[geeklog-devtalk] Remote Authentication ;-)

[Michael Jervis]

OK I now have proper code for the current design of remote authentication up
and running on dev.fuckingbrit.com.

You can log-in via blogger or livejournal. All previous remote accounts have
been deleted, so when you login again it will re-create your account under
the "new rules". This will:

1) Make your username trunc(username)@service where trunc(username) makes
username at Service <= 16 characters
2) Store your full username in remoteusername (60 char field ;-))
3) Add you to the "Remote Users" group

I had a look at usersubmission = 1, I don't think the way users are "on
hold" can be made compatible with remote users. Currently, geeklog just
with-holds a password from them. When I get into making users disable-able,
perhaps I'll add "status" rather than "disabled" with 0 - on hold, 1 -
regular < 0 - disabled. Or something, then re-visit this problem. But for
now, usersubmission = 1 disables remote authentication.

I've added the service drop down to the login block too.

Changes now touch:

1) Users.php - Code to put the drop down in, code to do remote auth on login
2) lib-security.php - The code to do the authentication
3) language\english.php - One new language element for Login Service
4) Users table adds one field, no other changes.
5) New row in groups
6) Config.php - One boolean to enable/disable the service
7) lib-common.php - for the login block to inclode services drop down.


> I just don't want to use that (possibly very long) name as 

> the username in Geeklog, since we use Geeklog's username as 

> the display name in so many places.


The username is going to /have/ to be more than 16 characters. Not as much
as 60 maybe, but definatlely more than 16. "LiveJournal" is 12 characters,
leaving only 3 (because of the @) for the username:

http://dev.fuckingbrit.com/public_html/users.php?mode=profile&uid=17

Perhaps an additional 10 chars for @service?

Haven't got time to make .patch files right now, I'll try and do that when I
get home tonight.

There is another problem, I've added "Remote Users", "Contains all remotely
authenticated users", 1 to the groups table. Groupassignments correctly
contains a map for each remote user to this group. But. This group isn't
listed in admin/groups or on the users group memberships.

Root obviously has group admin, but do I need to add the remote users group
to root so I can admin it/see it or something? Even when I change the core
flag to 0, it still doesn't show. Not had a chance to look at the code yet.

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3030 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/geeklog-devtalk/attachments/20050207/76ba4578/attachment.bin>