Remove OpenID authentication

(imported from commit 70a859041a851ed10dc40cfc068330e472d2ed09)
2025-11-03 21:43:21 +00:00 · 2015-08-20 23:52:48 -07:00
parent e7dc77426a
commit ab9539cffe
9 changed files with 1 additions and 86 deletions
--- a/puppet/zulip/manifests/app_frontend.pp
+++ b/puppet/zulip/manifests/app_frontend.pp
@@ -11,7 +11,6 @@ class zulip::app_frontend {
                    # Django dependencies
                    "python-django",
                    "python-django-guardian",
                    "python-django-auth-openid",
                    "python-django-south",
                    "python-django-pipeline",
                    "python-django-bitfield",
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,8 +18,6 @@ diff-match-patch==20121119
 django-auth-ldap==1.2.6
 django-bitfield==1.8.0
 git+https://github.com/rwbarton/django-guardian.git@caf9f0c8c035feb3dff5542fb042dd13126cdd69
 git+https://github.com/rwbarton/django-openid-auth.git
 https://django-openid-consumer.googlecode.com/files/django-openid-consumer-0.1.1.tar.gz
 django-pipeline==1.2.2
 docopt==0.4.0
 enum34==1.0.4
@@ -47,7 +45,6 @@ pydns==2.3.6
 pyflakes==0.9.1
 pylibmc==1.4.3
 python-ldap==2.4.19
 python-openid==2.2.5
 pytz==2015.4
 redis==2.10.3
 requests==2.7.0
--- a/templates/openid_error.html
+++ b/templates/openid_error.html
@@ -1,15 +0,0 @@
 {% extends "zerver/portico.html" %}
 {% block for_you %} isn't feeling too good. {% endblock %}
 {% block portico_content %}
 <br/>
 <p class="lead">We couldn't validate your Google account</p>
 <p>You might want to <a href="{% url 'django_openid_auth.views.login_begin' %}">try logging in via Google again</a>
  or <a href="{% url 'django.contrib.auth.views.login' %}">log in with a username or password.</a></p>
 <p>If you'd like, you can also <a href="mailto:support@zulip.com?Subject=Error%20logging%20in%20with%20Google%20Apps&Body=Hi%20there%2C%0A%0AI%20encountered%20an%20error%20when%20attempting%20to%20log%20in%20with%20Google%20Apps%20on%20Zulip%20using%20my%20email%20address%20youremailgoeshere@yourdomain.example.com%0A%0AError%20message%3A%20%20{{ message|escape }}%0A%0ASincerely%2C%20%0A%0AYour%20name%20here">drop us a line</a> to let us know what happened.</p>
 {% endblock %}
--- a/zerver/middleware.py
+++ b/zerver/middleware.py
@@ -93,7 +93,7 @@ def write_log_line(log_data, path, method, remote_ip, email, client_name,
        # because someone manually entered a nonexistant path), as UTF-8 chars make
        # statsd sad when it sends the key name over the socket
        statsd_path = statsd_path.encode('ascii', errors='ignore')
-    blacklisted_requests = ['do_confirm', 'accounts.login.openid', 'send_confirm',
+    blacklisted_requests = ['do_confirm', 'send_confirm',
                            'eventslast_event_id', 'webreq.content', 'avatar', 'user_uploads',
                            'password.reset', 'static', 'json.bots', 'json.users', 'json.streams',
                            'accounts.unsubscribe', 'apple-touch-icon', 'emoji', 'json.bots',
--- a/zerver/openid.py
+++ b/zerver/openid.py
@@ -1,10 +0,0 @@
 from __future__ import absolute_import
 # Defer importing until later to avoid circular imports
 def openid_failure_handler(request, message, status=403, template_name=None, exception=None):
    # We ignore template_name in this function
    from django_openid_auth.views import default_render_failure
    return default_render_failure(request, message, status=403, template_name="openid_error.html", exception=None)
--- a/zerver/views/init.py
+++ b/zerver/views/init.py
@@ -53,10 +53,7 @@ from zerver.lib.push_notifications import num_push_devices_for_user
 from zerver.forms import RegistrationForm, HomepageForm, ToSForm, \
    CreateUserForm, is_inactive, OurAuthenticationForm
 from django.views.decorators.csrf import csrf_exempt
 from django_openid_auth.views import default_render_failure, login_complete
 from django_auth_ldap.backend import LDAPBackend, _LDAPUser
 from openid.consumer.consumer import SUCCESS as openid_SUCCESS
 from openid.extensions import ax
 from zerver.lib import bugdown
 from zerver.lib.alert_words import user_alert_words
 from zerver.lib.validator import check_string, check_list, check_dict, \
@@ -651,27 +648,6 @@ def remote_user_jwt(request):
    return login_or_register_remote_user(request, email, user_profile, remote_user)
 def handle_openid_errors(request, issue, openid_response=None):
    if issue == "Unknown user":
        if openid_response is not None and openid_response.status == openid_SUCCESS:
            ax_response = ax.FetchResponse.fromSuccessResponse(openid_response)
            google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
            try:
                first_name = full_name = ax_response.get('http://axschema.org/namePerson/first')[0]
            except KeyError:
                first_name = None
            try:
                last_name = full_name = ax_response.get('http://axschema.org/namePerson/last')[0]
                if first_name is not None:
                    full_name = first_name + " " + last_name
            except KeyError:
                pass
            return maybe_send_to_registration(request, google_email, full_name=full_name)
    return default_render_failure(request, issue)
 def process_openid_login(request):
    return login_complete(request, render_failure=handle_openid_errors)
 def google_oauth2_csrf(request, value):
    return hmac.new(get_token(request).encode('utf-8'), value, hashlib.sha256).hexdigest()
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -9,7 +9,6 @@ from django_auth_ldap.backend import LDAPBackend
 from zerver.models import UserProfile, get_user_profile_by_id, \
    get_user_profile_by_email, remote_user_to_email, email_to_username
 from openid.consumer.consumer import SUCCESS
 from apiclient.sample_tools import client as googleapiclient
 from oauth2client.crypt import AppIdentityError
@@ -110,29 +109,6 @@ class GoogleMobileOauth2Backend(ZulipAuthMixin):
        else:
            return_data["valid_attestation"] = False
 # Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)
 class GoogleBackend(ZulipAuthMixin):
    def authenticate(self, openid_response):
        if openid_response is None:
            return None
        if openid_response.status != SUCCESS:
            return None
        google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
        try:
            user_profile = get_user_profile_by_email(google_email)
        except UserProfile.DoesNotExist:
            # create a new user, or send a message to admins, etc.
            return None
        if user_profile.is_mirror_dummy:
            # mirror dummies can not login, but they can convert to real users
            return None
        return user_profile
 class ZulipRemoteUserBackend(RemoteUserBackend):
    create_unknown_user = False
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -13,7 +13,6 @@ import time
 import sys
 import ConfigParser
 from zerver.openid import openid_failure_handler
 from zerver.lib.db import TimeTrackingConnection
 ########################################################################
@@ -163,7 +162,6 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.staticfiles',
    'django_openid_auth',
    'confirmation',
    'guardian',
    'pipeline',
@@ -878,9 +876,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
 ACCOUNT_ACTIVATION_DAYS=7
 LOGIN_REDIRECT_URL='/'
 OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
 OPENID_CREATE_USERS = True
 OPENID_RENDER_FAILURE = openid_failure_handler
 # Client-side polling timeout for get_events, in milliseconds.
 # We configure this here so that the client test suite can override it.
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -19,9 +19,6 @@ urlpatterns = patterns('',
    # want to require a new desktop app build for everyone in that case
    url(r'^desktop_home/$', 'zerver.views.desktop_home'),
    url(r'^accounts/login/openid/$', 'django_openid_auth.views.login_begin', name='openid-login'),
    url(r'^accounts/login/openid/done/$', 'zerver.views.process_openid_login', name='openid-complete'),
    url(r'^accounts/login/openid/done/$', 'django_openid_auth.views.login_complete', name='openid-complete'),
    url(r'^accounts/login/sso/$', 'zerver.views.remote_user_sso', name='login-sso'),
    url(r'^accounts/login/jwt/$', 'zerver.views.remote_user_jwt', name='login-jwt'),
    url(r'^accounts/login/google/$', 'zerver.views.start_google_oauth2'),