|
||
|
||
|
||
|
||
|
||
msuchy commented 5 years ago | ||
praiskup commented 5 years ago Isn't there a different way to get fasusername, e.g. from the session, instead of the URL? It smells like the url is fedora specific. | ||
frostyx commented 5 years ago
Unfortunately when
I think that this would not help. You see, constructing URL with FAS name in it is a one thing (which we actually don't even do, as I said in the PR description), but we also need to parse FAS name from a given URL and in | ||
frostyx commented 5 years ago
Hmm, actually, there is a solution. We can change the ask_for=["email", "timezone", "nickname"], Then, instead of using | ||
praiskup commented 5 years ago I looked it just now, and I agree that nickname migth bring some risk. So I agree that parsing the identity_url is the best we can do now, and we can expect that | ||
praiskup commented 5 years ago I guess I know where we are making mistake ...the concept of identity url is meant to be unique across all the OpenID providers I guess. And we make a bad assumption that copr user id needs to match the FAS user id... In theory, users could be allowed to login using any OpenID provider. The thing is that we would have to pair identity_provider url(s) with arbitrarily chosen copr user id (that might be related to #344 where we discuss that groups could be merged with users). And even more, the mapping between OID and COPRID could be M:N. That said, as long as we have that constraint (single OID provider per copr instance), I think it is completely fine to parse the userid from identity_url. | ||
clime commented 5 years ago Strictly speaking, the param should be called 'FAS_OPENID_PROVIDER_URL | ||
|
||
|
||
|
||
|
||
This PR is dealing with issue #374 and moves a hardcoded OpenID provider out to the configuration.
I've also added few tests, so we can be sure that it works as expected.
Please note, that function fed_openidize_name
is not used anywhere and can be safely removed, but I decided to keep it,
as it may come in handy in the future. If you prefer to remove it, we can do so.
Can we rather have this:
OPENID_PROVIDER_URL = "https://{0}.id.fedoraproject.org"
Then we do not need to parse it and we can just format() this string.