Remove Persona (browserid) auth plugin by Nov 2016, because Mozilla is ending Persona support

Obviously we can just tell admins to switch Persona users to another auth method, but that means the users will need a new password. And we don't currently have a graceful way to prompt them for one in a situation like this. The existing "force password change on next login" functionality won't work, because it requires you to successfully log in first, and once a user is switched away from the Persona auth method, they will no longer be able to log in (particularly so once the Persona service is shut down).

An ideal way to handle it might be:

1. Allow the Persona auth method to have a "parent" auth method.

2. Before the Nov 2016 shutdown, flag the Persona users so that after their next successful Persona login, we tell them about the switch, force them to enter a password for the new parent auth method (if it has one), and then switch them over to the new auth method.

3. After the Nov 2016 shutdown, clicking on the "Persona" link in the login box instead takes you to a screen that tells you about the switch, and sends you to the "forgot password" page to reset the password for your new auth method.

Setting this to "Medium" priority for now, because it doesn't need to be tackled until the 16.10 release.

We already have the mechanism that when you remove a user with external auth to "No institution", they do get an email with their internal Mahara username and a link to reset their password. If we extended that to work for any auth change away from the external auth no matter whether you are being removed from the institution or not might work better and be more generic.

More info from Mozilla: https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

We decided in the 50th developer meeting (http://meetbot.mahara.org/mahara-dev/2016/mahara-dev.2016-02-02-07.34.log.html#l-350 ) to wait a couple of months to see if there are any others progressing with solutions. In the meantime, we are going to disable Persona auth per default in 16.04. See bug #1541173.

An FYI: The Mozilla Backpack is going to use http://passportjs.org/ as per the announcement at https://medium.com/digitalme-an-open-badge-adventure/backpack-to-the-future-eb66c5c67d5a#.2ur49wy51

It looks like PassportJS is actually a general-purpose authentication middleware library, implemented in NodeJS. Much like Mahara's Auth plugin system, PassportJS lets you install plugins (called "strategies") to authentication with different sources that might be a specific site like Facebook, or a generic protocol like SAML; and then the NodeJS application developer can authenticate using a simple and consistent PassportJS API instead of having to write a specific handler for that auth method.

Unfortunately, it's not directly applicable to us in Mahara, because it's written in NodeJS not PHP. We do use NodeJS for compiling our CSS now (via gulp), but that's command-line Node scripts only during the build stage, whereas this is using Node as part of your web application.

Also unfortunately, because PassportJS is so flexible, it doesn't tell us much about what specific authentication providers they're going to replace Persona with, or how they're going to go about migrating users to them. But maybe we'll see some specifics on that if we keep watching.

Okay, it's coming up on the 16.10 release, and it looks like no particular service is taking over for Mozilla Persona, so we'll need to go ahead with our plans to decommission the plugin. I think probably the best use of our current resources is to do a minimal implementation that moves all the users over to Internal auth. It would look something like this:

1. On the Browserid extension config page, we add a button that initiates the migration

2. It deletes any browserid auth instances that have no users.

3. For the other browserid auth instances, it sets the "no current password" flag on their user record (which is '*' in the usr.password and usr.salt fields), and reassigns them to their institution's internal auth instance. If their institution doesn't have an internal auth instance, it creates one.

These users can then use the "Forgot password" page to request a new internal auth password. The site admin can instruct them to do this by manually sending out an email or updating the logged-out homepage.

Or I guess an even more minimal implementation would be to just tell affected site admins to migrate the users to a different auth instance manually.

Patch for "master" branch: https://reviews.mahara.org/7045

Reviewed: https://reviews.mahara.org/7045
Committed: https://git.mahara.org/mahara/mahara/commit/cfef0ff90ec3d8ef2fb714e4c0b649bd72255589
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit cfef0ff90ec3d8ef2fb714e4c0b649bd72255589
Author: Aaron Wells <email address hidden>
Date: Tue Sep 27 01:47:03 2016 +1300

Bug 1533377: Browserid end-of-life migration script

This patch removes all authentication functionality
from the browserid auth plugin. It adds a script,
accessible through the plugin's configuration page,
to migrate user accounts from browserid to
internal auth.

Also includes changes to allow users to be searched
by authtype, and to prevent non-useable plugins
from being enabled on the plugin config page.

Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
behatnotneeded: Can't test with behat

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7048

Reviewed: https://reviews.mahara.org/7048
Committed: https://git.mahara.org/mahara/mahara/commit/8ffe7776e9c6f0572203ca1d68294be4cabf276e
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 8ffe7776e9c6f0572203ca1d68294be4cabf276e
Author: Aaron Wells <email address hidden>
Date: Tue Sep 27 01:47:03 2016 +1300

Bug 1533377: Browserid end-of-life migration script

This patch removes all authentication functionality
from the browserid auth plugin. It adds a script,
accessible through the plugin's configuration page,
to migrate user accounts from browserid to
internal auth.

Also includes changes to allow users to be searched
by authtype, and to prevent non-useable plugins
from being enabled on the plugin config page.

Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
behatnotneeded: Can't test with behat
(cherry picked from commit cfef0ff90ec3d8ef2fb714e4c0b649bd72255589)

This functionality will need to be backported to the older versions of Mahara. If this is too big a change to include in a minor point release, we should provide the patches as people on supported versions would need to move away from Persona as well.

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/7177

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/7178

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/7179

Reviewed: https://reviews.mahara.org/7178
Committed: https://git.mahara.org/mahara/mahara/commit/65261b076046d8ebb32f8b7923ece473a0686f9a
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 65261b076046d8ebb32f8b7923ece473a0686f9a
Author: Aaron Wells <email address hidden>
Date: Tue Sep 27 01:47:03 2016 +1300

Bug 1533377: Browserid end-of-life migration script

This patch removes all authentication functionality
from the browserid auth plugin. It adds a script,
accessible through the plugin's configuration page,
to migrate user accounts from browserid to
internal auth.

Also includes changes to allow users to be searched
by authtype, and to prevent non-useable plugins
from being enabled on the plugin config page.

Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
behatnotneeded: Can't test with behat
Signed-off-by: Robert Lyon <email address hidden>

Reviewed: https://reviews.mahara.org/7177
Committed: https://git.mahara.org/mahara/mahara/commit/921bfa492962483264ebc5e4b993026f8750d7a8
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit 921bfa492962483264ebc5e4b993026f8750d7a8
Author: Aaron Wells <email address hidden>
Date: Tue Sep 27 01:47:03 2016 +1300

Bug 1533377: Browserid end-of-life migration script

This patch removes all authentication functionality
from the browserid auth plugin. It adds a script,
accessible through the plugin's configuration page,
to migrate user accounts from browserid to
internal auth.

Also includes changes to allow users to be searched
by authtype, and to prevent non-useable plugins
from being enabled on the plugin config page.

Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
behatnotneeded: Can't test with behat
Signed-off-by: Robert Lyon <email address hidden>

Reviewed: https://reviews.mahara.org/7179
Committed: https://git.mahara.org/mahara/mahara/commit/33275769e252a3113ce603427286d01ff0de9858
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 33275769e252a3113ce603427286d01ff0de9858
Author: Aaron Wells <email address hidden>
Date: Tue Sep 27 01:47:03 2016 +1300

Bug 1533377: Browserid end-of-life migration script

This patch removes all authentication functionality
from the browserid auth plugin. It adds a script,
accessible through the plugin's configuration page,
to migrate user accounts from browserid to
internal auth.

Also includes changes to allow users to be searched
by authtype, and to prevent non-useable plugins
from being enabled on the plugin config page.

Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
behatnotneeded: Can't test with behat