7 files changed, 181 insertions, 0 deletions

diff --git a/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl b/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl
new file mode 100644
index 000000000..379d12058
--- /dev/null
+++ b/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl
@@ -0,0 +1,22 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[%
+  title = "Persona"
+  desc = "Configure Persona Authentication"
+%]
+
+[% param_descs = {
+  persona_verify_url => "This is the URL for the Persona authority that the " _
+                        "user will be verified against. " _
+                        "Example: <kbd>https://verifier.login.persona.org/verify</kbd>.",
+  persona_includejs_url => "This is the URL needed by Persona to load the necessary " _
+                           "javascript library for authentication. " _
+                           "Example: <kbd>https://persona.org/include.js</kbd>."
+ }
+%]
diff --git a/extensions/Persona/template/en/default/admin/params/persona.html.tmpl b/extensions/Persona/template/en/default/admin/params/persona.html.tmpl
new file mode 100644
index 000000000..5c060129b
--- /dev/null
+++ b/extensions/Persona/template/en/default/admin/params/persona.html.tmpl
@@ -0,0 +1,22 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[%
+  title = "Persona"
+  desc = "Configure Persona Authentication"
+%]
+
+[% param_descs = {
+  persona_verify_url => "This is the URL for the Persona authority that the " _
+                        "user will be verified against. " _
+                        "Example: <kbd>https://verifier.login.persona.org/verify</kbd>.",
+  persona_includejs_url => "This is the URL needed by Persona to load the necessary " _
+                           "javascript library for authentication. " _
+                           "Example: <kbd>https://login.persona.org/include.js</kbd>."
+ }
+%]
diff --git a/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
new file mode 100644
index 000000000..5be7910ad
--- /dev/null
+++ b/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
@@ -0,0 +1,6 @@
+[% IF Param('user_info_class').split(',').contains('Persona')
+      && Param('persona_includejs_url') %]
+<p>
+  <img src="extensions/Persona/web/images/persona_sign_in.png" width="185" height="25" onclick="persona_sign_in()">
+</p>
+[% END %]
diff --git a/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
new file mode 100644
index 000000000..5d8503d73
--- /dev/null
+++ b/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl
@@ -0,0 +1,17 @@
+[% IF Param('user_info_class').split(',').contains('Persona')
+      && Param('persona_includejs_url') %]
+<script type="text/javascript">
+  YAHOO.util.Event.addListener('login_link[% qs_suffix FILTER js %]','click', function () {
+      var login_link = YAHOO.util.Dom.get('persona_mini_login[% qs_suffix FILTER js %]');
+      YAHOO.util.Dom.removeClass(login_link, 'bz_default_hidden');
+  });
+  YAHOO.util.Event.addListener('hide_mini_login[% qs_suffix FILTER js %]','click', function () {
+      var login_link = YAHOO.util.Dom.get('persona_mini_login[% qs_suffix FILTER js %]');
+      YAHOO.util.Dom.addClass(login_link, 'bz_default_hidden');
+  });
+</script>
+<span id="persona_mini_login[% qs_suffix FILTER html %]" class="bz_default_hidden">
+  <img src="extensions/Persona/web/images/sign_in.png" height="22" width="75" align="absmiddle"
+       title="Sign in with Persona" onclick="persona_sign_in()"> or
+</span>
+[% END %]
diff --git a/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl
new file mode 100644
index 000000000..6b0d772af
--- /dev/null
+++ b/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl
@@ -0,0 +1,18 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% IF Param('user_info_class').split(',').contains('Persona') %]
+Or, use your Persona account:
+<img src="extensions/Persona/web/images/sign_in.png" onclick="persona_create_account()"
+     width="95" height="25" align="absmiddle">
+
+<form id="persona_form" method="POST" action="index.cgi">
+  <input type="hidden" name="token" value="[% issue_hash_token(['login']) FILTER html %]">
+  <input type="hidden" name="persona_assertion" id="persona_assertion" value="">
+</form>
+[% END %]
diff --git a/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl b/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl
new file mode 100644
index 000000000..a2f150373
--- /dev/null
+++ b/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl
@@ -0,0 +1,84 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% RETURN UNLESS Param('persona_includejs_url')
+                 && Param('user_info_class').split(',').contains('Persona') %]
+
+[%# for now don't inject persona javascript on authenticated users.
+  # we've seen sessions being logged out unexpectedly
+  # we should only inject this code for users who used persona to authenicate %]
+[% RETURN IF user.id %]
+
+[% USE Bugzilla %]
+[% cgi = Bugzilla.cgi %]
+
+<script defer src="[% Param('persona_includejs_url') %]" type="text/javascript"></script>
+<script type="text/javascript">
+
+function createHidden(name, value, form) {
+  var field = document.createElement('input');
+  field.type = 'hidden';
+  field.name = name;
+  field.value = value;;
+  form.appendChild(field);
+}
+
+[% login_target = cgi.url("-relative" => 1, "-query" => 1) %]
+[% IF !login_target OR login_target.match("^token.cgi") %]
+  [% login_target = "index.cgi" %]
+[% END %]
+[% login_target = urlbase _ login_target %]
+
+[%# we only want to honour explicit login requests %]
+var persona_ignore_login = true;
+
+function persona_onlogin(assertion) {
+  if (persona_ignore_login)
+    return;
+  [% IF !user.id %]
+    var form = document.createElement('form');
+    form.action = '[% login_target FILTER js %]';
+    form.method = 'POST';
+    form.style.display = 'none';
+
+    createHidden('token', '[% issue_hash_token(['login']) FILTER js %]', form);
+    createHidden('Bugzilla_remember', 'on', form);
+    createHidden('persona_assertion', assertion, form);
+
+    [% FOREACH field = cgi.param() %]
+      [% NEXT IF field.search("^(Bugzilla_(login|password|restrictlogin)|token|persona_assertion)$") %]
+      [% FOREACH mvalue = cgi.param(field).slice(0) %]
+        createHidden('[% field FILTER js %]', '[% mvalue FILTER html_linebreak FILTER js %]', form);
+      [% END %]
+    [% END %]
+
+    document.body.appendChild(form);
+    form.submit();
+  [% END %]
+}
+
+YAHOO.util.Event.on(window, 'load', persona_init);
+function persona_init() {
+  navigator.id.watch({
+    [%# we can't set loggedInUser to user.login as this causes cgi authenticated
+        sessions to be logged out by persona %]
+    loggedInUser: null,
+    onlogin: persona_onlogin,
+    onlogout: function () {
+      [%# this should be redirecting to index.cgi?logout=1 however there's a
+          persona bug which causes this to break chrome and safari logins.
+          https://github.com/mozilla/browserid/issues/2423 %]
+    }
+  });
+}
+
+function persona_sign_in() {
+  persona_ignore_login = false;
+  navigator.id.request({ siteName: '[% terms.BugzillaTitle FILTER js %]' });
+}
+</script>
diff --git a/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl
new file mode 100644
index 000000000..f2e5bda24
--- /dev/null
+++ b/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -0,0 +1,12 @@
+[% IF error == "persona_account_too_powerful" %]
+  [% title = "Account Too Powerful" %]
+  Your account is a member of a group which is not permitted to use Persona to
+  log in. Please log in with your [% terms.Bugzilla %] username and password.
+  <br><br>
+  (Persona logins are disabled for accounts which are members of certain
+  particularly sensitive groups, while we gain experience with the technology.)
+[% ELSIF error == "persona_server_fail" %]
+  An error occurred during communication with the Persona servers:
+  <br>
+  [% reason FILTER html %]
+[% END %]