FedOAuth has been merged with Ipsilon and deprecated
Home Page: https://ipsilon-project.org/
FedOAuth has been superseeded by Ipsilon. The development teams and features of both projects have merged a long while ago.
Please find more info at https://ipsilon-project.org/
For this to be more usable to other people, we need more auth providers.
This issue is to mark the need for an LDAP-backed provider
Earlier today, a security issue was found in the setting of the auth_ses cookies.
The bug was located in fedoauth/auth/base.py, line 191: even if FedOAuth was configured to be using secure cookies, the auth_ses cookie would not be sent with that flag.
This cookie is used internally to remember an authenticated user for a specified period of time, and stealing of this cookie would mean stealing of the authenticated identity.
This bug has been issued identifier CVE-2015-0256.
It has been fixed in commit 135c1c1, release 3.1.3.
When the staging instance is used with stackoverflow, the first attempt to authenticate fails.
But if one tries it again, and thus already has logged in and trust_root accepted, it works.
As persona doesn't natively provide a method for indicating group membership, it would be very useful to be able to query for group information from fedoauth. Either group membership (all members of a group) or a users' group membership (all groups of which user X is a member).
Tried that, unsuccessfully:
Something went wrong
We're sorry! An error occurred trying to fulfill your request.
Not sure if this is related to:
must support OpenID 2.0
At the moment we return all the groups, but currently all the web-apps do not make any use of the shell groups (svn* git*... groups for fedorahosted).
It would be nice to have a way to no get them
This could be used in, say, a forge to handle accesses and would allow relying on a central authentication system to get the ssh key.
After a database outage today fas_openid began throwing these:
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1687, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1360, in full_dispat
rv = self.handle_user_exception(e)
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1358, in full_dispat
rv = self.dispatch_request()
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1344, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.6/site-packages/fas_openid/views.py", line 204, in view_main
get_session()['values'] = request.values
File "/usr/lib/python2.6/site-packages/beaker/session.py", line 520, in __setitem__
self._session()[key] = value
File "/usr/lib/python2.6/site-packages/beaker/session.py", line 504, in _session
**params)
File "/usr/lib/python2.6/site-packages/beaker/session.py", line 120, in __init__
self.invalidate()
File "/usr/lib/python2.6/site-packages/beaker/session.py", line 184, in invalidate
self.load()
File "/usr/lib/python2.6/site-packages/beaker/session.py", line 190, in load
**self.namespace_args)
File "/usr/lib/python2.6/site-packages/beaker/ext/database.py", line 93, in __init__
self.cache = DatabaseNamespaceManager.tables.get(table_key, make_cache)
File "/usr/lib/python2.6/site-packages/beaker/util.py", line 171, in get
return self.sync_get(key, createfunc, *args, **kwargs)
File "/usr/lib/python2.6/site-packages/beaker/util.py", line 182, in sync_get
return self._create(key, createfunc, *args, **kwargs)
File "/usr/lib/python2.6/site-packages/beaker/util.py", line 189, in _create
self[key] = obj = createfunc(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/beaker/ext/database.py", line 86, in make_cache
sa.UniqueConstraint('namespace')
File "/usr/lib64/python2.6/site-packages/SQLAlchemy-0.7.8-py2.6-linux-x86_64.egg/sqlalchemy/schema.py", line 305, in __new__
"existing Table object." % key)
InvalidRequestError: Table 'session' is already defined for this MetaData instance. Specify 'extend_existing=True' to redefine options and columns on an existing Table object.A user reported that if they tried logging in to http://ask.openstack.org/ with "http://USERNAME.id.fedoraproject.org", they received an error. However, if they tried logging in with "http://id.fedoraproject.org" it would work.
This may or may not be a bug in fas-openid.
The response values are not UTF-8 encoded, but are raw str objects.
This means problems with names containing different values.
It seems that FedOAuth and Ipsilon projects are somehow similar. Maybe it would be beneficial to cooperate and possibly share some code.
From Ipsilon project homepage:
"The server is a pluggable selfcontained mod_wsgi application that provides federated SSO to web applications. User authentication is always performed against a separate Identity Management system (for example a FreeIPA server), and communication with application is done using a federation protocol like SAML (the only one currently implemented), OpenId?, etc.."
Ipsilon project home page is hosted on:
https://fedorahosted.org/ipsilon/
Have a nice day!
This is really really minor but it's been bugging me - can we make the login button have the same capitalization style as the "Create a new account" button?
When you use the openid or sso login with fedoraproject.org, it would be nice if the FAS Module would offer your FedoraProject Email ID instead of your private address:
We should show a logout button on the main page, and maybe create some logout extension to make centralized logout possible.
Upon starting OpenID login, browsers show a big scary warning about sending information to an unsecured channel.
FIX THIS ASAP!
This release should contain the OpenID Connect implementations.
In Firefox, if I try to authenticate on a Fedora Hosted trac, I get sent to the FedOAuth form, then back to the trac.
In Epiphany, I never get redirected back to the trac after authentication. Instead, I get redirected to https://id.fedoraproject.org/
Please add a note or footer to the login page (ie when redirected to id.fp.o) where a link to FAS or other backend, and perhaps a link to fedoauth upstream, can be discovered. ref https://bugzilla.redhat.com/show_bug.cgi?id=1244419
When I attempt to auth against id.stg.fedoraproject.org from the persona link on the following site:
https://phab.qadevel-stg.cloud.fedoraproject.org/login/
The initial persona page shows up and if I input @id.stg.fedoraproject.org, I see the fedoauth login screen briefly (less than 5 seconds) before I am redirected back to a persona page at the following link:
https://login.persona.org/sign_in#AUTH_RETURN_CANCEL
I see the same thing when I use mozilla's webmaker (https://webmaker.org/) so I don't think it's a misconfiguration on qadevel-stg.
The text input boxes on https://id.fedoraproject.org/login/ appear to have their background colors hardcoded as white, but the color of the text itself is not similarly hardcoded. The result on a system that normally uses a white-on-black theme is boxes with invisible white text on a white background. See the attached screenshot for an example. Both text fields in that screenshot actually contain data.
The FAS open id provider stopped working since about 15 hours ago if not using https://. http:// doesn't work any more.
Reference site: http://gerrit.beaker-project.org
When running dnssec-triggerd, I am unable to login to a local application with our openid setup.
This might be easily resolved with a server-side DNS tweak, or it may be more elaborite, I'm not sure…
Traceback (most recent call last):
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/waitress-0.8.8-py2.7.egg/waitress/channel.py", line 337, in service
task.service()
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/waitress-0.8.8-py2.7.egg/waitress/task.py", line 173, in service
self.execute()
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/waitress-0.8.8-py2.7.egg/waitress/task.py", line 392, in execute
app_iter = self.channel.server.application(env, start_response)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/router.py", line 272, in __call__
response = self.invoke_subrequest(request, use_tweens=True)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/router.py", line 247, in invoke_subrequest
response = handle_request(request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/tweens.py", line 40, in excview_tween
response = view_callable(exc, request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/config/views.py", line 287, in _authdebug_view
return view(context, request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/config/views.py", line 385, in viewresult_to_response
result = view(context, request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/tweens.py", line 21, in excview_tween
response = handler(request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid_tm-0.7-py2.7.egg/pyramid_tm/__init__.py", line 82, in tm_tween
reraise(*exc_info)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid_tm-0.7-py2.7.egg/pyramid_tm/__init__.py", line 63, in tm_tween
response = handler(request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/router.py", line 163, in handle_request
response = view_callable(context, request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/config/views.py", line 287, in _authdebug_view
return view(context, request)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/pyramid-1.5a3-py2.7.egg/pyramid/config/views.py", line 385, in viewresult_to_response
result = view(context, request)
File "/home/lmacken/code/github.org/pyramid_fas_openid/pyramid_fas_openid/view.py", line 74, in verify_openid
return process_provider_response(context, request)
File "/home/lmacken/code/github.org/pyramid_fas_openid/pyramid_fas_openid/view.py", line 138, in process_provider_response
info = openid_consumer.complete(request.params, request.url)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 414, in complete
response = self.consumer.complete(message, endpoint, current_url)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 619, in complete
return modeMethod(message, endpoint, return_to)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 646, in _complete_id_res
return self._doIdRes(message, endpoint, return_to)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 730, in _doIdRes
endpoint = self._verifyDiscoveryResults(message, endpoint)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 887, in _verifyDiscoveryResults
return self._verifyDiscoveryResultsOpenID2(resp_msg, endpoint)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 939, in _verifyDiscoveryResultsOpenID2
to_match.claimed_id, [to_match])
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/consumer.py", line 1052, in _discoverAndVerify
_, services = self._discover(claimed_id)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/discover.py", line 470, in discover
return discoverURI(identifier)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/discover.py", line 462, in discoverURI
claimed_id, openid_services = discoverYadis(uri)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/consumer/discover.py", line 389, in discoverYadis
response = yadisDiscover(uri)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/yadis/discover.py", line 70, in discover
resp = fetchers.fetch(uri, headers={'Accept': YADIS_ACCEPT_HEADER})
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/fetchers.py", line 42, in fetch
return fetcher.fetch(url, body, headers)
File "/home/lmacken/.virtualenvs/bodhi-python2.7/lib/python2.7/site-packages/openid/fetchers.py", line 181, in fetch
raise HTTPFetchingError(why=exc_inst)
HTTPFetchingError: (6, 'Could not resolve host: lmacken.id.fedoraproject.org')phenomenon
Hello,
I'm using Fedora OpenID to log-in to (Fedora-based) project web site www.FreeIPA.org. It is annoying that I have to always click to "Approve" on page "Review the authorization details".
It would be nice to add a checkbox like "Remember my decision" to the "Review the authorization details" page.
Thanks!
Currently, the licensing of FAS-OpenID is a mess (the meta files list GPLv2, whereas the source codes list BSD).
I want to relicense it to use GPLv3+.
The following people have contributed commits to fas-openid. Their public consent will be required before the relicensing is complete:
There is an invalid picture at the OpenID page.
Suggested fix:
Use <img id="logo" alt="logo" src="//id.fedoraproject.org/static/fedora-authn-logo-white.png"/> instead of <img id="logo" alt="logo" src="/static/fedora-authn-logo-white.png"/>
(Reported by @cydrobolt)
We need a script to make releasing a version easier and less manual
Right now, the interface to the auth module is very ill-defined.
This interface should be defined clearly, and the FAS auth module should be refactored to use it.
If I read the code correctly, it seems you're handling csrf token manually, would it make sense to port fas-openid to use flask-wtf (which itself relies on wtforms)?
Add a registration link
One of these was thrown today from tagger on packages02 running python-openid-2.2.5-1.el6.noarch.
[Tue Jun 11 19:38:08 2013] [error] Error attempting to use stored discovery information: <openid.consumer.consumer.TypeURIMismatch: Required type http://specs.openid.net/auth/2.0/signon not found in ['http://specs.openid.net/auth/2.0/server', 'http://openid.net/server/1.0', 'http://fedoraproject.org/specs/open_id/cla', 'http://ns.launchpad.net/2007/openid-teams', 'http://openid.net/extensions/sreg/1.1', 'http://openid.net/sreg/1.0', 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant', 'http://schemas.openid.net/pape/policies/2007/06/multi-factor', 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical'] for endpoint <openid.consumer.discover.OpenIDServiceEndpoint server_url='https://id.fedoraproject.org' claimed_id=None local_id=None canonicalID=None used_yadis=True >>
[Tue Jun 11 19:38:08 2013] [error] Attempting discovery to verify endpoint
[…snip…]
[Tue Jun 11 19:38:09 2013] [error] ERROR:fedoratagger:Exception on /_flask_fas_openid_handler/ [GET]
[Tue Jun 11 19:38:09 2013] [error] Traceback (most recent call last):
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask/app.py", line 1687, in wsgi_app
[Tue Jun 11 19:38:09 2013] [error] response = self.full_dispatch_request()
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask/app.py", line 1360, in full_dispatch_request
[Tue Jun 11 19:38:09 2013] [error] rv = self.handle_user_exception(e)
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask/app.py", line 1358, in full_dispatch_request
[Tue Jun 11 19:38:09 2013] [error] rv = self.dispatch_request()
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask/app.py", line 1344, in dispatch_request
[Tue Jun 11 19:38:09 2013] [error] return self.view_functions[rule.endpoint](**req.view_args)
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask_fas_openid.py", line 64, in flask_fas_openid_handler
[Tue Jun 11 19:38:09 2013] [error] return self._handle_openid_request()
[Tue Jun 11 19:38:09 2013] [error] File "/usr/lib/python2.6/site-packages/flask_fas_openid.py", line 94, in _handle_openid_request
[Tue Jun 11 19:38:09 2013] [error] user['groups'] = teams_resp.teams # The groups do not contain the cla_ groups
[Tue Jun 11 19:38:09 2013] [error] AttributeError: 'NoneType' object has no attribute 'teams'For this to be more usable to other people, we need more auth providers.
This issue is to mark the need for an database-backed auth provider
First of all, thank you for implementing enhancement described in issue #54! It is really nice.
I would like to propose one minor enhancement: It would be really nice if select box "Remember approval for"... contained option "forever".
There are services which I don't use every day, so "remembered" state typically expires right before I log-in again :-)
I understand that option "forever" could theoretically increase database size to some unacceptable size. "Forever" could be too long but even something like 1 year would help.
Maybe this could be optimized further... For example by prunning records for "dead" accounts (i.e. accounts not used for half a year or so), remembering only last 50 sites or something like that.
Thank you and have a nice day!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.