+++ /dev/null
-[%# This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- #
- # This Source Code Form is "Incompatible With Secondary Licenses", as
- # defined by the Mozilla Public License, v. 2.0.
- #%]
-
-[% PROCESS global/header.html.tmpl
- title = "Persona Deprecated"
-%]
-
-<h2>Persona Deprecated</h2>
-
-<p>
- Beginning on October 25th, 2016, <a href="https://login.persona.org">Persona</a> is no longer a supported authentication method
- for bugzilla.mozilla.org (BMO). The Mozilla supported Persona service will cease operations on November 30th, 2016 so therefore
- BMO will not longer be able to use the service for authentication. You can go
- <a href="https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers">here</a> for more information about Persona
- and the reasons for shutting down service.
-</p>
-
-<p>
- For users of Persona on BMO, there are two other methods for authentication that are supported and you will need to switch
- over to one of them after your current session expires starting October 25th, 2016.
-</p>
-
-<h3>Native Login</h3>
-
-<p>
- BMO has always supported native authentication using a password securely stored in our database. If you have used Persona since
- first creating your BMO account, you will probably not know this password. But you can reset it to something you do know by first
- logging out, and then clicking on 'Forgot Password' at the right-hand top of the page. Enter your email you used with Persona in
- the text field and click 'Reset Password'.
-</p>
-
-<p>
- You will receive an email with a link you can use to reset your current password to something you can use from now on.
- After you reset your password, simply enter your login and the password in the login fields at the top of any BMO page.
-</p>
-
-<h3>Github Login</h3>
-
-<p>
- <a href="https://github.com">Github</a> is also a BMO supported method of authentication. To use Github, first log out and then
- click 'Login' at the top of any BMO page and then click on the 'Github' login image. You will need to have a Github account that
- has an email address the same as the Persona email you were using, otherwise a different BMO account will be created. You will
- be able to choose the email address you want to use for BMO if you have more than one configured in your Github profile. If none
- of the email addresses you have configured in Github match what you were using for Persona, native login described above may be
- your best choice if you want to retain your BMO data.
-</p>
-
-[% PROCESS global/footer.html.tmpl %]
my $user_info_class = first { $_->{name} eq 'user_info_class' } @$auth_panel_params;
if ($user_info_class) {
- push @{ $user_info_class->{choices} }, "GitHubAuth,CGI", "Persona,GitHubAuth,CGI";
+ push @{ $user_info_class->{choices} }, "GitHubAuth,CGI";
}
my $user_verify_class = first { $_->{name} eq 'user_verify_class' } @$auth_panel_params;
+++ /dev/null
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Extension::Persona;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use constant NAME => 'Persona';
-
-use constant REQUIRED_MODULES => [
- {
- package => 'JSON',
- module => 'JSON',
- version => 0,
- },
-];
-
-use constant OPTIONAL_MODULES => [
-];
-
-__PACKAGE__->NAME;
+++ /dev/null
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Extension::Persona;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use base qw(Bugzilla::Extension);
-
-use Bugzilla::Config qw(SetParam write_params);
-
-our $VERSION = '0.01';
-
-sub install_update_db {
- # The extension changed from BrowserID to Persona
- # so we need to update user_info_class if this system
- # was using BrowserID for verification.
- my $params = Bugzilla->params || Bugzilla::Config::read_param_file();
- my $user_info_class = $params->{'user_info_class'};
- if ($user_info_class =~ /BrowserID/) {
- $user_info_class =~ s/BrowserID/Persona/;
- SetParam('user_info_class', $user_info_class);
- write_params();
- }
-}
-
-sub auth_login_methods {
- my ($self, $args) = @_;
- my $modules = $args->{'modules'};
- if (exists($modules->{'Persona'})) {
- $modules->{'Persona'} = 'Bugzilla/Extension/Persona/Login.pm';
- }
-}
-
-sub config_modify_panels {
- my ($self, $args) = @_;
- my $panels = $args->{'panels'};
- my $auth_panel_params = $panels->{'auth'}->{'params'};
-
- my ($user_info_class) =
- grep { $_->{'name'} eq 'user_info_class' } @$auth_panel_params;
-
- if ($user_info_class) {
- push(@{ $user_info_class->{'choices'} }, "Persona,CGI");
- }
-
- # The extension changed from BrowserID to Persona
- # so we need to retain the current values for the new
- # params that will be created.
- my $params = Bugzilla->params || Bugzilla::Config::read_param_file();
- my $verify_url = $params->{'browserid_verify_url'};
- my $includejs_url = $params->{'browserid_includejs_url'};
- if ($verify_url && $includejs_url) {
- foreach my $param (@{ $panels->{'persona'}->{'params'} }) {
- if ($param->{'name'} eq 'persona_verify_url') {
- $param->{'default'} = $verify_url;
- }
- if ($param->{'name'} eq 'persona_includejs_url') {
- $param->{'default'} = $includejs_url;
- }
- }
- }
-}
-
-sub attachment_should_redirect_login {
- my ($self, $args) = @_;
- my $cgi = Bugzilla->cgi;
-
- if ($cgi->param("persona_assertion")) {
- ${$args->{do_redirect}} = 1;
- }
-}
-
-sub config_add_panels {
- my ($self, $args) = @_;
- my $modules = $args->{panel_modules};
- $modules->{Persona} = "Bugzilla::Extension::Persona::Config";
-}
-
-__PACKAGE__->NAME;
+++ /dev/null
-ToDo:
-
-* Cache the LWP::UserAgent in Login.pm?
-
-* Fix Bugzilla::Auth::Login::Stack to allow failure part way down the chain
- (currently, it seems that both CGI and BrowserID have to be last in order
- to report login failures correctly.)
-
-* JS inclusions noticeably slow page load. Do we want a local copy of
- browserid.js? Do the browserid folks object to that? How can we get good
- performance? How can we avoid including it in every logged-in page? Can we
- do demand loading onclick, and/or load-on-reveal?
-
-* Fix -8px margin-bottom hack in login-small-additional_methods.html.tmpl
-
-
-
-
-
+++ /dev/null
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Extension::Persona::Config;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use Bugzilla::Config::Common;
-
-our $sortkey = 1350;
-
-sub get_param_list {
- my ($class) = @_;
-
- my @param_list = (
- {
- name => 'persona_verify_url',
- type => 't',
- default => 'https://verifier.login.persona.org/verify',
- },
- {
- name => 'persona_includejs_url',
- type => 't',
- default => 'https://login.persona.org/include.js',
- },
- {
- name => 'persona_proxy_url',
- type => 't',
- default => '',
- },
- );
-
- return @param_list;
-}
-
-1;
+++ /dev/null
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Extension::Persona::Login;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use base qw(Bugzilla::Auth::Login);
-
-use Bugzilla::Constants;
-use Bugzilla::Util;
-use Bugzilla::Error;
-use Bugzilla::Token;
-
-use JSON;
-use LWP::UserAgent;
-
-use constant requires_verification => 0;
-use constant is_automatic => 1;
-use constant user_can_create_account => 1;
-
-sub get_login_info {
- my ($self) = @_;
-
- my $cgi = Bugzilla->cgi;
-
- my $assertion = $cgi->param("persona_assertion");
- # Avoid the assertion being copied into any 'echoes' of the current URL
- # in the page.
- $cgi->delete('persona_assertion');
-
- if (!$assertion || !Bugzilla->params->{persona_verify_url}) {
- return { failure => AUTH_NODATA };
- }
-
- my $token = $cgi->param("token");
- $cgi->delete('token');
- check_hash_token($token, ['login']);
-
- my $urlbase = new URI(Bugzilla->localconfig->{urlbase});
- my $audience = $urlbase->scheme . "://" . $urlbase->host_port;
-
- my $ua = new LWP::UserAgent( timeout => 10 );
- if (Bugzilla->params->{persona_proxy_url}) {
- $ua->proxy('https', Bugzilla->params->{persona_proxy_url});
- }
-
- my $response = $ua->post(Bugzilla->params->{persona_verify_url},
- [ assertion => $assertion,
- audience => $audience ]);
- if ($response->is_error) {
- return { failure => AUTH_ERROR,
- user_error => 'persona_server_fail',
- details => { reason => $response->message }};
- }
-
- my $info;
- eval {
- $info = decode_json($response->decoded_content());
- };
- if ($@) {
- return { failure => AUTH_ERROR,
- user_error => 'persona_server_fail',
- details => { reason => 'Received a malformed response.' }};
- }
- if ($info->{'status'} eq 'failure') {
- return { failure => AUTH_ERROR,
- user_error => 'persona_server_fail',
- details => { reason => $info->{reason} }};
- }
-
- if ($info->{'status'} eq "okay" &&
- $info->{'audience'} eq $audience &&
- ($info->{'expires'} / 1000) > time())
- {
- my $login_data = {
- 'username' => $info->{'email'}
- };
-
- my $result = Bugzilla::Auth::Verify->create_or_update_user($login_data);
- return $result if $result->{'failure'};
-
- my $user = $result->{'user'};
-
- # You can restrict people in a particular group from logging in using
- # Persona by making that group a member of a group called
- # "no-browser-id".
- #
- # If you have your "createemailregexp" set up in such a way that a
- # newly-created account is a member of "no-browser-id", this code will
- # create an account for them and then fail their login. Which isn't
- # great, but they can still use normal-Bugzilla-login password
- # recovery.
- if ($user->in_group('no-browser-id')) {
- return { failure => AUTH_ERROR,
- user_error => 'persona_account_too_powerful' };
- }
-
- if ($user->mfa) {
- return { failure => AUTH_ERROR,
- user_error => 'mfa_prevents_login',
- details => { provider => 'Persona' } };
- }
-
- $login_data->{'user'} = $user;
- $login_data->{'user_id'} = $user->id;
-
- return $login_data;
- }
- else {
- return { failure => AUTH_LOGINFAILED };
- }
-}
-
-# Pinched from Bugzilla::Auth::Login::CGI
-sub fail_nodata {
- my ($self) = @_;
- my $cgi = Bugzilla->cgi;
- my $template = Bugzilla->template;
-
- if (Bugzilla->usage_mode != USAGE_MODE_BROWSER) {
- ThrowUserError('login_required');
- }
-
- print $cgi->header();
- $template->process("account/auth/login.html.tmpl", { 'target' => $cgi->url(-relative=>1) })
- || ThrowTemplateError($template->error());
- exit;
-}
-
-1;
+++ /dev/null
-[%# This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- #
- # This Source Code Form is "Incompatible With Secondary Licenses", as
- # defined by the Mozilla Public License, v. 2.0.
- #%]
-
-[%
- title = "Persona"
- desc = "Configure Persona Authentication"
-%]
-
-[% param_descs = {
- persona_verify_url => "This is the URL for the Persona authority that the " _
- "user will be verified against. " _
- "Example: <kbd>https://verifier.login.persona.org/verify</kbd>.",
- persona_includejs_url => "This is the URL needed by Persona to load the necessary " _
- "javascript library for authentication. " _
- "Example: <kbd>https://persona.org/include.js</kbd>."
- }
-%]
+++ /dev/null
-[%# This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- #
- # This Source Code Form is "Incompatible With Secondary Licenses", as
- # defined by the Mozilla Public License, v. 2.0.
- #%]
-
-[%
- title = "Persona"
- desc = "Configure Persona Authentication"
-%]
-
-[% param_descs = {
- persona_verify_url => "This is the URL for the Persona authority that the " _
- "user will be verified against. " _
- "Example: <kbd>https://verifier.login.persona.org/verify</kbd>.",
- persona_includejs_url => "This is the URL needed by Persona to load the necessary " _
- "javascript library for authentication. " _
- "Example: <kbd>https://login.persona.org/include.js</kbd>."
- persona_proxy_url => "The URL of a HTTPS proxy server (optional). " _
- "Example: <kbd>http://proxy.example.com:3128</kbd>."
- }
-%]
+++ /dev/null
-[% IF Param('user_info_class').split(',').contains('Persona')
- && Param('persona_includejs_url') %]
-<p>
- <img src="extensions/Persona/web/images/persona_sign_in.png" width="185" height="25" class="persona_sign_in">
-</p>
-<p>
- <strong>Note:</strong> Persona authentication will be removed on October 25th, 2016 (<a href="page.cgi?id=persona_deprecated.html">more info</a>).
-</p>
-[% END %]
+++ /dev/null
-[% IF Param('user_info_class').split(',').contains('Persona')
- && Param('persona_includejs_url') %]
-<script [% script_nonce FILTER none %]>
- YAHOO.util.Event.addListener('login_link[% qs_suffix FILTER js %]','click', function () {
- var login_link = YAHOO.util.Dom.get('persona_mini_login[% qs_suffix FILTER js %]');
- YAHOO.util.Dom.removeClass(login_link, 'bz_default_hidden');
- });
- YAHOO.util.Event.addListener('hide_mini_login[% qs_suffix FILTER js %]','click', function () {
- var login_link = YAHOO.util.Dom.get('persona_mini_login[% qs_suffix FILTER js %]');
- YAHOO.util.Dom.addClass(login_link, 'bz_default_hidden');
- });
-</script>
-<span id="persona_mini_login[% qs_suffix FILTER html %]" class="bz_default_hidden">
- <img src="extensions/Persona/web/images/sign_in.png" height="22" width="75" align="absmiddle"
- title="Sign in with Persona" class='persona_sign_in'> or
-</span>
-[% END %]
+++ /dev/null
-[%# This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- #
- # This Source Code Form is "Incompatible With Secondary Licenses", as
- # defined by the Mozilla Public License, v. 2.0.
- #%]
-
-[% RETURN UNLESS Param('user_info_class').split(',').contains('Persona') %]
-
-Or, use your Persona account:
-<img src="extensions/Persona/web/images/sign_in.png" class="persona_sign_in"
- width="95" height="25" align="absmiddle">
+++ /dev/null
-[%# This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
- #
- # This Source Code Form is "Incompatible With Secondary Licenses", as
- # defined by the Mozilla Public License, v. 2.0.
- #%]
-
-[% RETURN UNLESS Param('persona_includejs_url')
- && Param('user_info_class').split(',').contains('Persona') %]
-
-[%# for now don't inject persona javascript on authenticated users.
- # we've seen sessions being logged out unexpectedly
- # we should only inject this code for users who used persona to authenicate %]
-[% RETURN IF user.id %]
-
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
-
-<script [% script_nonce FILTER none %] defer src="[% Param('persona_includejs_url') %]"></script>
-<script [% script_nonce FILTER none %]>
-
-function createHidden(name, value, form) {
- var field = document.createElement('input');
- field.type = 'hidden';
- field.name = name;
- field.value = value;;
- form.appendChild(field);
-}
-
-[% login_target = cgi.url("-relative" => 1, "-query" => 1) %]
-[% IF !login_target
- OR login_target.match("^token\.cgi")
- OR login_target.match("^createaccount\.cgi") %]
- [% login_target = "index.cgi" %]
-[% END %]
-[% login_target = urlbase _ login_target %]
-
-[%# we only want to honour explicit login requests %]
-var persona_ignore_login = true;
-
-function persona_onlogin(assertion) {
- if (persona_ignore_login)
- return;
- [% IF !user.id %]
- var form = document.createElement('form');
- form.action = '[% login_target FILTER js %]';
- form.method = 'POST';
- form.style.display = 'none';
-
- createHidden('token', '[% issue_hash_token(['login']) FILTER js %]', form);
- createHidden('Bugzilla_remember', 'on', form);
- createHidden('persona_assertion', assertion, form);
-
- [% FOREACH field = cgi.param() %]
- [% NEXT IF field.search('^(Bugzilla_(login|password|restrictlogin)|token|persona_assertion)$') %]
- [% NEXT UNLESS cgi.param(field).can('slice') %]
- [% FOREACH mvalue = cgi.param(field).slice(0) %]
- createHidden('[% field FILTER js %]', '[% mvalue FILTER html_linebreak FILTER js %]', form);
- [% END %]
- [% END %]
-
- document.body.appendChild(form);
- form.submit();
- [% END %]
-}
-
-YAHOO.util.Event.on(window, 'load', persona_init);
-function persona_init() {
- navigator.id.watch({
- [%# we can't set loggedInUser to user.login as this causes cgi authenticated
- sessions to be logged out by persona %]
- loggedInUser: null,
- onlogin: persona_onlogin,
- onlogout: function () {
- [%# this should be redirecting to index.cgi?logout=1 however there's a
- persona bug which causes this to break chrome and safari logins.
- https://github.com/mozilla/browserid/issues/2423 %]
- }
- });
-}
-
-function persona_sign_in() {
- persona_ignore_login = false;
- navigator.id.request({ siteName: '[% terms.BugzillaTitle FILTER js %]' });
-}
-$(function() {
- $('.persona_sign_in').on("click", persona_sign_in);
-});
-</script>
+++ /dev/null
-[% IF error == "persona_account_too_powerful" %]
- [% title = "Account Too Powerful" %]
- Your account is a member of a group which is not permitted to use Persona to
- log in. Please log in with your [% terms.Bugzilla %] username and password.
- <br><br>
- (Persona logins are disabled for accounts which are members of certain
- particularly sensitive groups, while we gain experience with the technology.)
-[% ELSIF error == "persona_server_fail" %]
- An error occurred during communication with the Persona servers:
- <br>
- [% reason FILTER html %]
-[% END %]
projects / thirdparty / bugzilla.git / commitdiff
