[Libreoffice-qa] Moztrap OpenID support - go for testing!
Rimas Kudelis
rq at akl.lt
Thu Oct 11 03:11:56 PDT 2012
Hi Yifan!
2012.10.11 12:43, Yi Fan Jiang rašė:
> I have brought OpenID to Moztrap this week, the following is the test
> page for login:
>
> http://vm12.documentfoundation.org/openid/login/
thats awesome!
> I will update the main login page to add openid support next weekend
> if no critical issue found.
>
> Functions currently supported (testing required)
> ================================================
>
> * Based on EMAIL address, native login/Mozilla Persona/OpenID are all
> mapped to the same user in Moztrap now, so they should be seamlessly
> worked together. Those details as follows.
>
> - If you have a native registered moztrap user or ever used Mozilla
> Persona to login, and your openid provides an exact same EMAIL of such
> an account, the original user and openid user will be treated exactly
> identical.
>
> Actually you should feel nothing changed except inputting password is no
> longer needed :)
Great! Except here's a critical issue for you: I have just managed to
log on to MozTrap as you!!!
Here's the proof: http://i.imgur.com/eF0Cl.png .
In case you're wondering how I did this: I logged on to my weblog, set
my email in my profile to yfjiang at suse.com, and used its OpenID provider
to log in to the test website. Since I don't need to proove to my weblog
or the demo site that the email is indeed mine, I basically have full
control over MozTrap now. So, not a good thing. This needs some
rethinking. Most obvious option would be to use the OpenID URL (or
whatever it is that OpenID provides as the identifier) as id when
logging in using OpenID. This would also have a nice "side effect" that
the user could change their primary email, and still be able to log in
with the same user id and permissions.
Regards!
Rimas
More information about the Libreoffice-qa
mailing list