From 3f104aa43d746c602b179564c96fce0d4d682886 Mon Sep 17 00:00:00 2001 From: Kohei Yoshino Date: Mon, 1 Oct 2018 00:43:48 -0400 Subject: Bug 1495349 - Remove Persona extension --- .../en/default/pages/persona_deprecated.html.tmpl | 53 -------- extensions/GitHubAuth/Extension.pm | 2 +- extensions/Persona/Config.pm | 27 ---- extensions/Persona/Extension.pm | 86 ------------- extensions/Persona/TODO | 19 --- extensions/Persona/lib/Config.pm | 42 ------- extensions/Persona/lib/Login.pm | 137 --------------------- .../en/default/admin/params/browserid.html.tmpl | 22 ---- .../en/default/admin/params/persona.html.tmpl | 24 ---- .../auth/login-additional_methods.html.tmpl | 9 -- .../auth/login-small-additional_methods.html.tmpl | 17 --- .../account/create-additional_methods.html.tmpl | 13 -- .../hook/global/header-additional_header.html.tmpl | 90 -------------- .../hook/global/user-error-errors.html.tmpl | 12 -- extensions/Persona/web/images/persona_sign_in.png | Bin 3684 -> 0 bytes extensions/Persona/web/images/sign_in.png | Bin 1993 -> 0 bytes 16 files changed, 1 insertion(+), 552 deletions(-) delete mode 100644 extensions/BMO/template/en/default/pages/persona_deprecated.html.tmpl delete mode 100644 extensions/Persona/Config.pm delete mode 100644 extensions/Persona/Extension.pm delete mode 100644 extensions/Persona/TODO delete mode 100644 extensions/Persona/lib/Config.pm delete mode 100644 extensions/Persona/lib/Login.pm delete mode 100644 extensions/Persona/template/en/default/admin/params/browserid.html.tmpl delete mode 100644 extensions/Persona/template/en/default/admin/params/persona.html.tmpl delete mode 100644 extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl delete mode 100644 extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl delete mode 100644 extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl delete mode 100644 extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl delete mode 100644 extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl delete mode 100644 extensions/Persona/web/images/persona_sign_in.png delete mode 100644 extensions/Persona/web/images/sign_in.png diff --git a/extensions/BMO/template/en/default/pages/persona_deprecated.html.tmpl b/extensions/BMO/template/en/default/pages/persona_deprecated.html.tmpl deleted file mode 100644 index 18b7a3f60..000000000 --- a/extensions/BMO/template/en/default/pages/persona_deprecated.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% PROCESS global/header.html.tmpl - title = "Persona Deprecated" -%] - -

Persona Deprecated

- -

- Beginning on October 25th, 2016, Persona is no longer a supported authentication method - for bugzilla.mozilla.org (BMO). The Mozilla supported Persona service will cease operations on November 30th, 2016 so therefore - BMO will not longer be able to use the service for authentication. You can go - here for more information about Persona - and the reasons for shutting down service. -

- -

- For users of Persona on BMO, there are two other methods for authentication that are supported and you will need to switch - over to one of them after your current session expires starting October 25th, 2016. -

- -

Native Login

- -

- BMO has always supported native authentication using a password securely stored in our database. If you have used Persona since - first creating your BMO account, you will probably not know this password. But you can reset it to something you do know by first - logging out, and then clicking on 'Forgot Password' at the right-hand top of the page. Enter your email you used with Persona in - the text field and click 'Reset Password'. -

- -

- You will receive an email with a link you can use to reset your current password to something you can use from now on. - After you reset your password, simply enter your login and the password in the login fields at the top of any BMO page. -

- -

Github Login

- -

- Github is also a BMO supported method of authentication. To use Github, first log out and then - click 'Login' at the top of any BMO page and then click on the 'Github' login image. You will need to have a Github account that - has an email address the same as the Persona email you were using, otherwise a different BMO account will be created. You will - be able to choose the email address you want to use for BMO if you have more than one configured in your Github profile. If none - of the email addresses you have configured in Github match what you were using for Persona, native login described above may be - your best choice if you want to retain your BMO data. -

- -[% PROCESS global/footer.html.tmpl %] diff --git a/extensions/GitHubAuth/Extension.pm b/extensions/GitHubAuth/Extension.pm index 24a7cf2f1..d0d9f42f1 100644 --- a/extensions/GitHubAuth/Extension.pm +++ b/extensions/GitHubAuth/Extension.pm @@ -74,7 +74,7 @@ sub config_modify_panels { my $user_info_class = first { $_->{name} eq 'user_info_class' } @$auth_panel_params; if ($user_info_class) { - push @{ $user_info_class->{choices} }, "GitHubAuth,CGI", "Persona,GitHubAuth,CGI"; + push @{ $user_info_class->{choices} }, "GitHubAuth,CGI"; } my $user_verify_class = first { $_->{name} eq 'user_verify_class' } @$auth_panel_params; diff --git a/extensions/Persona/Config.pm b/extensions/Persona/Config.pm deleted file mode 100644 index fa878bb05..000000000 --- a/extensions/Persona/Config.pm +++ /dev/null @@ -1,27 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::Persona; - -use 5.10.1; -use strict; -use warnings; - -use constant NAME => 'Persona'; - -use constant REQUIRED_MODULES => [ - { - package => 'JSON', - module => 'JSON', - version => 0, - }, -]; - -use constant OPTIONAL_MODULES => [ -]; - -__PACKAGE__->NAME; diff --git a/extensions/Persona/Extension.pm b/extensions/Persona/Extension.pm deleted file mode 100644 index f94c54446..000000000 --- a/extensions/Persona/Extension.pm +++ /dev/null @@ -1,86 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::Persona; - -use 5.10.1; -use strict; -use warnings; - -use base qw(Bugzilla::Extension); - -use Bugzilla::Config qw(SetParam write_params); - -our $VERSION = '0.01'; - -sub install_update_db { - # The extension changed from BrowserID to Persona - # so we need to update user_info_class if this system - # was using BrowserID for verification. - my $params = Bugzilla->params || Bugzilla::Config::read_param_file(); - my $user_info_class = $params->{'user_info_class'}; - if ($user_info_class =~ /BrowserID/) { - $user_info_class =~ s/BrowserID/Persona/; - SetParam('user_info_class', $user_info_class); - write_params(); - } -} - -sub auth_login_methods { - my ($self, $args) = @_; - my $modules = $args->{'modules'}; - if (exists($modules->{'Persona'})) { - $modules->{'Persona'} = 'Bugzilla/Extension/Persona/Login.pm'; - } -} - -sub config_modify_panels { - my ($self, $args) = @_; - my $panels = $args->{'panels'}; - my $auth_panel_params = $panels->{'auth'}->{'params'}; - - my ($user_info_class) = - grep { $_->{'name'} eq 'user_info_class' } @$auth_panel_params; - - if ($user_info_class) { - push(@{ $user_info_class->{'choices'} }, "Persona,CGI"); - } - - # The extension changed from BrowserID to Persona - # so we need to retain the current values for the new - # params that will be created. - my $params = Bugzilla->params || Bugzilla::Config::read_param_file(); - my $verify_url = $params->{'browserid_verify_url'}; - my $includejs_url = $params->{'browserid_includejs_url'}; - if ($verify_url && $includejs_url) { - foreach my $param (@{ $panels->{'persona'}->{'params'} }) { - if ($param->{'name'} eq 'persona_verify_url') { - $param->{'default'} = $verify_url; - } - if ($param->{'name'} eq 'persona_includejs_url') { - $param->{'default'} = $includejs_url; - } - } - } -} - -sub attachment_should_redirect_login { - my ($self, $args) = @_; - my $cgi = Bugzilla->cgi; - - if ($cgi->param("persona_assertion")) { - ${$args->{do_redirect}} = 1; - } -} - -sub config_add_panels { - my ($self, $args) = @_; - my $modules = $args->{panel_modules}; - $modules->{Persona} = "Bugzilla::Extension::Persona::Config"; -} - -__PACKAGE__->NAME; diff --git a/extensions/Persona/TODO b/extensions/Persona/TODO deleted file mode 100644 index cb9e15d2f..000000000 --- a/extensions/Persona/TODO +++ /dev/null @@ -1,19 +0,0 @@ -ToDo: - -* Cache the LWP::UserAgent in Login.pm? - -* Fix Bugzilla::Auth::Login::Stack to allow failure part way down the chain - (currently, it seems that both CGI and BrowserID have to be last in order - to report login failures correctly.) - -* JS inclusions noticeably slow page load. Do we want a local copy of - browserid.js? Do the browserid folks object to that? How can we get good - performance? How can we avoid including it in every logged-in page? Can we - do demand loading onclick, and/or load-on-reveal? - -* Fix -8px margin-bottom hack in login-small-additional_methods.html.tmpl - - - - - diff --git a/extensions/Persona/lib/Config.pm b/extensions/Persona/lib/Config.pm deleted file mode 100644 index ae40fd94a..000000000 --- a/extensions/Persona/lib/Config.pm +++ /dev/null @@ -1,42 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::Persona::Config; - -use 5.10.1; -use strict; -use warnings; - -use Bugzilla::Config::Common; - -our $sortkey = 1350; - -sub get_param_list { - my ($class) = @_; - - my @param_list = ( - { - name => 'persona_verify_url', - type => 't', - default => 'https://verifier.login.persona.org/verify', - }, - { - name => 'persona_includejs_url', - type => 't', - default => 'https://login.persona.org/include.js', - }, - { - name => 'persona_proxy_url', - type => 't', - default => '', - }, - ); - - return @param_list; -} - -1; diff --git a/extensions/Persona/lib/Login.pm b/extensions/Persona/lib/Login.pm deleted file mode 100644 index 9a5e3a5b7..000000000 --- a/extensions/Persona/lib/Login.pm +++ /dev/null @@ -1,137 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::Persona::Login; - -use 5.10.1; -use strict; -use warnings; - -use base qw(Bugzilla::Auth::Login); - -use Bugzilla::Constants; -use Bugzilla::Util; -use Bugzilla::Error; -use Bugzilla::Token; - -use JSON; -use LWP::UserAgent; - -use constant requires_verification => 0; -use constant is_automatic => 1; -use constant user_can_create_account => 1; - -sub get_login_info { - my ($self) = @_; - - my $cgi = Bugzilla->cgi; - - my $assertion = $cgi->param("persona_assertion"); - # Avoid the assertion being copied into any 'echoes' of the current URL - # in the page. - $cgi->delete('persona_assertion'); - - if (!$assertion || !Bugzilla->params->{persona_verify_url}) { - return { failure => AUTH_NODATA }; - } - - my $token = $cgi->param("token"); - $cgi->delete('token'); - check_hash_token($token, ['login']); - - my $urlbase = new URI(Bugzilla->localconfig->{urlbase}); - my $audience = $urlbase->scheme . "://" . $urlbase->host_port; - - my $ua = new LWP::UserAgent( timeout => 10 ); - if (Bugzilla->params->{persona_proxy_url}) { - $ua->proxy('https', Bugzilla->params->{persona_proxy_url}); - } - - my $response = $ua->post(Bugzilla->params->{persona_verify_url}, - [ assertion => $assertion, - audience => $audience ]); - if ($response->is_error) { - return { failure => AUTH_ERROR, - user_error => 'persona_server_fail', - details => { reason => $response->message }}; - } - - my $info; - eval { - $info = decode_json($response->decoded_content()); - }; - if ($@) { - return { failure => AUTH_ERROR, - user_error => 'persona_server_fail', - details => { reason => 'Received a malformed response.' }}; - } - if ($info->{'status'} eq 'failure') { - return { failure => AUTH_ERROR, - user_error => 'persona_server_fail', - details => { reason => $info->{reason} }}; - } - - if ($info->{'status'} eq "okay" && - $info->{'audience'} eq $audience && - ($info->{'expires'} / 1000) > time()) - { - my $login_data = { - 'username' => $info->{'email'} - }; - - my $result = Bugzilla::Auth::Verify->create_or_update_user($login_data); - return $result if $result->{'failure'}; - - my $user = $result->{'user'}; - - # You can restrict people in a particular group from logging in using - # Persona by making that group a member of a group called - # "no-browser-id". - # - # If you have your "createemailregexp" set up in such a way that a - # newly-created account is a member of "no-browser-id", this code will - # create an account for them and then fail their login. Which isn't - # great, but they can still use normal-Bugzilla-login password - # recovery. - if ($user->in_group('no-browser-id')) { - return { failure => AUTH_ERROR, - user_error => 'persona_account_too_powerful' }; - } - - if ($user->mfa) { - return { failure => AUTH_ERROR, - user_error => 'mfa_prevents_login', - details => { provider => 'Persona' } }; - } - - $login_data->{'user'} = $user; - $login_data->{'user_id'} = $user->id; - - return $login_data; - } - else { - return { failure => AUTH_LOGINFAILED }; - } -} - -# Pinched from Bugzilla::Auth::Login::CGI -sub fail_nodata { - my ($self) = @_; - my $cgi = Bugzilla->cgi; - my $template = Bugzilla->template; - - if (Bugzilla->usage_mode != USAGE_MODE_BROWSER) { - ThrowUserError('login_required'); - } - - print $cgi->header(); - $template->process("account/auth/login.html.tmpl", { 'target' => $cgi->url(-relative=>1) }) - || ThrowTemplateError($template->error()); - exit; -} - -1; diff --git a/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl b/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl deleted file mode 100644 index 379d12058..000000000 --- a/extensions/Persona/template/en/default/admin/params/browserid.html.tmpl +++ /dev/null @@ -1,22 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% - title = "Persona" - desc = "Configure Persona Authentication" -%] - -[% param_descs = { - persona_verify_url => "This is the URL for the Persona authority that the " _ - "user will be verified against. " _ - "Example: https://verifier.login.persona.org/verify.", - persona_includejs_url => "This is the URL needed by Persona to load the necessary " _ - "javascript library for authentication. " _ - "Example: https://persona.org/include.js." - } -%] diff --git a/extensions/Persona/template/en/default/admin/params/persona.html.tmpl b/extensions/Persona/template/en/default/admin/params/persona.html.tmpl deleted file mode 100644 index ef3cf32d2..000000000 --- a/extensions/Persona/template/en/default/admin/params/persona.html.tmpl +++ /dev/null @@ -1,24 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% - title = "Persona" - desc = "Configure Persona Authentication" -%] - -[% param_descs = { - persona_verify_url => "This is the URL for the Persona authority that the " _ - "user will be verified against. " _ - "Example: https://verifier.login.persona.org/verify.", - persona_includejs_url => "This is the URL needed by Persona to load the necessary " _ - "javascript library for authentication. " _ - "Example: https://login.persona.org/include.js." - persona_proxy_url => "The URL of a HTTPS proxy server (optional). " _ - "Example: http://proxy.example.com:3128." - } -%] diff --git a/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl deleted file mode 100644 index 1743db9a6..000000000 --- a/extensions/Persona/template/en/default/hook/account/auth/login-additional_methods.html.tmpl +++ /dev/null @@ -1,9 +0,0 @@ -[% IF Param('user_info_class').split(',').contains('Persona') - && Param('persona_includejs_url') %] -

- -

-

- Note: Persona authentication will be removed on October 25th, 2016 (more info). -

-[% END %] diff --git a/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl deleted file mode 100644 index 364d1528f..000000000 --- a/extensions/Persona/template/en/default/hook/account/auth/login-small-additional_methods.html.tmpl +++ /dev/null @@ -1,17 +0,0 @@ -[% IF Param('user_info_class').split(',').contains('Persona') - && Param('persona_includejs_url') %] - - - or - -[% END %] diff --git a/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl b/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl deleted file mode 100644 index b6fb1eedc..000000000 --- a/extensions/Persona/template/en/default/hook/account/create-additional_methods.html.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% RETURN UNLESS Param('user_info_class').split(',').contains('Persona') %] - -Or, use your Persona account: - diff --git a/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl b/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl deleted file mode 100644 index f60bd36db..000000000 --- a/extensions/Persona/template/en/default/hook/global/header-additional_header.html.tmpl +++ /dev/null @@ -1,90 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% RETURN UNLESS Param('persona_includejs_url') - && Param('user_info_class').split(',').contains('Persona') %] - -[%# for now don't inject persona javascript on authenticated users. - # we've seen sessions being logged out unexpectedly - # we should only inject this code for users who used persona to authenicate %] -[% RETURN IF user.id %] - -[% USE Bugzilla %] -[% cgi = Bugzilla.cgi %] - - - diff --git a/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl deleted file mode 100644 index f2e5bda24..000000000 --- a/extensions/Persona/template/en/default/hook/global/user-error-errors.html.tmpl +++ /dev/null @@ -1,12 +0,0 @@ -[% IF error == "persona_account_too_powerful" %] - [% title = "Account Too Powerful" %] - Your account is a member of a group which is not permitted to use Persona to - log in. Please log in with your [% terms.Bugzilla %] username and password. -

- (Persona logins are disabled for accounts which are members of certain - particularly sensitive groups, while we gain experience with the technology.) -[% ELSIF error == "persona_server_fail" %] - An error occurred during communication with the Persona servers: -
- [% reason FILTER html %] -[% END %] diff --git a/extensions/Persona/web/images/persona_sign_in.png b/extensions/Persona/web/images/persona_sign_in.png deleted file mode 100644 index ab88a7154..000000000 Binary files a/extensions/Persona/web/images/persona_sign_in.png and /dev/null differ diff --git a/extensions/Persona/web/images/sign_in.png b/extensions/Persona/web/images/sign_in.png deleted file mode 100644 index 82594ba82..000000000 Binary files a/extensions/Persona/web/images/sign_in.png and /dev/null differ -- cgit v1.2.3-24-g4f1b