From 8b2961af2bb7d2dcd7e978ab202243862bf25eea Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: May 02 2014 22:41:49 +0000
Subject: We now remove everyone from the whitelist for now.


They will be re-enabled as we check the for vulnerability level to the covert redirect bug.

---

diff --git a/roles/fedoauth/templates/fedoauth.cfg b/roles/fedoauth/templates/fedoauth.cfg
index 33832af..a745993 100644
--- a/roles/fedoauth/templates/fedoauth.cfg
+++ b/roles/fedoauth/templates/fedoauth.cfg
@@ -49,17 +49,19 @@ PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
 # OPENID CONFIGURATION
 # This is the OpenID url provided to users. Add %(username)s where the username should be entered
 # A list of trust roots for which the user will not need to confirm again
-OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
-                        'https://ask.fedoraproject.org/',
-                        'https://fedorahosted.org/',
-                        'https://badges.fedoraproject.org',
-                        'https://apps.fedoraproject.org/tagger/',
-                        'https://apps.fedoraproject.org/nuancier/',
-                        'https://apps.fedoraproject.org/datagrepper/',
-                        'https://apps.fedoraproject.org/calendar/',
-                        'http://apps.fedoraproject.org/notifications/',
-                        'http://copr.fedoraproject.org/',
-                        'http://copr-fe.cloud.fedoraproject.org/']
+OPENID_TRUSTED_ROOTS = []
+# Currently all kicked out due to them being on the list for the covert check
+#			'http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
+#                        'https://ask.fedoraproject.org/',
+#                        'https://fedorahosted.org/',
+#                        'https://badges.fedoraproject.org',
+#                        'https://apps.fedoraproject.org/tagger/',
+#                        'https://apps.fedoraproject.org/nuancier/',
+#                        'https://apps.fedoraproject.org/datagrepper/',
+#                        'https://apps.fedoraproject.org/calendar/',
+#                        'http://apps.fedoraproject.org/notifications/',
+#                        'http://copr.fedoraproject.org/',
+#                        'http://copr-fe.cloud.fedoraproject.org/']
 OPENID_NON_TRUSTED_ROOTS = []
 ### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
 OPENID_MAX_AUTH_TIME = 120