Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove OpenID support #2058

merged 8 commits into from Nov 25, 2014
@@ -40,6 +40,8 @@ API changes and deprecations
can be changed in the ``Repoze.who`` settings detailed in the Config File
Options documentation (:ref:`who.httponly`).

* The OpenID login option has been removed and is no longer supported.

Template changes

@@ -116,21 +116,6 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf):
who_parser = WhoConfig(conf['here'])

if asbool(config.get('openid_enabled', 'true')):
from repoze.who.plugins.openid.identification import OpenIdIdentificationPlugin
# Monkey patches for repoze.who.openid
# Fixes #1659 - enable log-out when CKAN mounted at non-root URL
from ckan.lib import repoze_patch
OpenIdIdentificationPlugin.identify = repoze_patch.identify
OpenIdIdentificationPlugin.redirect_to_logged_in = repoze_patch.redirect_to_logged_in
OpenIdIdentificationPlugin._redirect_to_loginform = repoze_patch._redirect_to_loginform
OpenIdIdentificationPlugin.challenge = repoze_patch.challenge

who_parser.identifiers = [i for i in who_parser.identifiers if \
not isinstance(i, OpenIdIdentificationPlugin)]
who_parser.challengers = [i for i in who_parser.challengers if \
not isinstance(i, OpenIdIdentificationPlugin)]

app = PluggableAuthenticationMiddleware(app,
@@ -17,46 +17,22 @@ charset = utf-8
#use = repoze.who.plugins.basicauth:make_plugin
#realm = 'CKAN'

use = repoze.who.plugins.openid:make_identification_plugin
store = file
store_file_path = /tmp/sstore
#openid_field = openid
openid_field = openid_identifier
came_from_field = came_from
error_field = error
session_name = beaker.session
login_form_url = /user/login
login_handler_path = /login_openid
logout_handler_path = /user/logout
# important they go via here after login
logged_in_url = /user/logged_in
logged_out_url = /user/logged_out
rememberer_name = auth_tkt
# Not supported without an upgrade to "repoze.who.plugins.openid>=0.5.3"
#ax_optional = nickname= email= fullname=
#sreg_optional = nickname email fullname

request_classifier = repoze.who.classifiers:default_request_classifier
# challenge_decider = repoze.who.classifiers:default_challenge_decider
challenge_decider = repoze.who.plugins.openid.classifiers:openid_challenge_decider
challenge_decider = repoze.who.classifiers:default_challenge_decider

plugins =

plugins =

plugins =
# basicauth

@@ -347,11 +347,6 @@ def login(self, error=None):
if 'error' in request.params:

if request.environ['SCRIPT_NAME'] and g.openid_enabled:
# #1662 restriction
log.warn('Cannot mount CKAN at a URL and login with OpenID.')
g.openid_enabled = False

if not c.user:
came_from = request.params.get('came_from')
if not came_from:
@@ -383,9 +378,6 @@ def logged_in(self):
err = _('Login failed. Bad username or password.')
if g.openid_enabled:
err += _(' (Or if using OpenID, it hasn\'t been associated '
'with a user account.)')
if h.asbool(config.get('ckan.legacy_templates', 'false')):
@@ -55,7 +55,6 @@
'ckan.plugins': {'type': 'split'},

# bool
'openid_enabled': {'default': 'true', 'type' : 'bool'},
'debug': {'default': 'false', 'type' : 'bool'},
'ckan.debug_supress_header' : {'default': 'false', 'type' : 'bool'},
'ckan.legacy_templates' : {'default': 'false', 'type' : 'bool'},
@@ -3,23 +3,10 @@
from zope.interface import implements
from repoze.who.interfaces import IAuthenticator

from ckan.model import User, Session
from ckan.model import User

log = logging.getLogger(__name__)

class OpenIDAuthenticator(object):

def authenticate(self, environ, identity):
if 'repoze.who.plugins.openid.userid' in identity:
openid = identity['repoze.who.plugins.openid.userid']
user = User.by_openid(openid)
if user is None or not user.is_active():
return None
return None

class UsernamePasswordAuthenticator(object):
@@ -41,4 +28,3 @@ def authenticate(self, environ, identity):

return None

@@ -298,11 +298,10 @@ def _identify_user_default(self):
b) For API calls they may set a header with an API key.

# environ['REMOTE_USER'] is set by repoze.who if it authenticates
# a user's cookie or OpenID. But repoze.who doesn't check the user
# (still) exists in our database - we need to do that here. (Another
# way would be with an userid_checker, but that would mean another db
# access.
# environ['REMOTE_USER'] is set by repoze.who if it authenticates a
# user's cookie. But repoze.who doesn't check the user (still) exists
# in our database - we need to do that here. (Another way would be
# with an userid_checker, but that would mean another db access.
# See:\
# .plugins.sql )
c.user = request.environ.get('REMOTE_USER', '')

This file was deleted.

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.