diff --git a/puppet/zulip/manifests/app_frontend.pp b/puppet/zulip/manifests/app_frontend.pp index 104508f030..da932c8b8e 100644 --- a/puppet/zulip/manifests/app_frontend.pp +++ b/puppet/zulip/manifests/app_frontend.pp @@ -11,7 +11,6 @@ class zulip::app_frontend { # Django dependencies "python-django", "python-django-guardian", - "python-django-auth-openid", "python-django-south", "python-django-pipeline", "python-django-bitfield", diff --git a/requirements.txt b/requirements.txt index b5ef0792c6..e9b3ae38d3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,8 +18,6 @@ diff-match-patch==20121119 django-auth-ldap==1.2.6 django-bitfield==1.8.0 git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69 -git+https://github.com/rwbarton/django-openid-auth.git -https://django-openid-consumer.googlecode.com/files/django-openid-consumer-0.1.1.tar.gz django-pipeline==1.2.2 docopt==0.4.0 enum34==1.0.4 @@ -47,7 +45,6 @@ pydns==2.3.6 pyflakes==0.9.1 pylibmc==1.4.3 python-ldap==2.4.19 -python-openid==2.2.5 pytz==2015.4 redis==2.10.3 requests==2.7.0 diff --git a/templates/openid_error.html b/templates/openid_error.html deleted file mode 100644 index 13d8cb65f1..0000000000 --- a/templates/openid_error.html +++ /dev/null @@ -1,15 +0,0 @@ -{% extends "zerver/portico.html" %} - -{% block for_you %} isn't feeling too good. {% endblock %} - -{% block portico_content %} - -
-

We couldn't validate your Google account

- -

You might want to try logging in via Google again - or log in with a username or password.

- -

If you'd like, you can also drop us a line to let us know what happened.

- -{% endblock %} diff --git a/zerver/middleware.py b/zerver/middleware.py index a1f4073d7d..5e49fef49a 100644 --- a/zerver/middleware.py +++ b/zerver/middleware.py @@ -93,7 +93,7 @@ def write_log_line(log_data, path, method, remote_ip, email, client_name, # because someone manually entered a nonexistant path), as UTF-8 chars make # statsd sad when it sends the key name over the socket statsd_path = statsd_path.encode('ascii', errors='ignore') - blacklisted_requests = ['do_confirm', 'accounts.login.openid', 'send_confirm', + blacklisted_requests = ['do_confirm', 'send_confirm', 'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads', 'password.reset', 'static', 'json.bots', 'json.users', 'json.streams', 'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots', diff --git a/zerver/openid.py b/zerver/openid.py deleted file mode 100644 index 4bb381cf96..0000000000 --- a/zerver/openid.py +++ /dev/null @@ -1,10 +0,0 @@ -from __future__ import absolute_import - -# Defer importing until later to avoid circular imports - -def openid_failure_handler(request, message, status=403, template_name=None, exception=None): - # We ignore template_name in this function - - from django_openid_auth.views import default_render_failure - - return default_render_failure(request, message, status=403, template_name="openid_error.html", exception=None) diff --git a/zerver/views/__init__.py b/zerver/views/__init__.py index 0fb0284ddb..0b862f903e 100644 --- a/zerver/views/__init__.py +++ b/zerver/views/__init__.py @@ -53,10 +53,7 @@ from zerver.lib.push_notifications import num_push_devices_for_user from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \ CreateUserForm, is_inactive, OurAuthenticationForm from django.views.decorators.csrf import csrf_exempt -from django_openid_auth.views import default_render_failure, login_complete from django_auth_ldap.backend import LDAPBackend, _LDAPUser -from openid.consumer.consumer import SUCCESS as openid_SUCCESS -from openid.extensions import ax from zerver.lib import bugdown from zerver.lib.alert_words import user_alert_words from zerver.lib.validator import check_string, check_list, check_dict, \ @@ -651,27 +648,6 @@ def remote_user_jwt(request): return login_or_register_remote_user(request, email, user_profile, remote_user) -def handle_openid_errors(request, issue, openid_response=None): - if issue == "Unknown user": - if openid_response is not None and openid_response.status == openid_SUCCESS: - ax_response = ax.FetchResponse.fromSuccessResponse(openid_response) - google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email') - try: - first_name = full_name = ax_response.get('http://axschema.org/namePerson/first')[0] - except KeyError: - first_name = None - try: - last_name = full_name = ax_response.get('http://axschema.org/namePerson/last')[0] - if first_name is not None: - full_name = first_name + " " + last_name - except KeyError: - pass - return maybe_send_to_registration(request, google_email, full_name=full_name) - return default_render_failure(request, issue) - -def process_openid_login(request): - return login_complete(request, render_failure=handle_openid_errors) - def google_oauth2_csrf(request, value): return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest() diff --git a/zproject/backends.py b/zproject/backends.py index 32b017a1c5..df22766e3c 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -9,7 +9,6 @@ from django_auth_ldap.backend import LDAPBackend from zerver.models import UserProfile, get_user_profile_by_id, \ get_user_profile_by_email, remote_user_to_email, email_to_username -from openid.consumer.consumer import SUCCESS from apiclient.sample_tools import client as googleapiclient from oauth2client.crypt import AppIdentityError @@ -110,29 +109,6 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin): else: return_data["valid_attestation"] = False -# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010) - -class GoogleBackend(ZulipAuthMixin): - def authenticate(self, openid_response): - if openid_response is None: - return None - if openid_response.status != SUCCESS: - return None - - google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email') - - try: - user_profile = get_user_profile_by_email(google_email) - except UserProfile.DoesNotExist: - # create a new user, or send a message to admins, etc. - return None - - if user_profile.is_mirror_dummy: - # mirror dummies can not login, but they can convert to real users - return None - - return user_profile - class ZulipRemoteUserBackend(RemoteUserBackend): create_unknown_user = False diff --git a/zproject/settings.py b/zproject/settings.py index 0897465091..49d0dc4ebe 100644 --- a/zproject/settings.py +++ b/zproject/settings.py @@ -13,7 +13,6 @@ import time import sys import ConfigParser -from zerver.openid import openid_failure_handler from zerver.lib.db import TimeTrackingConnection ######################################################################## @@ -163,7 +162,6 @@ INSTALLED_APPS = [ 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.staticfiles', - 'django_openid_auth', 'confirmation', 'guardian', 'pipeline', @@ -878,9 +876,6 @@ TEMPLATE_CONTEXT_PROCESSORS = ( ACCOUNT_ACTIVATION_DAYS=7 LOGIN_REDIRECT_URL='/' -OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id' -OPENID_CREATE_USERS = True -OPENID_RENDER_FAILURE = openid_failure_handler # Client-side polling timeout for get_events, in milliseconds. # We configure this here so that the client test suite can override it. diff --git a/zproject/urls.py b/zproject/urls.py index 52bb270206..5ed336d7ec 100644 --- a/zproject/urls.py +++ b/zproject/urls.py @@ -19,9 +19,6 @@ urlpatterns = patterns('', # want to require a new desktop app build for everyone in that case url(r'^desktop_home/$', 'zerver.views.desktop_home'), - url(r'^accounts/login/openid/$', 'django_openid_auth.views.login_begin', name='openid-login'), - url(r'^accounts/login/openid/done/$', 'zerver.views.process_openid_login', name='openid-complete'), - url(r'^accounts/login/openid/done/$', 'django_openid_auth.views.login_complete', name='openid-complete'), url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'), url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'), url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'),