Remove OpenID authentication

(imported from commit 70a859041a851ed10dc40cfc068330e472d2ed09)
This commit is contained in:
Reid Barton 2015-08-20 23:52:48 -07:00
parent e7dc77426a
commit ab9539cffe
9 changed files with 1 additions and 86 deletions

View File

@ -11,7 +11,6 @@ class zulip::app_frontend {
# Django dependencies # Django dependencies
"python-django", "python-django",
"python-django-guardian", "python-django-guardian",
"python-django-auth-openid",
"python-django-south", "python-django-south",
"python-django-pipeline", "python-django-pipeline",
"python-django-bitfield", "python-django-bitfield",

View File

@ -18,8 +18,6 @@ diff-match-patch==20121119
django-auth-ldap==1.2.6 django-auth-ldap==1.2.6
django-bitfield==1.8.0 django-bitfield==1.8.0
git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69 git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69
git+https://github.com/rwbarton/django-openid-auth.git
https://django-openid-consumer.googlecode.com/files/django-openid-consumer-0.1.1.tar.gz
django-pipeline==1.2.2 django-pipeline==1.2.2
docopt==0.4.0 docopt==0.4.0
enum34==1.0.4 enum34==1.0.4
@ -47,7 +45,6 @@ pydns==2.3.6
pyflakes==0.9.1 pyflakes==0.9.1
pylibmc==1.4.3 pylibmc==1.4.3
python-ldap==2.4.19 python-ldap==2.4.19
python-openid==2.2.5
pytz==2015.4 pytz==2015.4
redis==2.10.3 redis==2.10.3
requests==2.7.0 requests==2.7.0

View File

@ -1,15 +0,0 @@
{% extends "zerver/portico.html" %}
{% block for_you %} isn't feeling too good. {% endblock %}
{% block portico_content %}
<br/>
<p class="lead">We couldn't validate your Google account</p>
<p>You might want to <a href="{% url 'django_openid_auth.views.login_begin' %}">try logging in via Google again</a>
or <a href="{% url 'django.contrib.auth.views.login' %}">log in with a username or password.</a></p>
<p>If you'd like, you can also <a href="mailto:support@zulip.com?Subject=Error%20logging%20in%20with%20Google%20Apps&Body=Hi%20there%2C%0A%0AI%20encountered%20an%20error%20when%20attempting%20to%20log%20in%20with%20Google%20Apps%20on%20Zulip%20using%20my%20email%20address%20youremailgoeshere@yourdomain.example.com%0A%0AError%20message%3A%20%20{{ message|escape }}%0A%0ASincerely%2C%20%0A%0AYour%20name%20here">drop us a line</a> to let us know what happened.</p>
{% endblock %}

View File

@ -93,7 +93,7 @@ def write_log_line(log_data, path, method, remote_ip, email, client_name,
# because someone manually entered a nonexistant path), as UTF-8 chars make # because someone manually entered a nonexistant path), as UTF-8 chars make
# statsd sad when it sends the key name over the socket # statsd sad when it sends the key name over the socket
statsd_path = statsd_path.encode('ascii', errors='ignore') statsd_path = statsd_path.encode('ascii', errors='ignore')
blacklisted_requests = ['do_confirm', 'accounts.login.openid', 'send_confirm', blacklisted_requests = ['do_confirm', 'send_confirm',
'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads', 'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads',
'password.reset', 'static', 'json.bots', 'json.users', 'json.streams', 'password.reset', 'static', 'json.bots', 'json.users', 'json.streams',
'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots', 'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots',

View File

@ -1,10 +0,0 @@
from __future__ import absolute_import
# Defer importing until later to avoid circular imports
def openid_failure_handler(request, message, status=403, template_name=None, exception=None):
# We ignore template_name in this function
from django_openid_auth.views import default_render_failure
return default_render_failure(request, message, status=403, template_name="openid_error.html", exception=None)

View File

@ -53,10 +53,7 @@ from zerver.lib.push_notifications import num_push_devices_for_user
from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \ from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \
CreateUserForm, is_inactive, OurAuthenticationForm CreateUserForm, is_inactive, OurAuthenticationForm
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django_openid_auth.views import default_render_failure, login_complete
from django_auth_ldap.backend import LDAPBackend, _LDAPUser from django_auth_ldap.backend import LDAPBackend, _LDAPUser
from openid.consumer.consumer import SUCCESS as openid_SUCCESS
from openid.extensions import ax
from zerver.lib import bugdown from zerver.lib import bugdown
from zerver.lib.alert_words import user_alert_words from zerver.lib.alert_words import user_alert_words
from zerver.lib.validator import check_string, check_list, check_dict, \ from zerver.lib.validator import check_string, check_list, check_dict, \
@ -651,27 +648,6 @@ def remote_user_jwt(request):
return login_or_register_remote_user(request, email, user_profile, remote_user) return login_or_register_remote_user(request, email, user_profile, remote_user)
def handle_openid_errors(request, issue, openid_response=None):
if issue == "Unknown user":
if openid_response is not None and openid_response.status == openid_SUCCESS:
ax_response = ax.FetchResponse.fromSuccessResponse(openid_response)
google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
try:
first_name = full_name = ax_response.get('http://axschema.org/namePerson/first')[0]
except KeyError:
first_name = None
try:
last_name = full_name = ax_response.get('http://axschema.org/namePerson/last')[0]
if first_name is not None:
full_name = first_name + " " + last_name
except KeyError:
pass
return maybe_send_to_registration(request, google_email, full_name=full_name)
return default_render_failure(request, issue)
def process_openid_login(request):
return login_complete(request, render_failure=handle_openid_errors)
def google_oauth2_csrf(request, value): def google_oauth2_csrf(request, value):
return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest() return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest()

View File

@ -9,7 +9,6 @@ from django_auth_ldap.backend import LDAPBackend
from zerver.models import UserProfile, get_user_profile_by_id, \ from zerver.models import UserProfile, get_user_profile_by_id, \
get_user_profile_by_email, remote_user_to_email, email_to_username get_user_profile_by_email, remote_user_to_email, email_to_username
from openid.consumer.consumer import SUCCESS
from apiclient.sample_tools import client as googleapiclient from apiclient.sample_tools import client as googleapiclient
from oauth2client.crypt import AppIdentityError from oauth2client.crypt import AppIdentityError
@ -110,29 +109,6 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
else: else:
return_data["valid_attestation"] = False return_data["valid_attestation"] = False
# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)
class GoogleBackend(ZulipAuthMixin):
def authenticate(self, openid_response):
if openid_response is None:
return None
if openid_response.status != SUCCESS:
return None
google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
try:
user_profile = get_user_profile_by_email(google_email)
except UserProfile.DoesNotExist:
# create a new user, or send a message to admins, etc.
return None
if user_profile.is_mirror_dummy:
# mirror dummies can not login, but they can convert to real users
return None
return user_profile
class ZulipRemoteUserBackend(RemoteUserBackend): class ZulipRemoteUserBackend(RemoteUserBackend):
create_unknown_user = False create_unknown_user = False

View File

@ -13,7 +13,6 @@ import time
import sys import sys
import ConfigParser import ConfigParser
from zerver.openid import openid_failure_handler
from zerver.lib.db import TimeTrackingConnection from zerver.lib.db import TimeTrackingConnection
######################################################################## ########################################################################
@ -163,7 +162,6 @@ INSTALLED_APPS = [
'django.contrib.sessions', 'django.contrib.sessions',
'django.contrib.sites', 'django.contrib.sites',
'django.contrib.staticfiles', 'django.contrib.staticfiles',
'django_openid_auth',
'confirmation', 'confirmation',
'guardian', 'guardian',
'pipeline', 'pipeline',
@ -878,9 +876,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
ACCOUNT_ACTIVATION_DAYS=7 ACCOUNT_ACTIVATION_DAYS=7
LOGIN_REDIRECT_URL='/' LOGIN_REDIRECT_URL='/'
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
OPENID_CREATE_USERS = True
OPENID_RENDER_FAILURE = openid_failure_handler
# Client-side polling timeout for get_events, in milliseconds. # Client-side polling timeout for get_events, in milliseconds.
# We configure this here so that the client test suite can override it. # We configure this here so that the client test suite can override it.

View File

@ -19,9 +19,6 @@ urlpatterns = patterns('',
# want to require a new desktop app build for everyone in that case # want to require a new desktop app build for everyone in that case
url(r'^desktop_home/$', 'zerver.views.desktop_home'), url(r'^desktop_home/$', 'zerver.views.desktop_home'),
url(r'^accounts/login/openid/$', 'django_openid_auth.views.login_begin', name='openid-login'),
url(r'^accounts/login/openid/done/$', 'zerver.views.process_openid_login', name='openid-complete'),
url(r'^accounts/login/openid/done/$', 'django_openid_auth.views.login_complete', name='openid-complete'),
url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'), url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'),
url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'), url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'),
url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'), url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'),