New Module: OpenID

tkott

Joined: 2010-06-07
Posts: 225

Posted: Sun, 2012-05-27 03:08

I needed an easy way for friends and family to log into my gallery, without me having to provision users for everyone.

This is the first draft of a plugin for Gallery 3 which provides just such a capability. Note that this should absolutely, without a question not be used yet for production sites. This is very beta software. However, I wanted to start the ball rolling. I’ve only tested with Google as the OpenID provider. Currently, the plugin:

* Provides a form for normal gallery log in and for OpenID login & registration
* Automatically provisions user accounts using as much information as it got from the OpenID provider
* Ties the OpenID identifier to the Gallery3 user through a separate table, allowing gallery users and openid users to coexist.
* Provides debugging info into the log by default. (Changeable in the admin options)

Some deficiencies, and things that this module doesn’t do:

* It doesn’t tie in perfectly into themes (such as the ajax login). Currently you must manually type in the login page (see below).
* It probably doesn’t work perfectly for both gallery and openid users
* There might be security issues I am not aware of

Some hopes and dreams for future versions:

* Allow an admin to choose which OpenID buttons are large (currently they must be made by hand, through a helper script).
* Work with both the ajax login and html logins from gallery.
* Work with the register module when provisioning users so that the admin has more control.
* Tie into some OAuth frameworks, such as Facebook.
* Be as secure as possible against CSRF, etc.
* Never interfere with normal gallery usage and users
* Graceful error handling

Documentation and download: http://kott.fm/tomek/plugins-extensions/openid/. PLEASE PLEASE read through the documentation: some files need to be changed.

Support: either post here, or at http://kott.fm/tomek/forums/forum/openid/

I welcome patches, improvements, comments etc. If you give me a couple patches and I agree with them, I'll give you access to the fossil repository where I keep my source code: http://kott.fm/cgi-bin/fossil/openid/.

Tomek
----
Publish on Gallery 3 (WLPG Plugin) | XMP Module | OpenID Module

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Mon, 2012-05-28 04:40

This is great!

"$openid = new LightOpenID('kott.fm/gallery');"
can that be done with some code?
$openid = new LightOpenID('item::root()->abs_url()');
or something similar? Im sure that there is a xxx_url function that can be used here or some regex if the http:// is not needed.

@ OpenID buttons ~~do you need those to be made and donated? I'm misunderstanding.~~

*EDIT* I see those are sprites. I also see the the URL to those sprites is coded someplace as /gallery/modules/openid/images/openid-providers-en.png
the path to my install would be /gallery3/modules/openid/images/openid-providers-en.png Did not look close where that was.

I think a link on the login dialog to the openid page would be better than the form box to enter the URL of your provider. Or was that going to be expanded enhanced?

Thanks!
Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-05-28 19:41

Dave,

Thanks for the feedback!

Quote:

can that be done with some code?
$openid = new LightOpenID('item::root()->abs_url()');

Yes, that's the simplicity I was looking for. I just didn't get around to fixing this -- I wanted a first pass plugin to get feedback on . I've opened a ticket for myself with your suggested change: http://kott.fm/cgi-bin/fossil/openid/tktview?name=9f7cc99b0c.

Quote:

I also see the the URL to those sprites is coded someplace as /gallery/modules/openid/images/openid-providers-en.png
the path to my install would be /gallery3/modules/openid/images/openid-providers-en.png Did not look close where that was.

That's a problematic one, and one which I forgot to document (oops!). It's in the openid/js/openid-jquery.js I believe. Yes, search for img_path and change that. I'm not a great JS person, but clearly that needs to be consistent. Maybe abs_url() can be used in this case as well, with changing it in the "openid_login.html.php" file...I'll look into that. I guess I could just use item::root()->url() and then tack on /modules/openid/images, to get the same relative url? Ticket tracked here: http://kott.fm/cgi-bin/fossil/openid/tktview?name=de4f5b9c1e

Quote:

I think a link on the login dialog to the openid page would be better than the form box to enter the URL of your provider. Or was that going to be expanded enhanced?

Are you talking about that ajaxified dialog page? If so, then yes, that was one of the things I need to find a way to fix or just automatically go to the html page. Ticket for that here: http://kott.fm/cgi-bin/fossil/openid/tktview?name=31916ee2f4.

Thanks for looking it over and suggesting the abs_url.

Tomek

----
Publish on Gallery 3 (WLPG Plugin) | XMP Module | OpenID Plugin

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-05-28 20:15

BTW, do you have any suggestions on getting the csrf code (so that access::verify_csrf() works) into my custom form without using Forge to create the form? Or perhaps I can create the form using Forge, but then just grab the csrf #, put it into the proper hidden input, and call it a day?

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Tue, 2012-05-29 00:13

I think that getting the csrf# from a forge and then using it as a hidden form field is the way to go if this does not work:
$csrf = access::csrf_token();
or using it in a view; your controller could have:
$view->content->csrf = access::csrf_token();
then your view would just need:
<?= $csrf; ?>

Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

tkott

Joined: 2010-06-07
Posts: 225

Posted: Tue, 2012-05-29 16:10

Thanks Dave, that indeed works perfectly. I've managed to fix most of those tickets, and am working on some of the other features, such as avoiding running my own gallery login, and am wondering about another issue I'm having.

When I started the module, I thought I needed to create a driver for the IdentityProvider class. This also required a file identity.php in the config folder. I no longer have the driver for the IdentityProvider class, but when I try to get rid of the identity.php file, my gallery (well, I guess the server) throws 500 errors right and left... I can't even get to a kohana error screen. From what I understand, I shouldn't need this file -- I'm not providing a different IdentityProvider, I'm essentially extending the 'users' module.

Any idea?

Thanks,

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Tue, 2012-05-29 16:32

Now you are over my head. I will get Bharat or others to comment.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

jnash

Joined: 2004-08-02
Posts: 814

Posted: Tue, 2012-05-29 17:36

tkott, do you have caching enabled? You may want to try and empty the 'caches' table and delete anything in var/tmp/

This will clear out any module caches -- I've encountered this when modifying modules and removing a pivotal item that is no longer needed... The core caches these if set.

James

tkott

Joined: 2010-06-07
Posts: 225

Posted: Tue, 2012-05-29 18:45

James,

Quote:

You may want to try and empty the 'caches' table and delete anything in var/tmp/

Thanks, one of those two did it! Woohoo, another ticket fixed!

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Thu, 2012-07-26 17:15

I have finally got around to creating a codex page:
http://codex.gallery2.org/Gallery3:Modules:openid
please feel free to update as you see fit.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

memgir

Joined: 2011-04-05
Posts: 11

Posted: Sat, 2012-08-04 08:31

Hi,

I installed this but I have a small problem which I believe to be a bug and a small suggestion.

I have gallery installed under a top level domain name as a virtual server. So my address is like gallery.x.y, i.e., I don't have it under a gallery folder or alias. I changed the base url as in the docs to gallery.x.y, but I still can not get provider icons image file as it seems to try for http://gallery.x.y/gallery/modules/openid/images/openid-providers-en.png. I don't know where /gallery/ comes from? I don't have it in any configuration...

My suggestion is about connecting the usual gallery accounts and openid accounts as in wordpress. It should be possible to add unlimited number of openids under an account and unify the experience.

Best.

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-08-06 01:27

Quote:

I have gallery installed under a top level domain name as a virtual server. So my address is like gallery.x.y, i.e., I don't have it under a gallery folder or alias. I changed the base url as in the docs to gallery.x.y, but I still can not get provider icons image file as it seems to try for http://gallery.x.y/gallery/modules/openid/images/openid-providers-en.png. I don't know where /gallery/ comes from? I don't have it in any configuration...

You might want to try the most recent version. The 0.1 version was really a testing bed. I haven't yet released an 0.2 or anything, but the latest might as well be that release. Go to: http://kott.fm/cgi-bin/fossil/openid/info/95f5b4e4f2 (you will have to log in anonymously). I believe in that version, you will no longer see the 'gallery' url problem like you describe.

memgir wrote:

My suggestion is about connecting the usual gallery accounts and openid accounts as in wordpress. It should be possible to add unlimited number of openids under an account and unify the experience.

ribeyelover28 wrote:

Also, memgir hit it right on the nose with the unlimited, unified openids. Will be back to this thread later tonight.

It's an interesting idea, and it would be possible to build that in, but it is not a priority for me. I'm open to patches though against the newest version available (see link above).

Please let me know of any other bugs.

@dave - thanks for starting that page, I think you hit everything right.

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

memgir

Joined: 2011-04-05
Posts: 11

Posted: Mon, 2012-08-06 09:59

Now it tries to find:

http://gallery.x.y/index.php//modules/openid/images/openid-providers-en.png

and it can't find. Manually trying at the browser address bar, this address seems to work:

http://gallery.x.y/modules/openid/images/openid-providers-en.png

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-08-06 14:55

memgir wrote:

Now it tries to find:

http://gallery.x.y/index.php//modules/openid/images/openid-providers-en.png

and it can't find. Manually trying at the browser address bar, this address seems to work:

http://gallery.x.y/modules/openid/images/openid-providers-en.png

Hmm. This is where that URL gets set (mostly for my own reference ): http://kott.fm/cgi-bin/fossil/openid/fdiff?v1=6f0f2ca2c3101757&v2=ad51067b4fdd13a9. On my installation, I don't get the 'index.php' part (unclear why), and so things work fine, which explains why I never ran into a problem .

Ok, I think the following change will fix it. Find line 6 in openid/views/openid_login.html.php (the added line in the link above) and change item::root()->url() . '/modules/openid/images/' to url::base() . 'modules/openid/images/'. That should work (I hope).

I'll push it to the code repository eventually, but that should fix it for you for now.

Tomek
----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

memgir

Joined: 2011-04-05
Posts: 11

Posted: Mon, 2012-08-06 16:51

Yes, it worked. Thanks.

Other than that I have one more problem. It takes ages for google openid logins to perform. On the same server with wordpress openid login much faster. With this plugin, firefox stays at "connecting..." for at least 3-4 minutes. Interestingly using yahoo login it is equally fast with wordpress sw. Where do you keep debug logs?

memgir

Joined: 2011-04-05
Posts: 11

Posted: Mon, 2012-08-06 17:36

I've done some tests regarding the openid unification. It seems that changing the user_id in the table openid_ids to the desired user works flawlessly. On the other hand it means that all that needs to be done for openid-(normal user accounts) unification is to design an interface to amend records into the table openid_ids with the desired user_id (and nothing into the table users)...

Am I correct tkott?

PS: Another problem with the google openid login is that it doesn't return correct names (again, yahoo does this correctly). All the values in sql table was the email address. I think there is something wrong with the google openid code...

tkott

Joined: 2010-06-07
Posts: 225

Posted: Tue, 2012-08-07 15:00

Quote:

Other than that I have one more problem. It takes ages for google openid logins to perform. On the same server with wordpress openid login much faster. With this plugin, firefox stays at "connecting..." for at least 3-4 minutes.

I haven't had that problem when using google (in fact the only one I've tested). It always returns quickly for me. Sorry!

Quote:

On the other hand it means that all that needs to be done for openid-(normal user accounts) unification is to design an interface to amend records into the table openid_ids with the desired user_id (and nothing into the table users)...

Mostly. You would also need to refactor the logic that checks the table. Currently I believe it just looks for one row in the table, but you would either need a list of id's in one row, or many rows with one userid and many openids.

Quote:

Another problem with the google openid login is that it doesn't return correct names (again, yahoo does this correctly). All the values in sql table was the email address. I think there is something wrong with the google openid code...

Yes, that is a google shortcoming. I googled around for a bit trying to find a solution, but it appears that google does not easily hand out that information. If you find a solution or workaround, let me know!

Let me know if you want to fork the code, and be able to push back to the repository any changes. I'm very open to collaboration, since the module does pretty much everything that I *need*, so I haven't focused on it recently.

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

memgir

Joined: 2011-04-05
Posts: 11

Posted: Sun, 2012-10-28 07:10

Hello again.

I recently found some more time testing your plugin. Or more precisely, its integratin with the gallery. My recent problem is about reauthentication when a user's session expires. It still takes you to a page (/reauthenticate) where only classical authentication is offered. Is it possible to redirect this to /openid somehow?

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-10-29 15:44

@memgir

Thanks for the further testing. I had completely forgotten about the reauthentication piece of the puzzle. Do you happen to know if this is only relevant for admins or for users as well? I can't promise anything faster than a week or two right now, sorry.

Did you happen to work on combining openid's for normal users?

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

memgir

Joined: 2011-04-05
Posts: 11

Posted: Thu, 2012-11-01 23:32

No problem and I am in no hurry or anything. Just whenever you find some spare time to have a look at it...

I think reauth is for all users but I am not 100% sure.

Unfortunately I couldn't work on the combining thing. If I ever get to work on it, I'll definitely let you know.

tkott

Joined: 2010-06-07
Posts: 225

Posted: Mon, 2012-11-19 04:13

@memgir,

I think I've figured out how to get the reauthentication working. It turns out the reauth is only for admins. Everyone else simply has to log in again. It's a bit late here now, but sometime this week I'll try to finish up some of the changes. If you feel like living on the edge, go to http://kott.fm/cgi-bin/fossil/openid/timeline, click on the most recent check-in, and download the zip file after logging in anonymously (top right hand side of the page).

You'll need to run the upgrader (I needed to change a table), and probably delete & recreate any users that were created by the openid plugin. The key is that the openid_ids table should have actual urls for the "provider" column. If that is not the case, then you will need to either delete/recreate as mentioned, OR take the urls from the modules/openid/js/openid-en.js files for the appropriate entry and update manually. For example, if you had a user_id = 47 that corresponded to id = 7 in the openid_ids table and that user was created by using the google openid provider, you would need to update the provider column for that openid_ids table entry to "https://www.google.com/accounts/o8/id" as listed in the javascript file.

Let me know if you have any questions / bug reports. I tested this by setting the advanced setting "admin_timeout" (or something similar) to 30 seconds. If the URL is set properly, you should not even see the 'reauthenticate' form. It should automatically forward to the provider for validation, and if you are still logged in there, you should seamlessly be forwarded to the admin page requested.

Tomek

----
Publish on Gallery 3 (WLPG) | Modules: XMP, OpenID

tkott Joined: 2010-06-07 Posts: 225	Posted: Sun, 2012-05-27 03:08
	I needed an easy way for friends and family to log into my gallery, without me having to provision users for everyone. This is the first draft of a plugin for Gallery 3 which provides just such a capability. Note that this should absolutely, without a question not be used yet for production sites. This is very beta software. However, I wanted to start the ball rolling. I’ve only tested with Google as the OpenID provider. Currently, the plugin: * Provides a form for normal gallery log in and for OpenID login & registration * Automatically provisions user accounts using as much information as it got from the OpenID provider * Ties the OpenID identifier to the Gallery3 user through a separate table, allowing gallery users and openid users to coexist. * Provides debugging info into the log by default. (Changeable in the admin options) Some deficiencies, and things that this module doesn’t do: * It doesn’t tie in perfectly into themes (such as the ajax login). Currently you must manually type in the login page (see below). * It probably doesn’t work perfectly for both gallery and openid users * There might be security issues I am not aware of Some hopes and dreams for future versions: * Allow an admin to choose which OpenID buttons are large (currently they must be made by hand, through a helper script). * Work with both the ajax login and html logins from gallery. * Work with the register module when provisioning users so that the admin has more control. * Tie into some OAuth frameworks, such as Facebook. * Be as secure as possible against CSRF, etc. * Never interfere with normal gallery usage and users * Graceful error handling Documentation and download: http://kott.fm/tomek/plugins-extensions/openid/. PLEASE PLEASE read through the documentation: some files need to be changed. Support: either post here, or at http://kott.fm/tomek/forums/forum/openid/ I welcome patches, improvements, comments etc. If you give me a couple patches and I agree with them, I'll give you access to the fossil repository where I keep my source code: http://kott.fm/cgi-bin/fossil/openid/. Tomek ---- Publish on Gallery 3 (WLPG Plugin) \| XMP Module \| OpenID Module
	XUser login Username: * Password: * Create new account Request new password
floridave Joined: 2003-12-22 Posts: 27300	Posted: Mon, 2012-05-28 04:40
	This is great! "$openid = new LightOpenID('kott.fm/gallery');" can that be done with some code? $openid = new LightOpenID('item::root()->abs_url()'); or something similar? Im sure that there is a xxx_url function that can be used here or some regex if the http:// is not needed. @ OpenID buttons ~~do you need those to be made and donated? I'm misunderstanding.~~ EDIT I see those are sprites. I also see the the URL to those sprites is coded someplace as /gallery/modules/openid/images/openid-providers-en.png the path to my install would be /gallery3/modules/openid/images/openid-providers-en.png Did not look close where that was. I think a link on the login dialog to the openid page would be better than the form box to enter the URL of your provider. Or was that going to be expanded enhanced? Thanks! Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-05-28 19:41
	Dave, Thanks for the feedback! Quote: can that be done with some code? $openid = new LightOpenID('item::root()->abs_url()'); Yes, that's the simplicity I was looking for. I just didn't get around to fixing this -- I wanted a first pass plugin to get feedback on . I've opened a ticket for myself with your suggested change: http://kott.fm/cgi-bin/fossil/openid/tktview?name=9f7cc99b0c. Quote: I also see the the URL to those sprites is coded someplace as /gallery/modules/openid/images/openid-providers-en.png the path to my install would be /gallery3/modules/openid/images/openid-providers-en.png Did not look close where that was. That's a problematic one, and one which I forgot to document (oops!). It's in the openid/js/openid-jquery.js I believe. Yes, search for `img_path` and change that. I'm not a great JS person, but clearly that needs to be consistent. Maybe abs_url() can be used in this case as well, with changing it in the "openid_login.html.php" file...I'll look into that. I guess I could just use item::root()->url() and then tack on /modules/openid/images, to get the same relative url? Ticket tracked here: http://kott.fm/cgi-bin/fossil/openid/tktview?name=de4f5b9c1e Quote: I think a link on the login dialog to the openid page would be better than the form box to enter the URL of your provider. Or was that going to be expanded enhanced? Are you talking about that ajaxified dialog page? If so, then yes, that was one of the things I need to find a way to fix or just automatically go to the html page. Ticket for that here: http://kott.fm/cgi-bin/fossil/openid/tktview?name=31916ee2f4. Thanks for looking it over and suggesting the abs_url. Tomek ---- Publish on Gallery 3 (WLPG Plugin) \| XMP Module \| OpenID Plugin

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-05-28 20:15
	BTW, do you have any suggestions on getting the csrf code (so that access::verify_csrf() works) into my custom form without using Forge to create the form? Or perhaps I can create the form using Forge, but then just grab the csrf #, put it into the proper hidden input, and call it a day? Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

floridave Joined: 2003-12-22 Posts: 27300	Posted: Tue, 2012-05-29 00:13
	I think that getting the csrf# from a forge and then using it as a hidden form field is the way to go if this does not work: `$csrf = access::csrf_token();` or using it in a view; your controller could have: `$view->content->csrf = access::csrf_token();` then your view would just need: `<?= $csrf; ?>` Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

tkott Joined: 2010-06-07 Posts: 225	Posted: Tue, 2012-05-29 16:10
	Thanks Dave, that indeed works perfectly. I've managed to fix most of those tickets, and am working on some of the other features, such as avoiding running my own gallery login, and am wondering about another issue I'm having. When I started the module, I thought I needed to create a driver for the IdentityProvider class. This also required a file identity.php in the config folder. I no longer have the driver for the IdentityProvider class, but when I try to get rid of the identity.php file, my gallery (well, I guess the server) throws 500 errors right and left... I can't even get to a kohana error screen. From what I understand, I shouldn't need this file -- I'm not providing a different IdentityProvider, I'm essentially extending the 'users' module. Any idea? Thanks, Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

floridave Joined: 2003-12-22 Posts: 27300	Posted: Tue, 2012-05-29 16:32
	Now you are over my head. I will get Bharat or others to comment. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

jnash Joined: 2004-08-02 Posts: 814	Posted: Tue, 2012-05-29 17:36
	tkott, do you have caching enabled? You may want to try and empty the 'caches' table and delete anything in var/tmp/ This will clear out any module caches -- I've encountered this when modifying modules and removing a pivotal item that is no longer needed... The core caches these if set. James

tkott Joined: 2010-06-07 Posts: 225	Posted: Tue, 2012-05-29 18:45
	James, Quote: You may want to try and empty the 'caches' table and delete anything in var/tmp/ Thanks, one of those two did it! Woohoo, another ticket fixed! Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

floridave Joined: 2003-12-22 Posts: 27300	Posted: Thu, 2012-07-26 17:15
	I have finally got around to creating a codex page: http://codex.gallery2.org/Gallery3:Modules:openid please feel free to update as you see fit. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

memgir Joined: 2011-04-05 Posts: 11	Posted: Sat, 2012-08-04 08:31
	Hi, I installed this but I have a small problem which I believe to be a bug and a small suggestion. I have gallery installed under a top level domain name as a virtual server. So my address is like gallery.x.y, i.e., I don't have it under a gallery folder or alias. I changed the base url as in the docs to gallery.x.y, but I still can not get provider icons image file as it seems to try for http://gallery.x.y/gallery/modules/openid/images/openid-providers-en.png. I don't know where /gallery/ comes from? I don't have it in any configuration... My suggestion is about connecting the usual gallery accounts and openid accounts as in wordpress. It should be possible to add unlimited number of openids under an account and unify the experience. Best.

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-08-06 01:27
	Quote: I have gallery installed under a top level domain name as a virtual server. So my address is like gallery.x.y, i.e., I don't have it under a gallery folder or alias. I changed the base url as in the docs to gallery.x.y, but I still can not get provider icons image file as it seems to try for http://gallery.x.y/gallery/modules/openid/images/openid-providers-en.png. I don't know where /gallery/ comes from? I don't have it in any configuration... You might want to try the most recent version. The 0.1 version was really a testing bed. I haven't yet released an 0.2 or anything, but the latest might as well be that release. Go to: http://kott.fm/cgi-bin/fossil/openid/info/95f5b4e4f2 (you will have to log in anonymously). I believe in that version, you will no longer see the 'gallery' url problem like you describe. memgir wrote: My suggestion is about connecting the usual gallery accounts and openid accounts as in wordpress. It should be possible to add unlimited number of openids under an account and unify the experience. ribeyelover28 wrote: Also, memgir hit it right on the nose with the unlimited, unified openids. Will be back to this thread later tonight. It's an interesting idea, and it would be possible to build that in, but it is not a priority for me. I'm open to patches though against the newest version available (see link above). Please let me know of any other bugs. @dave - thanks for starting that page, I think you hit everything right. Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

memgir Joined: 2011-04-05 Posts: 11	Posted: Mon, 2012-08-06 09:59
	Now it tries to find: http://gallery.x.y/index.php//modules/openid/images/openid-providers-en.png and it can't find. Manually trying at the browser address bar, this address seems to work: http://gallery.x.y/modules/openid/images/openid-providers-en.png

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-08-06 14:55
	memgir wrote: Now it tries to find: http://gallery.x.y/index.php//modules/openid/images/openid-providers-en.png and it can't find. Manually trying at the browser address bar, this address seems to work: http://gallery.x.y/modules/openid/images/openid-providers-en.png Hmm. This is where that URL gets set (mostly for my own reference ): http://kott.fm/cgi-bin/fossil/openid/fdiff?v1=6f0f2ca2c3101757&v2=ad51067b4fdd13a9. On my installation, I don't get the 'index.php' part (unclear why), and so things work fine, which explains why I never ran into a problem . Ok, I think the following change will fix it. Find line 6 in openid/views/openid_login.html.php (the added line in the link above) and change `item::root()->url() . '/modules/openid/images/'` to `url::base() . 'modules/openid/images/'`. That should work (I hope). I'll push it to the code repository eventually, but that should fix it for you for now. Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

memgir Joined: 2011-04-05 Posts: 11	Posted: Mon, 2012-08-06 16:51
	Yes, it worked. Thanks. Other than that I have one more problem. It takes ages for google openid logins to perform. On the same server with wordpress openid login much faster. With this plugin, firefox stays at "connecting..." for at least 3-4 minutes. Interestingly using yahoo login it is equally fast with wordpress sw. Where do you keep debug logs?

memgir Joined: 2011-04-05 Posts: 11	Posted: Mon, 2012-08-06 17:36
	I've done some tests regarding the openid unification. It seems that changing the user_id in the table openid_ids to the desired user works flawlessly. On the other hand it means that all that needs to be done for openid-(normal user accounts) unification is to design an interface to amend records into the table openid_ids with the desired user_id (and nothing into the table users)... Am I correct tkott? PS: Another problem with the google openid login is that it doesn't return correct names (again, yahoo does this correctly). All the values in sql table was the email address. I think there is something wrong with the google openid code...

tkott Joined: 2010-06-07 Posts: 225	Posted: Tue, 2012-08-07 15:00
	Quote: Other than that I have one more problem. It takes ages for google openid logins to perform. On the same server with wordpress openid login much faster. With this plugin, firefox stays at "connecting..." for at least 3-4 minutes. I haven't had that problem when using google (in fact the only one I've tested). It always returns quickly for me. Sorry! Quote: On the other hand it means that all that needs to be done for openid-(normal user accounts) unification is to design an interface to amend records into the table openid_ids with the desired user_id (and nothing into the table users)... Mostly. You would also need to refactor the logic that checks the table. Currently I believe it just looks for one row in the table, but you would either need a list of id's in one row, or many rows with one userid and many openids. Quote: Another problem with the google openid login is that it doesn't return correct names (again, yahoo does this correctly). All the values in sql table was the email address. I think there is something wrong with the google openid code... Yes, that is a google shortcoming. I googled around for a bit trying to find a solution, but it appears that google does not easily hand out that information. If you find a solution or workaround, let me know! Let me know if you want to fork the code, and be able to push back to the repository any changes. I'm very open to collaboration, since the module does pretty much everything that I need, so I haven't focused on it recently. Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

memgir Joined: 2011-04-05 Posts: 11	Posted: Sun, 2012-10-28 07:10
	Hello again. I recently found some more time testing your plugin. Or more precisely, its integratin with the gallery. My recent problem is about reauthentication when a user's session expires. It still takes you to a page (/reauthenticate) where only classical authentication is offered. Is it possible to redirect this to /openid somehow?

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-10-29 15:44
	@memgir Thanks for the further testing. I had completely forgotten about the reauthentication piece of the puzzle. Do you happen to know if this is only relevant for admins or for users as well? I can't promise anything faster than a week or two right now, sorry. Did you happen to work on combining openid's for normal users? Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

memgir Joined: 2011-04-05 Posts: 11	Posted: Thu, 2012-11-01 23:32
	No problem and I am in no hurry or anything. Just whenever you find some spare time to have a look at it... I think reauth is for all users but I am not 100% sure. Unfortunately I couldn't work on the combining thing. If I ever get to work on it, I'll definitely let you know.

tkott Joined: 2010-06-07 Posts: 225	Posted: Mon, 2012-11-19 04:13
	@memgir, I think I've figured out how to get the reauthentication working. It turns out the reauth is only for admins. Everyone else simply has to log in again. It's a bit late here now, but sometime this week I'll try to finish up some of the changes. If you feel like living on the edge, go to http://kott.fm/cgi-bin/fossil/openid/timeline, click on the most recent check-in, and download the zip file after logging in anonymously (top right hand side of the page). You'll need to run the upgrader (I needed to change a table), and probably delete & recreate any users that were created by the openid plugin. The key is that the openid_ids table should have actual urls for the "provider" column. If that is not the case, then you will need to either delete/recreate as mentioned, OR take the urls from the modules/openid/js/openid-en.js files for the appropriate entry and update manually. For example, if you had a user_id = 47 that corresponded to id = 7 in the openid_ids table and that user was created by using the google openid provider, you would need to update the provider column for that openid_ids table entry to "https://www.google.com/accounts/o8/id" as listed in the javascript file. Let me know if you have any questions / bug reports. I tested this by setting the advanced setting "admin_timeout" (or something similar) to 30 seconds. If the URL is set properly, you should not even see the 'reauthenticate' form. It should automatically forward to the provider for validation, and if you are still logged in there, you should seamlessly be forwarded to the admin page requested. Tomek ---- Publish on Gallery 3 (WLPG) \| Modules: XMP, OpenID

New Module: OpenID

XUser login