launchpad-reviewers team mailing list archive

[William Grant <me@xxxxxxxxxxxxxxxxxx>]

Diff comments:

> 
> === modified file 'lib/lp/registry/model/gpgkey.py'
> --- lib/lp/registry/model/gpgkey.py	2015-10-26 14:54:43 +0000
> +++ lib/lp/registry/model/gpgkey.py	2016-02-24 22:43:54 +0000
> @@ -128,3 +146,8 @@
>              query += ' AND owner=%s' % sqlvalues(ownerid)
>  
>          return GPGKey.select(query, orderBy='id')
> +
> +    def getOwnerIdForPerson(self, owner):
> +        """See IGPGKeySet."""
> +        return owner.account.openid_identifiers.order_by(
> +            OpenIdIdentifier.identifier).first().identifier

OpenIDIdentifier was originally the table for the OpenID provider, so OpenIDIdentifier.identifier is not a fully qualified OpenID identifier URL -- it's just the random suffix, unnamespaced. The full identifier URL is generated by lp.services.openid.adapters.openid.OpenIDPersistentIdentity.

Now a minor complication appears: when U1 took SSO from LP, they changed the OpenID provider URL (which is part of the identity...) from https://login.launchpad.net/ to https://login.ubuntu.com/, but left another instance of the provider with a shared DB running at the old URL. So a given suffix is actually valid under both domains, but the latter is canonical, and the Launchpad prefers the former to avoid breaking everyone's password managers etc.

So Launchpad generates login.launchpad.net URLs (config.launchpad.openid_provider_root), and also accepts login.ubuntu.com URLs (config.launchpad.openid_alternate_provider_roots). But for this purpose we need Launchpad to generate the canonical OpenID identifier, which is a login.ubuntu.com URL. That might require a new config option.



-- 
https://code.launchpad.net/~thomir/launchpad/devel-start-integration/+merge/286972
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.