Idea: consider starting to allow sign-on using openid

[hughperkins]

OpenID seems to be becoming popular, with google, yahoo, paypal et al starting to think about it seriously. Could now be an appropriate time to make it possible to log into the forums et al using an OpenID?

[Neddie]

Eh... why not?

[hughperkins]

Started to take a look at various components. phpbb I feel is the more important one, but mediawiki looks more stable.

On my own hosting (dreamhost), I had to recompile php to include gmp, the gnu mp bignum library. There are a couple of scripts to do this automatically, tested in a dreamhost environment, here:

http://hughperkins.com/techblog/?p=27

Then, adding openid to a mediawiki consisted of:
- copying the directory OpenID from http://www.mediawiki.org/wiki/Special:E ... tor/OpenID into the 'extensions' directory
- copying the directory Auth from http://openidenabled.com/files/php-open ... .3.tar.bz2 into the root of the wiki directory, the directory with index.php in
- adding require_once("$IP/extensions/OpenID/OpenID.setup.php"); at the bottom of the LocalSettings.php file
- setting $wgTrustRoot to the url of the wiki site, in the LocalSettings.php file, after the OpenID.setup.php require_once

[Tobi]

Make sure this works with usernames with spaces in the name, and usernames with underscores in the name.

The current single-logon solution for phpbb and mediawiki doesn't allow this (one of the two is always broken, I believe it's names with spaces now), severely reducing the use of single-logon functionality.

Same thing applies to the forum and all other things in which you plan to integrate it...

[hughperkins]

I was kind of thinking along the lines of just creating a prototype and someone else would add it to the main website

That said, I'd be happy to do that.

Perhaps the thing to do would be to copy the database and website to a staging database and website and check that it still seems to work, eg we could check issues with usernames and so on at that point for example.

Question: does the issue with usernames that you've seen cause database corruption, or entirely prevent affected users from logging in at all, using a password, or is the effect restricted to preventing people with spaces or underscores in their username from being able to take advantage of using OpenID to login?

[Tobi]

Perhaps the thing to do would be to copy the database and website to a staging database and website and check that it still seems to work, eg we could check issues with usernames and so on at that point for example.

This exists, though it isn't really practical atm. If you add springrtstest.com (IIRC) to your /etc/hosts file with same IP as springrts.com, you should end up on clone of the current site, that just has a database that is maybe a week older currently.

I'm trying to make a VirtualBox disk image containing ready-to-run website clone, but I need to solve a few things first. (I need in particular a safe enough way to make sure I copy only public data in the database on it, and no private data; if you happen to know scripts for this purpose for phpbb/mantis/mediawiki databases let me know.)

Then anyone could just play around, modify stuff, commit (BrainDamage and I also been working on moving website in git), push and ask one with real server access to merge / cherrypick and update main server.

Question: does the issue with usernames that you've seen cause database corruption, or entirely prevent affected users from logging in at all, using a password, or is the effect restricted to preventing people with spaces or underscores in their username from being able to take advantage of using OpenID to login?

It just prevents people with the affected usernames from logging in altogether.

[hughperkins]

It just prevents people with the affected usernames from logging in altogether.

"just" They can't log in at all, even with a normal username/password pair?

> if you happen to know scripts for this purpose for phpbb/mantis/mediawiki databases let me know

I guess for wiki, everything is public, so it could be just a question of going through the passwords table, and setting everyone's password to either something random (doesn't matter if they can't login massively, or they can reset their password perhaps), or to some easy default?

For phpbb, I guess you mean that private messages should be wiped? And then in addition, a similar step of doing somethign about the password hashes as for mediawiki?

Edit: for mediawiki, looks like there are 74 users out of 2713 with spaces, '-', or '_' in the name. Maybe it could be acceptable just to run an sql query to remove any spaces and underscores from these usernames, maybe send an email to their email address indicating the change?

[Tobi]

They would have to be changed in the PHPBB database currently, as mediawiki is linked to PHPBB accounts.

It could be an idea, but I do not really prefer to do that without some kind of plan in place to not have to do that more times. (This was just an example of what could go wrong; I can imagine that more things could pop up when doing single-login stuff.)

[hughperkins]

I tried creating a user in an openid-enabled wiki just now with spaces in, and I was able to log out and in using a username/password pair ok. Maybe the problem is specific to phpbb?

Maybe an option could be to migrate mediawiki to allow openid logins (this doesn't prevent username/password logins by the way, using openid is just an extra login option, at least, in theory ), and then this might motivate someone to come along, test the phpbb openid mod, and get that working too with spaces and underscores?

[hughperkins]

There is a blank fresh mediawiki install here:

http://hughperkins.com/test/testwiki/

I tried the following:
- installed latest version of mediawiki
- created a user called 'This-is_a test user'
- it created it, but silently converted it to 'This-is a test user' (it changed the underscore to a space, and kept the other spaces)
- installed openid extension
- logged out and back in again
-> could log in ok

- went to special pages, and clicked on 'convert account to openid'
-> got an error about the openid database table not existing

- clicked on 'logout', then 'login with openid'
- entered my openid
- went through to openid
-> same error about openid datbase table not existing

- on my webhost, in an ssh session, cd'd into test/testwiki directory
- ran php5 maintenance/update.php
-> needed AdminSettings
- copied AdminSettings.sample to AdminSettings.php, and filled in the db connection info
- reran php5 maintenance/update.php
-> ran ok

- logged into the wiki as This-is a test user, using password
-> worked ok

- logged out
- logged in using my openid
- associated the openid with This-is a test user
-> logged in ok

- logged out
- logged in as This-is a test user, using password
-> logged in ok

Seems to work ok?

[Tobi]

Ok that's good.

(Quite possibly on current site it's caused either by mediawiki being a bit old version and/or by the PHPBB-auth plugin.)

[hughperkins]

Ok. What do you see as the next steps for activating openid for springrts.com/wiki ?