_to_logged_in
-        OpenIdIdentificationPlugin._redirect_to_loginform = repoze_patch._redirect_to_loginform
-        OpenIdIdentificationPlugin.challenge = repoze_patch.challenge
-
-        who_parser.identifiers = [i for i in who_parser.identifiers if \
-                not isinstance(i, OpenIdIdentificationPlugin)]
-        who_parser.challengers = [i for i in who_parser.challengers if \
-                not isinstance(i, OpenIdIdentificationPlugin)]
-
     app = PluggableAuthenticationMiddleware(app,
                 who_parser.identifiers,
                 who_parser.authenticators,

diff --git a/ckan/config/who.ini b/ckan/config/who.ini
@@ -17,46 +17,22 @@ charset = utf-8
 #use = repoze.who.plugins.basicauth:make_plugin
 #realm = 'CKAN'
 
-[plugin:openid]
-use = repoze.who.plugins.openid:make_identification_plugin
-store = file
-store_file_path = /tmp/sstore
-#openid_field = openid
-openid_field = openid_identifier
-came_from_field = came_from
-error_field = error
-session_name = beaker.session
-login_form_url = /user/login
-login_handler_path = /login_openid
-logout_handler_path = /user/logout
-# important they go via here after login
-logged_in_url = /user/logged_in
-logged_out_url = /user/logged_out
-rememberer_name = auth_tkt
-# Not supported without an upgrade to "repoze.who.plugins.openid>=0.5.3"
-#ax_optional = nickname=http://axschema.org/namePerson/friendly email=http://schema.openid.net/contact/email fullname=http://axschema.org/namePerson
-#sreg_optional = nickname email fullname
-
 [general]
 request_classifier = repoze.who.classifiers:default_request_classifier
-# challenge_decider = repoze.who.classifiers:default_challenge_decider
-challenge_decider = repoze.who.plugins.openid.classifiers:openid_challenge_decider
+challenge_decider = repoze.who.classifiers:default_challenge_decider
 
 [identifiers]
 plugins =
     friendlyform;browser
-    openid
     auth_tkt
 
 [authenticators]
 plugins =
     auth_tkt
-    ckan.lib.authenticator:OpenIDAuthenticator
     ckan.lib.authenticator:UsernamePasswordAuthenticator
 
 [challengers]
 plugins =
-    openid
     friendlyform;browser
 #   basicauth
 
diff --git a/ckan/controllers/user.py b/ckan/controllers/user.py
@@ -347,11 +347,6 @@ def login(self, error=None):
         if 'error' in request.params:
             h.flash_error(request.params['error'])
 
-        if request.environ['SCRIPT_NAME'] and g.openid_enabled:
-            # #1662 restriction
-            log.warn('Cannot mount CKAN at a URL and login with OpenID.')
-            g.openid_enabled = False
-
         if not c.user:
             came_from = request.params.get('came_from')
             if not came_from:
@@ -383,9 +378,6 @@ def logged_in(self):
             return self.me()
         else:
             err = _('Login failed. Bad username or password.')
-            if g.openid_enabled:
-                err += _(' (Or if using OpenID, it hasn\'t been associated '
-                         'with a user account.)')
             if h.asbool(config.get('ckan.legacy_templates', 'false')):
                 h.flash_error(err)
                 h.redirect_to(controller='user',

diff --git a/ckan/lib/app_globals.py b/ckan/lib/app_globals.py
@@ -55,7 +55,6 @@
     'ckan.plugins': {'type': 'split'},
 
     # bool
-    'openid_enabled': {'default': 'true', 'type' : 'bool'},
     'debug': {'default': 'false', 'type' : 'bool'},
     'ckan.debug_supress_header' : {'default': 'false', 'type' : 'bool'},
     'ckan.legacy_templates' : {'default': 'false', 'type' : 'bool'},

diff --git a/ckan/lib/authenticator.py b/ckan/lib/authenticator.py
@@ -3,23 +3,10 @@
 from zope.interface import implements
 from repoze.who.interfaces import IAuthenticator
 
-from ckan.model import User, Session
+from ckan.model import User
 
 log = logging.getLogger(__name__)
 
-class OpenIDAuthenticator(object):
-    implements(IAuthenticator)
-
-    def authenticate(self, environ, identity):
-        if 'repoze.who.plugins.openid.userid' in identity:
-            openid = identity['repoze.who.plugins.openid.userid']
-            user = User.by_openid(openid)
-            if user is None or not user.is_active():
-                return None
-            else:
-                return user.name
-        return None
-
 
 class UsernamePasswordAuthenticator(object):
     implements(IAuthenticator)
@@ -41,4 +28,3 @@ def authenticate(self, environ, identity):
             return user.name
 
         return None
-
diff --git a/ckan/lib/repoze_patch.py b/ckan/lib/repoze_patch.py