This creates a community auth version 3 (previous one being 2, and 1 is
long gone) trhat uses AES_SIV as the encryption method instead of
regular AES_CBC, and validates the digests on all accounts.
As this gets deployed on servers incrementall, the version has to be
specified in the database record for the site. We could have the site
indicate this itself, but doing it this way seems safer as it will then
just break for any app that accidentally reverts the plugin.
Reviewed by Jacob Champion
This adds the concept of an apiurl to each site that uses community
authentication, that the main website server can make calls to and send
updates. This URL will receive POSTs from the main website when a user
account that has been used on this site gets updated, and can then
optionally update it's local entries with it (the django plugin sample
is updated to handle this fully).
Updates are only sent for users that have a history of having logged
into the specific site -- this way we avoid braodcasting user
information to sites requiring specific constent that the user hasn't
given, and also decreases the amount of updates that have to be sent.
Updates are queued by the system in a table and using listen/notify a
daemon that's running picks up what needs to be updated and posts it to
the endpoints. If this daemon is not running, obviously nothing gets
sent.
Updates are tracked using triggers in the database which push
information into this queue.
It's useful to be able to directly get at the user record that was
returned instead of having to re-query it from the database. Since
nothing was previously returned, this is not backwards incompatible.
This callback can prevent new users from being created based on specific
criteria. The plugin is defined in settings.py, so it can be any python
code. For example, it can look up in a specific table if this user is
supposed to be allowed to log in at all.
This sample is used across most of our other sites, so add functionality
to install without having a local master repo.
Back-patch of pgeu commit 3e4d8c9101c2d309b134c2f5638aa40db8ef2cf5
This has been in standard python since 2.6, and we don't really care
about supporting anything older than that (even our old and soon to
be upgraded environments use 2.7)
Instead of raising an exception which will cause both a server log
and an email to be sent, return a proper http 400 message when the
incoming authentication request is bad. This will also show the
proper error message to the client, instead of a generic internal
server error.
This lets downstream systems securely search for users that are in
the system, so they can populate their local database with users
before they have logged in if necessary. This can be used for example
for the commitfest management system to be able to flag users as
authors and reviewers even before they have logged in.
This makes it possible to pass URLs that will fail when they end up being double
escaped in some cases, since they contain non-url-safe characters. Instead, they'd
be base64-encoded, and thus safe.
Also update the django community auth provider to do just this, including encrypting
the data with the site secret key to make sure it can't be changed/injected by
tricking the user to go directly to the wrong URL.
In order to provide a consistent user experience, we must sign the
user out from the main website if the community site provides a logout
button - else that button will appear not to work...
