forked from lix-project/hydra
Remove Persona support
Persona is no longer supported by Mozilla, so let's remove it.
This commit is contained in:
parent
e0b2921ff2
commit
bbe45ed844
7 changed files with 14 additions and 71 deletions
|
@ -18,8 +18,7 @@ __PACKAGE__->config->{namespace} = '';
|
||||||
sub noLoginNeeded {
|
sub noLoginNeeded {
|
||||||
my ($c) = @_;
|
my ($c) = @_;
|
||||||
|
|
||||||
return $c->request->path eq "persona-login" ||
|
return $c->request->path eq "google-login" ||
|
||||||
$c->request->path eq "google-login" ||
|
|
||||||
$c->request->path eq "login" ||
|
$c->request->path eq "login" ||
|
||||||
$c->request->path eq "logo" ||
|
$c->request->path eq "logo" ||
|
||||||
$c->request->path =~ /^static\//;
|
$c->request->path =~ /^static\//;
|
||||||
|
|
|
@ -54,10 +54,10 @@ sub doEmailLogin {
|
||||||
# in URLs.
|
# in URLs.
|
||||||
die "Illegal email address.\n" unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
|
die "Illegal email address.\n" unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
|
||||||
|
|
||||||
# If persona_allowed_domains is set, check if the email address
|
# If allowed_domains is set, check if the email address
|
||||||
# returned is on these domains. When not configured, allow all
|
# returned is on these domains. When not configured, allow all
|
||||||
# domains.
|
# domains.
|
||||||
my $allowed_domains = $c->config->{persona_allowed_domains} || "";
|
my $allowed_domains = $c->config->{allowed_domains} // ($c->config->{persona_allowed_domains} // "");
|
||||||
if ($allowed_domains ne "") {
|
if ($allowed_domains ne "") {
|
||||||
my $email_ok = 0;
|
my $email_ok = 0;
|
||||||
my @domains = split ',', $allowed_domains;
|
my @domains = split ',', $allowed_domains;
|
||||||
|
@ -73,7 +73,7 @@ sub doEmailLogin {
|
||||||
my $user = $c->find_user({ username => $email });
|
my $user = $c->find_user({ username => $email });
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
# Automatically upgrade Persona accounts to Google accounts.
|
# Automatically upgrade legacy Persona accounts to Google accounts.
|
||||||
if ($user->type eq "persona" && $type eq "google") {
|
if ($user->type eq "persona" && $type eq "google") {
|
||||||
$user->update({type => "google"});
|
$user->update({type => "google"});
|
||||||
}
|
}
|
||||||
|
@ -97,29 +97,6 @@ sub doEmailLogin {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub persona_login :Path('/persona-login') Args(0) {
|
|
||||||
my ($self, $c) = @_;
|
|
||||||
requirePost($c);
|
|
||||||
|
|
||||||
error($c, "Logging in via Persona is not enabled.") unless $c->config->{enable_persona};
|
|
||||||
|
|
||||||
my $assertion = $c->stash->{params}->{assertion} or die;
|
|
||||||
|
|
||||||
my $ua = new LWP::UserAgent;
|
|
||||||
my $response = $ua->post(
|
|
||||||
'https://verifier.login.persona.org/verify',
|
|
||||||
{ assertion => $assertion,
|
|
||||||
audience => $c->uri_for('/')
|
|
||||||
});
|
|
||||||
error($c, "Did not get a response from Persona.") unless $response->is_success;
|
|
||||||
|
|
||||||
my $d = decode_json($response->decoded_content) or die;
|
|
||||||
error($c, "Persona says: $d->{reason}") if $d->{status} ne "okay";
|
|
||||||
|
|
||||||
doEmailLogin($self, $c, "persona", $d->{email}, undef);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub google_login :Path('/google-login') Args(0) {
|
sub google_login :Path('/google-login') Args(0) {
|
||||||
my ($self, $c) = @_;
|
my ($self, $c) = @_;
|
||||||
requirePost($c);
|
requirePost($c);
|
||||||
|
|
|
@ -4,10 +4,6 @@
|
||||||
<script src="https://apis.google.com/js/platform.js" async="1" defer="1"></script>
|
<script src="https://apis.google.com/js/platform.js" async="1" defer="1"></script>
|
||||||
[% END %]
|
[% END %]
|
||||||
|
|
||||||
[% IF c.user.type == 'persona' %]
|
|
||||||
<script src="https://login.persona.org/include.js"></script>
|
|
||||||
[% END %]
|
|
||||||
|
|
||||||
<script>
|
<script>
|
||||||
function finishSignOut() {
|
function finishSignOut() {
|
||||||
$.post("[% c.uri_for('/logout') %]")
|
$.post("[% c.uri_for('/logout') %]")
|
||||||
|
@ -77,9 +73,6 @@
|
||||||
[% IF c.config.enable_google_login %]
|
[% IF c.config.enable_google_login %]
|
||||||
$.getScript("https://apis.google.com/js/platform.js");
|
$.getScript("https://apis.google.com/js/platform.js");
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF c.config.enable_persona %]
|
|
||||||
$.getScript("https://login.persona.org/include.js");
|
|
||||||
[% END %]
|
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
@ -104,25 +97,4 @@
|
||||||
</script>
|
</script>
|
||||||
[% END %]
|
[% END %]
|
||||||
|
|
||||||
[% IF c.config.enable_persona %]
|
|
||||||
<script>
|
|
||||||
$("#persona-signin").click(function() {
|
|
||||||
|
|
||||||
navigator.id.watch({
|
|
||||||
onlogin: function(assertion) {
|
|
||||||
requestJSON({
|
|
||||||
url: "[% c.uri_for('/persona-login') %]",
|
|
||||||
data: "assertion=" + assertion,
|
|
||||||
type: 'POST',
|
|
||||||
success: function(data) { window.location.reload(); },
|
|
||||||
postError: function() { navigator.id.logout(); }
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
navigator.id.request({ siteName: 'Hydra' });
|
|
||||||
});
|
|
||||||
</script>
|
|
||||||
[% END %]
|
|
||||||
|
|
||||||
[% END %]
|
[% END %]
|
||||||
|
|
|
@ -104,8 +104,7 @@
|
||||||
<em><a href="http://nixos.org/hydra" target="_blank">Hydra</a> [% HTML.escape(version) %] (using [% HTML.escape(nixVersion) %]).</em>
|
<em><a href="http://nixos.org/hydra" target="_blank">Hydra</a> [% HTML.escape(version) %] (using [% HTML.escape(nixVersion) %]).</em>
|
||||||
[% IF c.user_exists %]
|
[% IF c.user_exists %]
|
||||||
You are signed in as <tt>[% HTML.escape(c.user.username) %]</tt>
|
You are signed in as <tt>[% HTML.escape(c.user.username) %]</tt>
|
||||||
[%- IF c.user.type == 'persona' %] via Persona
|
[%- IF c.user.type == 'google' %] via Google[% END %].
|
||||||
[%- ELSIF c.user.type == 'google' %] via Google[% END %].
|
|
||||||
[% END %]
|
[% END %]
|
||||||
</small>
|
</small>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -136,10 +136,6 @@
|
||||||
<li><a href="#" id="google-signin">Sign in with Google</a></li>
|
<li><a href="#" id="google-signin">Sign in with Google</a></li>
|
||||||
<li class="divider"></li>
|
<li class="divider"></li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF c.config.enable_persona %]
|
|
||||||
<li><a href="#" id="persona-signin">Sign in with Persona</a></li>
|
|
||||||
<li class="divider"></li>
|
|
||||||
[% END %]
|
|
||||||
<li>
|
<li>
|
||||||
<a href="#hydra-signin" data-toggle="modal">Sign in with a Hydra account</a>
|
<a href="#hydra-signin" data-toggle="modal">Sign in with a Hydra account</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -11,7 +11,7 @@ sub showHelp {
|
||||||
print <<EOF;
|
print <<EOF;
|
||||||
Usage: $0 NAME
|
Usage: $0 NAME
|
||||||
[--rename-from NAME]
|
[--rename-from NAME]
|
||||||
[--type hydra|persona]
|
[--type hydra|google]
|
||||||
[--full-name FULLNAME]
|
[--full-name FULLNAME]
|
||||||
[--email-address EMAIL-ADDRESS]
|
[--email-address EMAIL-ADDRESS]
|
||||||
[--password PASSWORD]
|
[--password PASSWORD]
|
||||||
|
@ -47,8 +47,8 @@ GetOptions("rename-from=s" => \$renameFrom,
|
||||||
die "$0: one user name required\n" if scalar @ARGV != 1;
|
die "$0: one user name required\n" if scalar @ARGV != 1;
|
||||||
my $userName = $ARGV[0];
|
my $userName = $ARGV[0];
|
||||||
|
|
||||||
die "$0: type must be `hydra' or `persona'\n"
|
die "$0: type must be `hydra' or `google'\n"
|
||||||
if defined $type && $type ne "hydra" && $type ne "persona";
|
if defined $type && $type ne "hydra" && $type ne "google";
|
||||||
|
|
||||||
my $db = Hydra::Model::DB->new();
|
my $db = Hydra::Model::DB->new();
|
||||||
|
|
||||||
|
@ -65,17 +65,17 @@ txn_do($db, sub {
|
||||||
{ username => $userName, type => "hydra", emailaddress => "", password => "!" });
|
{ username => $userName, type => "hydra", emailaddress => "", password => "!" });
|
||||||
}
|
}
|
||||||
|
|
||||||
die "$0: Persona user names must be email addresses\n"
|
die "$0: Google user names must be email addresses\n"
|
||||||
if $user->type eq "persona" && $userName !~ /\@/;
|
if $user->type eq "google" && $userName !~ /\@/;
|
||||||
|
|
||||||
$user->update({ type => $type }) if defined $type;
|
$user->update({ type => $type }) if defined $type;
|
||||||
|
|
||||||
$user->update({ fullname => $fullName eq "" ? undef : $fullName }) if defined $fullName;
|
$user->update({ fullname => $fullName eq "" ? undef : $fullName }) if defined $fullName;
|
||||||
|
|
||||||
if ($user->type eq "persona") {
|
if ($user->type eq "google") {
|
||||||
die "$0: Persona accounts do not have an explicitly set email address.\n"
|
die "$0: Google accounts do not have an explicitly set email address.\n"
|
||||||
if defined $emailAddress;
|
if defined $emailAddress;
|
||||||
die "$0: Persona accounts do not have a password.\n"
|
die "$0: Google accounts do not have a password.\n"
|
||||||
if defined $password;
|
if defined $password;
|
||||||
$user->update({ emailaddress => $userName, password => "!" });
|
$user->update({ emailaddress => $userName, password => "!" });
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -10,7 +10,7 @@ create table Users (
|
||||||
emailAddress text not null,
|
emailAddress text not null,
|
||||||
password text not null, -- sha256 hash
|
password text not null, -- sha256 hash
|
||||||
emailOnError integer not null default 0,
|
emailOnError integer not null default 0,
|
||||||
type text not null default 'hydra', -- either "hydra" or "persona"
|
type text not null default 'hydra', -- either "hydra" or "google"
|
||||||
publicDashboard boolean not null default false
|
publicDashboard boolean not null default false
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue