shane-tomlinson / browserid-wordpress Goto Github PK
View Code? Open in Web Editor NEWWordpress plugin that adds Persona authentication
Wordpress plugin that adds Persona authentication
Title says it all.
Cleared all cookies. This was working. I slept through the .40 release
If there is anything I can do to debug this, I can do it.
STR
I set a site logo to
https://ozten.com/i/avatar.jpg
This doesn't work for several reasons.
wp_localize_script
changes this value to https:\/\/ozten.com\/i\/avatar.jpg
which blows up in Persona.
So I hacked login.js to replace('\\', '')
.
Now I see watch being called with https://ozten.com/i/avatar.jpg
, but oddly the dialog still dies with
This line https://github.com/shane-tomlinson/browserid-wordpress/blob/master/login.js#L39 should use delegate
, instead of live
. delegate
was added in jQuery 1.4.2, and still exists in jQuery 2.0.3.
In order to continue support for jQuery 1.3 (the version that introduced .live
) something like this should work:
var logOutHandle = function(event) { /*...*/ },
logOutSelector = ".js-persona__logout";
if ( typeof $.fn.delegate === "function" ) {
$("body").delegate(logOutSelector, "click", logOutHandle);
}
else {
$(logOutSelector).live("click", logOutHandle);
}
Add more than aprox 30 characters and the Sign in button will exceed the wp-admin login area.
We have two similar *.pot files into project.
browserid.pot - into root directory of Persona plugin.
browserid.pot - into "locale" directory.
I could be wrong of course but I think that one of them is excess. I'm right? if yes, lets remove one of them :)
The ability to set the backgroundColor is coming!
The main page for the plugin in the directory of plugins at wordpress.org would benefit of having a direct link to "What is Persona" perhaps the tour at https://login.persona.org/about ?
The pages at WordPress.org where this should be IMO would be:
https://wordpress.org/plugins/browserid/faq/
https://wordpress.org/plugins/browserid/ (description)
In our WordPress setup we carry out all admin tasks on a different subdomain to the main site. I.e. WordPress admin pages are served from admin.examplenameofsite.com whereas the frontend is viewed through www.examplenameofsite.com (this allows all admin work to be served from a single server with the front end load balanced across multiple servers).
With v 0.43 we were experiencing a redirect loop whereby trying to view the front end pages after logging in redirected the user back to the admin dashboard, making the site unusable for logged in users. I.e. this happened:
User logs in to admin.examplenameofsite.com/wp-admin
User tries to visit www.examplenameofsite.com/
User is redirected to admin.examplenameofsite.com/wp-admin
This is caused by the assertion check running on every page, and redirecting the user back to the dashboard (this may also have been the cause of other performance problems). I fixed it by checking if the user was already logged in, and skipping the assertion check if so:
--- browserid.php (origina in v 0.43l)
+++ browserid.php (my working copy)
@@ -164,11 +164,14 @@
// I18n
load_plugin_textdomain(c_bid_text_domain, false, dirname(plugin_basename(__FILE__)));
- // Check for assertion
+ // If not already logged in, Check for assertion
+
+ if(!is_user_logged_in()){
$assertion = self::Get_assertion();
if (!empty($assertion)) {
self::Check_assertion($assertion);
}
+ }
// Enqueue BrowserID scripts
wp_register_script('browserid', 'https://login.persona.org/include.js', array(), '', true);
I guess the downside is that the user will not be auto-logged out if they log out of Persona, but for us that's a minor issue and I'd rather not have the overhead of checking on every page load anyway
Would be great if setting in WP is set to allow anyone to register if logging in via the plugin would auto-register the new user.
Version 0.44
Set "Disable non-Persona logins" in the WP plugin
Go to the "User" menu and click "Add new"
Fill in a "username" and "email"
Notice that you can't fill in a password since the plugin removes these fields
Click "Add new"
The new user is added, perhaps with an empty password or randomly generated password
The error message "ERROR: Please enter your password." is shown
Temporarily re-enable non-persona logins on the live site (ugh), create the user giving them a random password, then re-disable non-persona logins after.
We used this plugin on the nightingale blog. However with the 0.40 update it broke for us. It is pretty impossible to login without persona. Also you get these php errors while logged in. You can simply press back and are back on the page you wanted to go, but it still sucks.
At the wp-admin login page, the Persona button is located between the normal login (email + password) form and the normal login button. This seems rather confusing and doesn't help clearly distinguish the Persona login button from the other button - in fact it shows 2 buttons, given the impression the submit button for Persona will submit the normal login fields for authentication.
It should be located either at the top or at the bottom
This is even more confusing when other authentication plugins are enabled, such as Google Authenticator.
The biggest hurdle of getting more wide spread adoption of this plugin is the fact that you have to have an existing word press username to sign in via persona. I want any user with a persona acct to be able to sign in and make a comment.
user story:
I don't have a word press user name, and stumble on a blog. I want to comment. I click sign in with persona. I use my [email protected] to authenticate. I make comment successfully.
Currently, I just get a non-descriptive error if i don't have a word press sign in.
Strict Standards: Non-static method MozillaBrowserID::Get_loginout_html() should not be called statically, assuming $this from incompatible context in /Users/stomlinson/development/wordpress/wp-content/plugins/browserid/browserid.php on line 1140
In the FAQ ( https://wordpress.org/plugins/browserid/faq/ ) an example URL is provided:
Unfortunately that URL is now invalid.
Possibly the same bug as #25, but adding widget logout failure. Tested in v.45 on WP 3.52 running on MAMP
result: comment is added
expected: i have 'disable non-persona' logins which should not allow anyone commenting without persona
When logged out, having comments login support enabled in the plugin, the persona logo is shown with an accompanying link "What is persona?" which goes to https://login.persona.org/. It seems instead it should go to the corresponding URI in the appropriate language. It doesn't help that login.p.o does not have a language switcher, I assume it does browser detection.
When using a localized version of WordPress, the link is always the same despite there existing localized versions:
French: https://support.mozilla.org/fr/kb/quest-persona-comment-ca-marche
Spanish: https://support.mozilla.org/es/kb/que-es-y-como-funciona-mozilla-persona
etc.
The URL should be in the language file for proper language support - but putting it there would hardcode it.
In browserid-wordpress/browserid.php on line 1114:
if (!function_exists('new_user_notification')) {
should read:
if (!function_exists('wp_new_user_notification')) {
Steps to Reproduce
Expected
You are logged out and put on the sign in form
Actual
You are put onto the sign in form. Then the page redirect to the dashboard and you appear to be signed in. Then the page keeps refreshing every second.
result: the settings link is missing.
expected: there used to be a settings link
at browserid.php#32 is an error_reporting(E_ALL);
WordPress has it's own WP_DEBUG to display errors and notices
It would be useful to be able to point the plugin to alternate Persona repos for testing.
STR
jQuery("#commentform").off()
As reported by musicisair in http://wordpress.org/support/topic/site-name-cannot-contain-an-apostrophe?replies=1
function Option_sitename needs to escape $options['browserid_sitename'] with htmlspecialcharacters.
The new function should look like this:
// Site name option
function Option_sitename() {
$options = get_option('browserid_options');
if (empty($options['browserid_sitename']))
$options['browserid_sitename'] = null;
echo "<input id='browserid_sitename' name='browserid_options[browserid_sitename]' type='text' size='100' value='" . htmlspecialcharacters( $options['browserid_sitename'] ) . "' />";
echo '' . __('Default the WordPress site name', c_bid_text_domain);
}
WP has a color-picker build in. Why not use it ;)
I would like to implement this myself.
actual: upon blog article page refresh, you see http://gravatar.com/USER in the website field.
expected: it shouldn't show up there.
Shane Thomlinson, part of the Identity Team at Mozilla has taken over maintainership since April: https://shanetomlinson.com/2013/taking-over-as-maintainer-of-the-browserid-wordpress-plugin/
I am using this with 3.5.2 version of WP and it works fine.
After I updated this plugin in my Wordpress instance (previously logged in with Persona), every time I open a page the site loads normally but then redirects to my homepage and shows these error:
Warning: Missing argument 2 for MozillaBrowserID::Set_auth_cookie_action() in /route_to_wp/wp-content/plugins/browserid/browserid.php on line 512
Warning: Missing argument 3 for MozillaBrowserID::Set_auth_cookie_action() in /route_to_wp/wp-content/plugins/browserid/browserid.php on line 512
Warning: Missing argument 4 for MozillaBrowserID::Set_auth_cookie_action() in /route_to_wp/wp-content/plugins/browserid/browserid.php on line 512
Warning: Missing argument 5 for MozillaBrowserID::Set_auth_cookie_action() in /route_to_wp/wp-content/plugins/browserid/browserid.php on line 512
Warning: Cannot modify header information - headers already sent by (output started at /route_to_wp/wp-content/plugins/browserid/browserid.php:512) in /route_to_wp/wp-content/plugins/browserid/browserid.php on line 518
Warning: Cannot modify header information - headers already sent by (output started at /route_to_wp/wp-content/plugins/browserid/browserid.php:512) in /route_to_wp/wp-includes/pluggable.php on line 680
Warning: Cannot modify header information - headers already sent by (output started at /route_to_wp/wp-content/plugins/browserid/browserid.php:512) in /route_to_wp/wp-includes/pluggable.php on line 681
Warning: Cannot modify header information - headers already sent by (output started at /route_to_wp/wp-content/plugins/browserid/browserid.php:512) in /route_to_wp/wp-includes/pluggable.php on line 682
Warning: Cannot modify header information - headers already sent by (output started at /route_to_wp/wp-content/plugins/browserid/browserid.php:512) in /route_to_wp/wp-includes/pluggable.php on line 876
The issue only appears when the plugin is active. I deactivated it, deleted it and then reinstalled it (from Wordpress search and download/upload) but the error reappears.
I had to search the SVN repository, download the 0.36 version and upload it to my Wordpress. The error didn't return.
I noticed also that the options in the page for plugins details (0.4) are empty.
P3 Plugin Performance Profiler shows that Persona accounts for 50% of the runtime, even when I restrict the test session to non wp-admin pages!
To verify this result, I had WebPagetest average 10 tests with the Persona plugin enabled and again with the Persona plugin disabled (note that the "first load" test was only run once/is invalid as a measure). Turning Persona off shaved ~1.5 seconds from the time-to-first-byte, roughly matching the stats reported by P3.
From #32 (comment)
Thanks @krydos!
From @csuciu in the channel:
"There are no HTTP transports available which can complete the requested request"
If I type a name in the comment field, but post with Persona, the local part of my email address overwrites the name I typed in.
When we changed Persona to skip the 5 second post-verification delay, we removed an implicit timing dependency that the plugin was counting on. Now post-verification is janktastic.
this is an issue if you're on a shared or cafe computer
actual: There is no logout link. I can change my name but the blog admin sees all comments with the same persona email
expected: i would expect the 'sign in with email' to change to a logout button
Ahhh. I am sorry about non informative title.
When I went to the Persona settings I got the notice about "Undefined index". I think this is because Persona plugin have no data into db about new fields "browserid_terms_of_service" and "browserid_privacy_policy".
P.S. Looks so redly and huge because I use xdebug.
So I tryed to fix this. And I send pull request below.
Even when the "Disable non-Persona logins" option is unchecked, the Persona widget only shows a persona login option.
Using WordPress 3.5.2.
I tested authentication for comments posting with the stable and dev versions, the Persona button doesn't show up with the dev version of the plugin, even if it's enabled in the options.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.