Mahara

Disable Persona authentication

Bug #1541173 reported by Kristina Hoeppner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Unassigned
Mahara 16.04.0

Bug Description

This was discussed in the 50th developer meeting: http://meetbot.mahara.org/mahara-dev/2016/mahara-dev.2016-02-02-07.34.log.html#l-350

We decided to disable Persona authentication on new instances and provide admins with a warning / pop-up / modal when they click the "Show" button to let them know that Mozilla is going to end the support at the end of November 2016.

For any instances upgrading to Mahara 16.04, we will check if Persona authentication has been used. If no institution used it, Persona authentication will be disabled. If a site admin tries to enable it again, they would get the above message.

Deprecation of Persona auth itself is handled on bug #1533377.

Tags: auth
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6027

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/6028

Revision history for this message
Aaron Wells (u-aaronw) wrote :

I've pushed up a patch to disable the Persona auth plugin for new sites or upgrading sites where it is not yet in use (i.e. no auth instances of it).

I've also pushed up a separate patch that displays a warning message to the admin if the Persona plugin is enabled and/or in use. Since there is no existing Mahara API to show a custom message when a plugin is toggled from "disabled" to "enabled", I instead added it to the site_warnings() method that displays warnings on the Administration homepage.

I'm not sure if we actually want to start displaying that warning to admins yet, though, since we don't yet have a specific advisement for them about what they should do to migrate away.

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/6030

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/6027
Committed: https://git.mahara.org/mahara/mahara/commit/091285cf0cdfe934e504a039f7dd6d781cd277a7
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 091285cf0cdfe934e504a039f7dd6d781cd277a7
Author: Aaron Wells <email address hidden>
Date: Tue Feb 9 13:42:24 2016 +1300

Disable Persona/browserid auth if not in use (Bug 1541173)

Because Persona is going to be decommissioned by Mozilla in
November 2016, we want to discourage new sites from using it.
An easy way to do that, is to disable it for newly installed
sites, or when upgrading sites where it is not yet in use.

behatnotneeded: Can't be tested in behat

Change-Id: I7a986d8610a7bed0e7e1968912a242320b8ac44f

Kristina Hoeppner (kris-hoeppner)
Changed in mahara:
status: Confirmed → Fix Committed
Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6030
Committed: https://git.mahara.org/mahara/mahara/commit/7655230bde26c5d72e53a95e69800bfa0dd2ed61
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 7655230bde26c5d72e53a95e69800bfa0dd2ed61
Author: Robert Lyon <email address hidden>
Date: Tue Feb 9 16:54:33 2016 +1300

Bug 1541173: Add a generic 'deprecated' plugin option

So it can show a '- deprecated' message next tothe plugin on the
admin/extensions page.

Could be useful if other plugins become obsolete also

behatnotneeded

Change-Id: If1679e140253213f4e48d6916ed33152acc870da
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6316

Kristina Hoeppner (kris-hoeppner)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.