launchpad-reviewers team mailing list archive

[William Grant <me@xxxxxxxxxxxxxxxxxx>]

William Grant has proposed merging lp:~wgrant/launchpad/openid-provider-root into lp:launchpad with lp:~wgrant/launchpad/openid-provider-root-config-keys as a prerequisite.

Commit message:
Use openid_provider_root and openid_alternate_provider_roots config options for authentication in favour of vhost.(ubuntu_)openid.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/openid-provider-root/+merge/201546

Our OpenID provider hasn't been a Launchpad vhost for nearly four years now, but the vhost.openid and vhost.ubuntu_openid config sections still determine the provider that we authenticate against. This branch switches all users of vhost.(ubuntu_)openid to use the config options added by the previous branch.
-- 
https://code.launchpad.net/~wgrant/launchpad/openid-provider-root/+merge/201546
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/openid-provider-root into lp:launchpad.

=== modified file 'lib/launchpad_loggerhead/app.py'
--- lib/launchpad_loggerhead/app.py	2013-01-31 01:28:56 +0000
+++ lib/launchpad_loggerhead/app.py	2014-01-14 06:50:50 +0000
@@ -110,9 +110,8 @@
         the page they were looking at, with a cookie that gives us the
         username.
         """
-        openid_vhost = config.launchpad.openid_provider_vhost
         openid_request = self._make_consumer(environ).begin(
-            allvhosts.configs[openid_vhost].rooturl)
+            config.launchpad.openid_provider_root)
         openid_request.addExtension(
             SRegRequest(required=['nickname']))
         back_to = construct_url(environ)

=== modified file 'lib/lp/registry/model/person.py'
--- lib/lp/registry/model/person.py	2014-01-08 22:30:47 +0000
+++ lib/lp/registry/model/person.py	2014-01-14 06:50:50 +0000
@@ -304,7 +304,6 @@
 from lp.services.verification.interfaces.logintoken import ILoginTokenSet
 from lp.services.verification.model.logintoken import LoginToken
 from lp.services.webapp.interfaces import ILaunchBag
-from lp.services.webapp.vhosts import allvhosts
 from lp.services.worlddata.model.language import Language
 from lp.soyuz.enums import (
     ArchivePurpose,
@@ -3245,10 +3244,16 @@
         # + is reserved, so is not allowed to be reencoded in transit, so
         # should never appear as its percent-encoded equivalent.
         identifier_suffix = None
-        for vhost in ('openid', 'ubuntu_openid'):
-            root = '%s+id/' % allvhosts.configs[vhost].rooturl
-            if identifier.startswith(root):
-                identifier_suffix = identifier.replace(root, '', 1)
+        roots = [config.launchpad.openid_provider_root]
+        if config.launchpad.openid_alternate_provider_roots:
+            roots.extend(
+                [root.strip() for root in
+                 config.launchpad.openid_alternate_provider_roots.split(',')
+                 if root.strip])
+        for root in roots:
+            base = '%s+id/' % root
+            if identifier.startswith(base):
+                identifier_suffix = identifier.replace(base, '', 1)
                 break
         if identifier_suffix is None:
             return None

=== modified file 'lib/lp/registry/tests/test_personset.py'
--- lib/lp/registry/tests/test_personset.py	2013-06-21 02:49:33 +0000
+++ lib/lp/registry/tests/test_personset.py	2014-01-14 06:50:50 +0000
@@ -148,14 +148,12 @@
         person = self.factory.makePerson()
         with person_logged_in(person):
             identifier = person.account.openid_identifiers.one().identifier
-        self.assertEqual(
-            person,
-            self.person_set.getByOpenIDIdentifier(
-                u'http://openid.launchpad.dev/+id/%s' % identifier))
-        self.assertEqual(
-            person,
-            self.person_set.getByOpenIDIdentifier(
-                u'http://ubuntu-openid.launchpad.dev/+id/%s' % identifier))
+        for id_url in (
+                u'http://testopenid.dev/+id/%s' % identifier,
+                u'http://login1.dev/+id/%s' % identifier,
+                u'http://login2.dev/+id/%s' % identifier):
+            self.assertEqual(
+                person, self.person_set.getByOpenIDIdentifier(id_url))
 
     def test_getByOpenIDIdentifier_for_nonexistent_identifier_is_none(self):
         # None is returned if there's no matching person.

=== modified file 'lib/lp/services/openid/adapters/openid.py'
--- lib/lp/services/openid/adapters/openid.py	2013-06-20 05:50:00 +0000
+++ lib/lp/services/openid/adapters/openid.py	2014-01-14 06:50:50 +0000
@@ -20,11 +20,11 @@
     )
 
 from lp.registry.interfaces.person import IPerson
+from lp.services.config import config
 from lp.services.database.interfaces import IStore
 from lp.services.identity.interfaces.account import IAccount
 from lp.services.openid.interfaces.openid import IOpenIDPersistentIdentity
 from lp.services.openid.model.openididentifier import OpenIdIdentifier
-from lp.services.webapp.vhosts import allvhosts
 
 
 class CurrentOpenIDEndPoint:
@@ -33,13 +33,7 @@
     @classmethod
     def getServiceURL(cls):
         """The OpenID server URL (/+openid) for the current request."""
-        return allvhosts.configs['openid'].rooturl + '+openid'
-
-    @classmethod
-    def supportsURL(cls, identity_url):
-        """Does the OpenID current vhost support the identity_url?"""
-        root_url = allvhosts.configs['openid'].rooturl
-        return identity_url.startswith(root_url + '+id')
+        return config.openid_provider_root + '+openid'
 
 
 class OpenIDPersistentIdentity:
@@ -57,8 +51,9 @@
         openid_identifier = self.openid_identifier
         if openid_identifier is None:
             return None
-        identity_root_url = allvhosts.configs['openid'].rooturl
-        return identity_root_url + openid_identifier.encode('ascii')
+        return (
+            config.launchpad.openid_provider_root +
+            openid_identifier.encode('ascii'))
 
     @property
     def openid_identifier(self):

=== modified file 'lib/lp/services/webapp/login.py'
--- lib/lp/services/webapp/login.py	2013-04-10 08:36:30 +0000
+++ lib/lp/services/webapp/login.py	2014-01-14 06:50:50 +0000
@@ -186,15 +186,14 @@
         # handshake to work.
         allowUnauthenticatedSession(self.request)
         consumer = self._getConsumer()
-        openid_vhost = config.launchpad.openid_provider_vhost
 
         timeline_action = get_request_timeline(self.request).start(
             "openid-association-begin",
-            allvhosts.configs[openid_vhost].rooturl,
+            config.launchpad.openid_provider_root,
             allow_nested=True)
         try:
             self.openid_request = consumer.begin(
-                allvhosts.configs[openid_vhost].rooturl)
+                config.launchpad.openid_provider_root)
         finally:
             timeline_action.finish()
         self.openid_request.addExtension(
@@ -575,8 +574,7 @@
 
     def logout(self):
         logoutPerson(self.request)
-        openid_vhost = config.launchpad.openid_provider_vhost
-        openid_root = allvhosts.configs[openid_vhost].rooturl
+        openid_root = config.launchpad.openid_provider_root
         target = '%s+logout?%s' % (
             config.codehosting.secure_codebrowse_root,
             urllib.urlencode(dict(next_to='%s+logout' % (openid_root, ))))

=== modified file 'scripts/ppa-report.py' (properties changed: +x to -x)