mirror of https://github.com/zulip/zulip.git
Remove OpenID authentication
(imported from commit 70a859041a851ed10dc40cfc068330e472d2ed09)
This commit is contained in:
parent
e7dc77426a
commit
ab9539cffe
|
@ -11,7 +11,6 @@ class zulip::app_frontend {
|
||||||
# Django dependencies
|
# Django dependencies
|
||||||
"python-django",
|
"python-django",
|
||||||
"python-django-guardian",
|
"python-django-guardian",
|
||||||
"python-django-auth-openid",
|
|
||||||
"python-django-south",
|
"python-django-south",
|
||||||
"python-django-pipeline",
|
"python-django-pipeline",
|
||||||
"python-django-bitfield",
|
"python-django-bitfield",
|
||||||
|
|
|
@ -18,8 +18,6 @@ diff-match-patch==20121119
|
||||||
django-auth-ldap==1.2.6
|
django-auth-ldap==1.2.6
|
||||||
django-bitfield==1.8.0
|
django-bitfield==1.8.0
|
||||||
git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69
|
git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69
|
||||||
git+https://github.com/rwbarton/django-openid-auth.git
|
|
||||||
https://django-openid-consumer.googlecode.com/files/django-openid-consumer-0.1.1.tar.gz
|
|
||||||
django-pipeline==1.2.2
|
django-pipeline==1.2.2
|
||||||
docopt==0.4.0
|
docopt==0.4.0
|
||||||
enum34==1.0.4
|
enum34==1.0.4
|
||||||
|
@ -47,7 +45,6 @@ pydns==2.3.6
|
||||||
pyflakes==0.9.1
|
pyflakes==0.9.1
|
||||||
pylibmc==1.4.3
|
pylibmc==1.4.3
|
||||||
python-ldap==2.4.19
|
python-ldap==2.4.19
|
||||||
python-openid==2.2.5
|
|
||||||
pytz==2015.4
|
pytz==2015.4
|
||||||
redis==2.10.3
|
redis==2.10.3
|
||||||
requests==2.7.0
|
requests==2.7.0
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{% extends "zerver/portico.html" %}
|
|
||||||
|
|
||||||
{% block for_you %} isn't feeling too good. {% endblock %}
|
|
||||||
|
|
||||||
{% block portico_content %}
|
|
||||||
|
|
||||||
<br/>
|
|
||||||
<p class="lead">We couldn't validate your Google account</p>
|
|
||||||
|
|
||||||
<p>You might want to <a href="{% url 'django_openid_auth.views.login_begin' %}">try logging in via Google again</a>
|
|
||||||
or <a href="{% url 'django.contrib.auth.views.login' %}">log in with a username or password.</a></p>
|
|
||||||
|
|
||||||
<p>If you'd like, you can also <a href="mailto:support@zulip.com?Subject=Error%20logging%20in%20with%20Google%20Apps&Body=Hi%20there%2C%0A%0AI%20encountered%20an%20error%20when%20attempting%20to%20log%20in%20with%20Google%20Apps%20on%20Zulip%20using%20my%20email%20address%20youremailgoeshere@yourdomain.example.com%0A%0AError%20message%3A%20%20{{ message|escape }}%0A%0ASincerely%2C%20%0A%0AYour%20name%20here">drop us a line</a> to let us know what happened.</p>
|
|
||||||
|
|
||||||
{% endblock %}
|
|
|
@ -93,7 +93,7 @@ def write_log_line(log_data, path, method, remote_ip, email, client_name,
|
||||||
# because someone manually entered a nonexistant path), as UTF-8 chars make
|
# because someone manually entered a nonexistant path), as UTF-8 chars make
|
||||||
# statsd sad when it sends the key name over the socket
|
# statsd sad when it sends the key name over the socket
|
||||||
statsd_path = statsd_path.encode('ascii', errors='ignore')
|
statsd_path = statsd_path.encode('ascii', errors='ignore')
|
||||||
blacklisted_requests = ['do_confirm', 'accounts.login.openid', 'send_confirm',
|
blacklisted_requests = ['do_confirm', 'send_confirm',
|
||||||
'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads',
|
'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads',
|
||||||
'password.reset', 'static', 'json.bots', 'json.users', 'json.streams',
|
'password.reset', 'static', 'json.bots', 'json.users', 'json.streams',
|
||||||
'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots',
|
'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots',
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
from __future__ import absolute_import
|
|
||||||
|
|
||||||
# Defer importing until later to avoid circular imports
|
|
||||||
|
|
||||||
def openid_failure_handler(request, message, status=403, template_name=None, exception=None):
|
|
||||||
# We ignore template_name in this function
|
|
||||||
|
|
||||||
from django_openid_auth.views import default_render_failure
|
|
||||||
|
|
||||||
return default_render_failure(request, message, status=403, template_name="openid_error.html", exception=None)
|
|
|
@ -53,10 +53,7 @@ from zerver.lib.push_notifications import num_push_devices_for_user
|
||||||
from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \
|
from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \
|
||||||
CreateUserForm, is_inactive, OurAuthenticationForm
|
CreateUserForm, is_inactive, OurAuthenticationForm
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
from django_openid_auth.views import default_render_failure, login_complete
|
|
||||||
from django_auth_ldap.backend import LDAPBackend, _LDAPUser
|
from django_auth_ldap.backend import LDAPBackend, _LDAPUser
|
||||||
from openid.consumer.consumer import SUCCESS as openid_SUCCESS
|
|
||||||
from openid.extensions import ax
|
|
||||||
from zerver.lib import bugdown
|
from zerver.lib import bugdown
|
||||||
from zerver.lib.alert_words import user_alert_words
|
from zerver.lib.alert_words import user_alert_words
|
||||||
from zerver.lib.validator import check_string, check_list, check_dict, \
|
from zerver.lib.validator import check_string, check_list, check_dict, \
|
||||||
|
@ -651,27 +648,6 @@ def remote_user_jwt(request):
|
||||||
|
|
||||||
return login_or_register_remote_user(request, email, user_profile, remote_user)
|
return login_or_register_remote_user(request, email, user_profile, remote_user)
|
||||||
|
|
||||||
def handle_openid_errors(request, issue, openid_response=None):
|
|
||||||
if issue == "Unknown user":
|
|
||||||
if openid_response is not None and openid_response.status == openid_SUCCESS:
|
|
||||||
ax_response = ax.FetchResponse.fromSuccessResponse(openid_response)
|
|
||||||
google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
|
|
||||||
try:
|
|
||||||
first_name = full_name = ax_response.get('http://axschema.org/namePerson/first')[0]
|
|
||||||
except KeyError:
|
|
||||||
first_name = None
|
|
||||||
try:
|
|
||||||
last_name = full_name = ax_response.get('http://axschema.org/namePerson/last')[0]
|
|
||||||
if first_name is not None:
|
|
||||||
full_name = first_name + " " + last_name
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
return maybe_send_to_registration(request, google_email, full_name=full_name)
|
|
||||||
return default_render_failure(request, issue)
|
|
||||||
|
|
||||||
def process_openid_login(request):
|
|
||||||
return login_complete(request, render_failure=handle_openid_errors)
|
|
||||||
|
|
||||||
def google_oauth2_csrf(request, value):
|
def google_oauth2_csrf(request, value):
|
||||||
return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest()
|
return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest()
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,6 @@ from django_auth_ldap.backend import LDAPBackend
|
||||||
from zerver.models import UserProfile, get_user_profile_by_id, \
|
from zerver.models import UserProfile, get_user_profile_by_id, \
|
||||||
get_user_profile_by_email, remote_user_to_email, email_to_username
|
get_user_profile_by_email, remote_user_to_email, email_to_username
|
||||||
|
|
||||||
from openid.consumer.consumer import SUCCESS
|
|
||||||
from apiclient.sample_tools import client as googleapiclient
|
from apiclient.sample_tools import client as googleapiclient
|
||||||
from oauth2client.crypt import AppIdentityError
|
from oauth2client.crypt import AppIdentityError
|
||||||
|
|
||||||
|
@ -110,29 +109,6 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
|
||||||
else:
|
else:
|
||||||
return_data["valid_attestation"] = False
|
return_data["valid_attestation"] = False
|
||||||
|
|
||||||
# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)
|
|
||||||
|
|
||||||
class GoogleBackend(ZulipAuthMixin):
|
|
||||||
def authenticate(self, openid_response):
|
|
||||||
if openid_response is None:
|
|
||||||
return None
|
|
||||||
if openid_response.status != SUCCESS:
|
|
||||||
return None
|
|
||||||
|
|
||||||
google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
|
|
||||||
|
|
||||||
try:
|
|
||||||
user_profile = get_user_profile_by_email(google_email)
|
|
||||||
except UserProfile.DoesNotExist:
|
|
||||||
# create a new user, or send a message to admins, etc.
|
|
||||||
return None
|
|
||||||
|
|
||||||
if user_profile.is_mirror_dummy:
|
|
||||||
# mirror dummies can not login, but they can convert to real users
|
|
||||||
return None
|
|
||||||
|
|
||||||
return user_profile
|
|
||||||
|
|
||||||
class ZulipRemoteUserBackend(RemoteUserBackend):
|
class ZulipRemoteUserBackend(RemoteUserBackend):
|
||||||
create_unknown_user = False
|
create_unknown_user = False
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,6 @@ import time
|
||||||
import sys
|
import sys
|
||||||
import ConfigParser
|
import ConfigParser
|
||||||
|
|
||||||
from zerver.openid import openid_failure_handler
|
|
||||||
from zerver.lib.db import TimeTrackingConnection
|
from zerver.lib.db import TimeTrackingConnection
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
|
@ -163,7 +162,6 @@ INSTALLED_APPS = [
|
||||||
'django.contrib.sessions',
|
'django.contrib.sessions',
|
||||||
'django.contrib.sites',
|
'django.contrib.sites',
|
||||||
'django.contrib.staticfiles',
|
'django.contrib.staticfiles',
|
||||||
'django_openid_auth',
|
|
||||||
'confirmation',
|
'confirmation',
|
||||||
'guardian',
|
'guardian',
|
||||||
'pipeline',
|
'pipeline',
|
||||||
|
@ -878,9 +876,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
|
||||||
ACCOUNT_ACTIVATION_DAYS=7
|
ACCOUNT_ACTIVATION_DAYS=7
|
||||||
|
|
||||||
LOGIN_REDIRECT_URL='/'
|
LOGIN_REDIRECT_URL='/'
|
||||||
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
|
|
||||||
OPENID_CREATE_USERS = True
|
|
||||||
OPENID_RENDER_FAILURE = openid_failure_handler
|
|
||||||
|
|
||||||
# Client-side polling timeout for get_events, in milliseconds.
|
# Client-side polling timeout for get_events, in milliseconds.
|
||||||
# We configure this here so that the client test suite can override it.
|
# We configure this here so that the client test suite can override it.
|
||||||
|
|
|
@ -19,9 +19,6 @@ urlpatterns = patterns('',
|
||||||
# want to require a new desktop app build for everyone in that case
|
# want to require a new desktop app build for everyone in that case
|
||||||
url(r'^desktop_home/$', 'zerver.views.desktop_home'),
|
url(r'^desktop_home/$', 'zerver.views.desktop_home'),
|
||||||
|
|
||||||
url(r'^accounts/login/openid/$', 'django_openid_auth.views.login_begin', name='openid-login'),
|
|
||||||
url(r'^accounts/login/openid/done/$', 'zerver.views.process_openid_login', name='openid-complete'),
|
|
||||||
url(r'^accounts/login/openid/done/$', 'django_openid_auth.views.login_complete', name='openid-complete'),
|
|
||||||
url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'),
|
url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'),
|
||||||
url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'),
|
url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'),
|
||||||
url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'),
|
url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'),
|
||||||
|
|
Loading…
Reference in New Issue