Last modified: 2013-11-22 20:49:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56508, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 54508 - Add a third mode "provider only" to the existing "consumer" and "consumer and provider" modes
Add a third mode "provider only" to the existing "consumer" and "consumer and...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
OpenID (Other open bugs)
master
All All
: Normal normal (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks: 9604
  Show dependency treegraph
 
Reported: 2013-09-24 16:19 UTC by Brad Jorsch
Modified: 2013-11-22 20:49 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Brad Jorsch 2013-09-24 16:19:18 UTC
I set an empty list for $wgOpenIDProviders, set $wgOpenIDConsumerDenyByDefault = true and left $wgOpenIDConsumerAllow empty, set $wgOpenIDAllowExistingAccountSelection false, and set $wgOpenIDHideOpenIDLoginLink true. But it still allows Special:OpenIDLogin to pretend to work, and it still shows the "Your OpenIDs for login" section on Special:Preferences.
Comment 1 T. Gries 2013-10-06 16:40:00 UTC
Hi Brad,

your question needs a clarification: 

From the wording of the bug subject I do understand, that you want to run your MediaWiki as "provider only".

This has not yet been foreseen, currently - with the extension included you can chose between "consumer only" and "consumer and provider" modes.

Please let me know, if you really meant and need the "provider only" mode.
Comment 2 Brad Jorsch 2013-10-07 14:47:22 UTC
Yes, that is exactly what I meant.

Chris can correct me if I'm wrong, but I believe the current plan for WMF wikis is just that: to allow using OpenID for e.g. labs wikis to authenticate against production wikis, but (at least to start with) not to let people use other OpenID providers to log into the WMF production wikis.
Comment 3 Chris Steipp 2013-10-07 16:13:10 UTC
Brad, that's correct. I think we were planning to implement that by whitelisting providers, and having no providers on our whitelist.
Comment 4 Brad Jorsch 2013-10-07 16:41:58 UTC
While whitelisting providers and having none in the whitelist does effectively work, you wind up with non-functional things in the UI as mentioned in comment 0. Those non-functional things should be hideable.

Ideally you could just set something like $wgOpenIDConsumer = false and not have to worry about setting an empty whitelist or anything else at all. And then the confusingly-named $wgOpenIDConsumerAndAlsoProvider could just change to $wgOpenIDProvider.
Comment 5 T. Gries 2013-10-07 17:06:01 UTC
He, stop it. I will introduce a third value for the variable which is currently (currently not confusingly) named  $wgOpenIDConsumerAndAlsoProvider, the name must change, too.

So I understand that you all want to have three modes for a MediaWiki with the E:OpenID:

1 - consumer only
2 - consumer and provider
3 - provider only


mode 3 is not yet implemented. I think, I understand what you want and will implement this.

But I need you ! you helping me to fix this https://gerrit.wikimedia.org/r/#/c/81629/ first. This way is necessary, even when it looks unrelated, I need to get it working.
Comment 6 T. Gries 2013-11-14 00:19:48 UTC
Clarification request: 

What's about having a new switch (replacing $wgOpenIDConsumerAndAlsoProvider) having (new:) FOUR possible values:

$wgOpenIDMode = 'off' | 'consumer' | 'provider' | 'consumer-and-provider'

0 - OpenID extension inactive
1 - consumer only
2 - provider only
3 - consumer and provider

In my view, this can be implemented quite easily, and would make the code more readable and also better to maintain.


By they way, I will also introduce new rights (names not yet finalised):

- can-create-account-with-openid
- can-create-account-without-openid
- can-login-with-openid

see https://gerrit.wikimedia.org/r/#/c/94977/6/OpenID.php .

Any comment is welcome! Please let me know. Here's the linke to the other open bugs https://bugzilla.wikimedia.org/buglist.cgi?component=OpenID&list_id=250013&query_format=advanced&resolution=---&order=bug_id%20DESC&query_based_on= .
Comment 7 Gerrit Notification Bot 2013-11-14 17:08:25 UTC
Change 94977 had a related patch set uploaded by Wikinaut:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977
Comment 8 Gerrit Notification Bot 2013-11-15 21:29:44 UTC
Change 94977 had a related patch set (by Wikinaut) published:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977
Comment 9 T. Gries 2013-11-16 12:35:59 UTC
+++ Important +++

@Ryan, Chris, other reporters:

THIS is what you wanted. My invitation to code-review:
https://gerrit.wikimedia.org/r/#/c/94977/

Code is live on http://openid-wiki.instance-proxy.wmflabs.org/wiki/ .

Special:Version should show you "4.00 20131115"

Please test.
Please code-review.
Comment 10 Gerrit Notification Bot 2013-11-19 22:03:10 UTC
Change 94977 had a related patch set (by Wikinaut) published:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977
Comment 11 Gerrit Notification Bot 2013-11-22 20:45:54 UTC
Change 94977 merged by Wikinaut:
Bug 54508: Add "provider only" mode; Bug 46617: allow Sysops to always create account

https://gerrit.wikimedia.org/r/94977
Comment 12 T. Gries 2013-11-22 20:49:05 UTC
solved in 4.00 20131122
https://gerrit.wikimedia.org/r/#/c/94977/

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links