Skip to content

Allow using the SREG email as the authname (i.e. the trac SID). (issue ... #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
edgimar wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow using the SREG email as the authname (i.e. the trac SID). (issue ... #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1d2838
Allow using the SREG email as the authname (i.e. the trac SID). (iss…
edgimar Mar 8, 2014
0513c10
bugfix: set new-user attributes even when trust_authname = true
edgimar Mar 9, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,10 @@ from an example config file which lists all available options::

# Use SREG nickname as authname (default false)
#use_nickname_as_authname = false

# Use SREG email as authname (default false) -- overrides
# use_nickname_as_authname if both are set to true.
#use_email_as_authname = false

# If you want username to be written as
# "username_in_remote_system <openid_url>" use:
Expand Down
30 changes: 18 additions & 12 deletions authopenid/authopenid.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,9 @@ def trac_auth_cookie_lifetime(self):
use_nickname_as_authname = BoolOption('openid', 'use_nickname_as_authname', False,
""" Whether the nickname as retrieved by SReg is used as username""")

use_email_as_authname = BoolOption('openid', 'use_email_as_authname', False,
""" Whether the email-address as retrieved by SReg is used as username. When enabled, this option overrides the use_nickname_as_authname option.""")

trust_authname = BoolOption('openid', 'trust_authname', False,
"""WARNING: Only enable this if you know what this mean!
This could make identity theft very easy if you do not control the OpenID provider!
Expand Down Expand Up @@ -716,6 +719,8 @@ def _do_process(self, req):
# New identity URL -> create new authname/user.
if self.check_list and self.check_list_username:
authname = cl_username
elif self.use_email_as_authname and email:
authname = email
elif self.use_nickname_as_authname and nickname:
authname = nickname
elif session_attr.get('name'):
Expand Down Expand Up @@ -751,18 +756,19 @@ def authnames(base):
if (no_session_exists and no_permissions_defined):
# name is free :-)
break
# Set attributes for new user on the
# current anonymous session. It will be promoted to
# the new authenticated session on the next request
# (by Session.__init__).
#
# NB: avoid dict.update here to ensure that
# DetachedSession.__getitem__ gets a chance to
# normalize values
for name, value in session_attr.items():
req.session[name] = value
self.env.log.info("Created new user '%s' for "
"OpenID identifier %s", authname, info.identity_url)

# Set attributes for new user on the
# current anonymous session. It will be promoted to
# the new authenticated session on the next request
# (by Session.__init__).
#
# NB: avoid dict.update here to ensure that
# DetachedSession.__getitem__ gets a chance to
# normalize values
for name, value in session_attr.items():
req.session[name] = value
self.env.log.info("Created new user '%s' for "
"OpenID identifier %s", authname, info.identity_url)

req.authname = authname

Expand Down