This adds the concept of an apiurl to each site that uses community
authentication, that the main website server can make calls to and send
updates. This URL will receive POSTs from the main website when a user
account that has been used on this site gets updated, and can then
optionally update it's local entries with it (the django plugin sample
is updated to handle this fully).
Updates are only sent for users that have a history of having logged
into the specific site -- this way we avoid braodcasting user
information to sites requiring specific constent that the user hasn't
given, and also decreases the amount of updates that have to be sent.
Updates are queued by the system in a table and using listen/notify a
daemon that's running picks up what needs to be updated and posts it to
the endpoints. If this daemon is not running, obviously nothing gets
sent.
Updates are tracked using triggers in the database which push
information into this queue.
This allows each account to have more than one email address, of which
one is primary. Adding more addresses will trigger an email with a
verification link (of course). The field previously known as "email" is
now changed to be "primary email".
Change the profile form to allow freely changing between the added
addresses which one is the primary. Remove the functionality to directly
change the primary email -- instead one has to add a new address first
and then change to that one, which simplifies several things in the
handling.
This adds a new model for CommunityAuthOrg representing the organisation
that runs the system that's being authenticated (e.g. PostgreSQL Europe
or PostgreSQL US). For this we just keep a name and a "is consent required" flag.
In the case where consent is required, we keep track on a per-user basis
of if they have given consent to sharing their data with this
organistion. If they haven't, we ask for it before completing the
redirect and actually sharing the data.
1. ForeignKey with unique -> OneToOneField
2. IPAddressField -> GenericIPAddressField
3. Fix fields with default=datetime.now() which gives server start time,
not the insert time (clearly this default was never used, and the
field was always explicitly set, but it should still not be incorrectly
defined)
This lets us configure some sites that require accounts to have been
in the system for longer than a certain time before they are allowed
to log in to that site. In particular, the wiki is easy to spam, so
we want those users to be in the system for a while before they can
try something like that.
Requires manual sql to be run on all installations:
ALTER TABLE account_communityauthsite ADD COLUMN cooloff_hours int NOT NULL DEFAULT 0;
When changing an email, we generate a random token and send it to the
new email (the old email is verified by the fact that the user is
already logged in). Once the link in the email is clicked, we update
the actual email.
This system relies on http redirects and signing in to the main website
instead of using cross-internet pgsql connections and signing in individually
to each website.
