Page MenuHomePhabricator

When having a forced provider, disallow adding (converting) further OpenIDs from non-allowed providers: only allow to add the forced provider.
Closed, ResolvedPublic

Description

I set $wgOpenIDAllowExistingAccountSelection = false, but it still shows the link to Special:OpenIDConvert on Special:Preferences and Special:OpenIDConvert still acts like it will work.


Version: master
Severity: normal

Details

Reference
bz54507

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 2:14 AM
bzimport set Reference to bz54507.
Anomie created this task.Sep 24 2013, 4:19 PM

(In reply to comment #0)

I set $wgOpenIDAllowExistingAccountSelection = false, but it still shows the
link to Special:OpenIDConvert on Special:Preferences and
Special:OpenIDConvert
still acts like it will work.

You most probably misunderstood the meaning of this parameter.

Let me explain.

According to https://www.mediawiki.org/wiki/Openid#Configuration it does this when set "true":

"when first-time logging in with OpenID, show option to select an existing MediaWiki user"

So when you "create an account" on an E:OpenID-enabled wiki, it shows you _also_ a form where you can enter i) the name of an existing account user ii) the associated password. In that way, you can "come" with your OpenID to your MediaWiki, login and associate that OpenID with the user account.

I am closing this bug, but feel free to reopen it, if you are unhappy with my decision and if you need further clarifications.

Anomie added a comment.Oct 7 2013, 2:53 PM

What I was looking for was a situation where you want a 1:1 relationship between local accounts and accounts on the one forced provider. The OpenID extension seemed to support this by only allowing login/account creation via OpenID and by forcing the use of one particular provider, but then there was still the ability to attach other accounts from the provider to the local account.

(In reply to comment #2)

What I was looking for was a situation where you want a 1:1 relationship
between local accounts and accounts on the one forced provider. The OpenID
extension seemed to support this by only allowing login/account creation via
OpenID and by forcing the use of one particular provider, but then there was
still the ability to attach other accounts from the provider to the local
account.

okay, now I understand what you want. Good point. I remember this issue, but it went off my screen...

Anomie added a comment.Oct 7 2013, 6:00 PM

What if some site does want to allow tying the local account to more than one account on the forced provider? Or considering the "one or more forced providers" wording, what if some site wants to allow tying the local account to more than one of the available forced providers?

Or, given that the config variable isn't intended to do what I thought it was supposed to do, what if some site does want to allow attaching existing local accounts to the newly-forced provider?

Yes, yes, yes, yes, yes. And yes. The "Convert" page should only allow to add OpenID from allowed (may be forced) providers.

You are making it too complicate. I do know, what you really want - pls. be patient, or make a clean commit.