From e55b38928a14c9362be22d682e1fbe5344ab17ae Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Dec 2016 18:30:43 +0100 Subject: [PATCH] Bug 17486: Remove Mozilla Persona Persona never really took off, and although many browsers currently support it, very few services actually implement it. This has lead to it's founders, Mozilla, to end the project. In their own words: ============================================================================= Persona is no longer actively developed by Mozilla. Mozilla has committed to operational and security support of the persona.org services until November 30th, 2016. On November 30th, 2016, Mozilla will shut down the persona.org services. Persona.org and related domains will be taken offline. If you run a website that relies on Persona, you need to implement an alternative login solution for your users before this date. For more information, see this guide to migrating your site away from Persona: https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers ============================================================================= Given the above, and that the Persona authentication methods as a whole are no longer being actively maintained by anyone anywhere to ensure ongoing security, we should deprecate the option from koha. Test plan: Apply this patch and make sure you do not find any references of Persona Have a look at patches from bug 9587 and confirm that everything has been reverted Signed-off-by: Owen Leonard Signed-off-by: Marcel de Rooy Code looks good to me. Also ran several tests including: Auth.t, Auth_with_shibboleth.t. Signed-off-by: Kyle M Hall --- C4/Auth.pm | 39 +-- C4/Context.pm | 5 +- .../data/mysql/atomicupdate/bug_17486.sql | 1 + installer/data/mysql/sysprefs.sql | 1 - .../en/modules/admin/preferences/admin.pref | 8 - .../bootstrap/css/persona-buttons.css | 232 ------------------ .../bootstrap/en/includes/doc-head-close.inc | 3 - .../bootstrap/en/includes/masthead.inc | 6 +- .../bootstrap/en/includes/opac-bottom.inc | 41 ---- .../bootstrap/en/modules/opac-auth.tt | 4 - .../bootstrap/en/modules/opac-main.tt | 3 - .../modules/opac-registration-confirmation.tt | 3 - opac/svc/login | 58 ----- 13 files changed, 7 insertions(+), 397 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/bug_17486.sql delete mode 100644 koha-tmpl/opac-tmpl/bootstrap/css/persona-buttons.css delete mode 100755 opac/svc/login diff --git a/C4/Auth.pm b/C4/Auth.pm index c3ad657c69..2a00a208f5 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -423,7 +423,6 @@ sub get_template_and_user { LoginFirstname => ( C4::Context->userenv ? C4::Context->userenv->{"firstname"} : "Bel" ), LoginSurname => C4::Context->userenv ? C4::Context->userenv->{"surname"} : "Inconnu", emailaddress => C4::Context->userenv ? C4::Context->userenv->{"emailaddress"} : undef, - loggedinpersona => C4::Context->userenv ? C4::Context->userenv->{"persona"} : undef, TagsEnabled => C4::Context->preference("TagsEnabled"), hide_marc => C4::Context->preference("hide_marc"), item_level_itypes => C4::Context->preference('item-level_itypes'), @@ -434,7 +433,6 @@ sub get_template_and_user { using_https => $using_https, noItemTypeImages => C4::Context->preference("noItemTypeImages"), marcflavour => C4::Context->preference("marcflavour"), - persona => C4::Context->preference("persona"), OPACBaseURL => C4::Context->preference('OPACBaseURL'), ); if ( $in->{'type'} eq "intranet" ) { @@ -748,7 +746,6 @@ sub checkauth { my $authnotrequired = shift; my $flagsrequired = shift; my $type = shift; - my $persona = shift; $type = 'opac' unless $type; my $dbh = C4::Context->dbh; @@ -789,10 +786,6 @@ sub checkauth { ); $loggedin = 1; } - elsif ($persona) { - - # we don't want to set a session because we are being called by a persona callback - } elsif ( $sessionID = $query->cookie("CGISESSID") ) { # assignment, not comparison my $session = get_session($sessionID); @@ -807,7 +800,7 @@ sub checkauth { $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), $session->param('emailaddress'), $session->param('branchprinter'), - $session->param('persona'), $session->param('shibboleth') + $session->param('shibboleth') ); C4::Context::set_shelves_userenv( 'bar', $session->param('barshelves') ); C4::Context::set_shelves_userenv( 'pub', $session->param('pubshelves') ); @@ -930,8 +923,7 @@ sub checkauth { if ( ( $cas && $query->param('ticket') ) || $userid || ( $shib && $shib_login ) - || $pki_field ne 'None' - || $persona ) + || $pki_field ne 'None' ) { my $password = $query->param('password'); my $shibSuccess = 0; @@ -959,27 +951,6 @@ sub checkauth { $info{'invalidCasLogin'} = 1 unless ($return); } - elsif ($persona) { - my $value = $persona; - - # If we're looking up the email, there's a chance that the person - # doesn't have a userid. So if there is none, we pass along the - # borrower number, and the bits of code that need to know the user - # ID will have to be smart enough to handle that. - require C4::Members; - my @users_info = C4::Members::GetBorrowersWithEmail($value); - if (@users_info) { - - # First the userid, then the borrowernum - $value = $users_info[0][1] || $users_info[0][0]; - } - else { - undef $value; - } - $return = $value ? 1 : 0; - $userid = $value; - } - elsif ( ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} ) || ( $pki_field eq 'emailAddress' @@ -1132,16 +1103,13 @@ sub checkauth { $session->param( 'ip', $session->remote_addr() ); $session->param( 'lasttime', time() ); } - if ($persona) { - $session->param( 'persona', 1 ); - } C4::Context->set_userenv( $session->param('number'), $session->param('id'), $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), $session->param('emailaddress'), $session->param('branchprinter'), - $session->param('persona'), $session->param('shibboleth') + $session->param('shibboleth') ); } @@ -1254,7 +1222,6 @@ sub checkauth { wrongip => $info{'wrongip'}, PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), - persona => C4::Context->preference("Persona"), opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, ); diff --git a/C4/Context.pm b/C4/Context.pm index 15b898de3b..b63b29248f 100644 --- a/C4/Context.pm +++ b/C4/Context.pm @@ -847,7 +847,7 @@ sub userenv { C4::Context->set_userenv($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $branchname, $userflags, - $emailaddress, $branchprinter, $persona); + $emailaddress, $branchprinter); Establish a hash of user environment variables. @@ -858,7 +858,7 @@ set_userenv is called in Auth.pm #' sub set_userenv { shift @_; - my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $branchname, $userflags, $emailaddress, $branchprinter, $persona, $shibboleth)= + my ($usernum, $userid, $usercnum, $userfirstname, $usersurname, $userbranch, $branchname, $userflags, $emailaddress, $branchprinter, $shibboleth)= map { Encode::is_utf8( $_ ) ? $_ : Encode::decode('UTF-8', $_) } # CGI::Session doesn't handle utf-8, so we decode it here @_; my $var=$context->{"activeuser"} || ''; @@ -874,7 +874,6 @@ sub set_userenv { "flags" => $userflags, "emailaddress" => $emailaddress, "branchprinter" => $branchprinter, - "persona" => $persona, "shibboleth" => $shibboleth, }; $context->{userenv}->{$var} = $cell; diff --git a/installer/data/mysql/atomicupdate/bug_17486.sql b/installer/data/mysql/atomicupdate/bug_17486.sql new file mode 100644 index 0000000000..ad238d22fc --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug_17486.sql @@ -0,0 +1 @@ +DELETE FROM systempreferences WHERE variable="Persona"; diff --git a/installer/data/mysql/sysprefs.sql b/installer/data/mysql/sysprefs.sql index ef83c3d8e7..423bbdf14d 100644 --- a/installer/data/mysql/sysprefs.sql +++ b/installer/data/mysql/sysprefs.sql @@ -409,7 +409,6 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, ` ('PayPalSandboxMode', '1', NULL , 'If enabled, the system will use PayPal''s sandbox server for testing, rather than the production server.', 'YesNo'), ('PayPalSignature', '', NULL , 'Your PayPal API signature', 'Free'), ('PayPalUser', '', NULL , 'Your PayPal API username ( email address )', 'Free'), -('Persona','0','','Use Mozilla Persona for login','YesNo'), ('PrefillItem','0','','When a new item is added, should it be prefilled with last created item values?','YesNo'), ('previousIssuesDefaultSortOrder','asc','asc|desc','Specify the sort order of Previous Issues on the circulation page','Choice'), ('printcirculationslips','1','','If ON, enable printing circulation receipts','YesNo'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref index 5d8091ca6d..e9d95be216 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref @@ -156,14 +156,6 @@ Administration: - "Google OpenID Connect Restrict to domain (or subdomain of this domain): " - pref: GoogleOpenIDConnectDomain - Leave blank for all google domains - Mozilla Persona: - - - - "Allow Mozilla persona for login: " - - pref: Persona - default: 0 - choices: - yes: "Yes" - no: "No" Share anonymous usage statistics: - - "Share anonymous Koha usage data with the Koha community: " diff --git a/koha-tmpl/opac-tmpl/bootstrap/css/persona-buttons.css b/koha-tmpl/opac-tmpl/bootstrap/css/persona-buttons.css deleted file mode 100644 index cae561b41c..0000000000 --- a/koha-tmpl/opac-tmpl/bootstrap/css/persona-buttons.css +++ /dev/null @@ -1,232 +0,0 @@ -/* Link body */ -a.persona-button { - color : #FFF; -} - -.persona-button{ - color: #fff; - display: inline-block; - font-size: 14px; - font-family: Helvetica, Arial, sans-serif; - font-weight: bold; - line-height: 1.1; - overflow: hidden; - position: relative; - text-decoration: none; - text-shadow: 0 1px rgba(0,0,0,0.5), 0 0 2px rgba(0,0,0,0.2); - - background: #297dc3; - background: -moz-linear-gradient(top, #43a6e2, #287cc2); - background: -ms-linear-gradient(top, #43a6e2, #287cc2); - background: -o-linear-gradient(top, #43a6e2, #287cc2); - background: -webkit-linear-gradient(top, #43a6e2, #287cc2); - background: linear-gradient(to bottom, #43a6e2 0%,#287cc2 100%); /* W3C */ - - -moz-border-radius: 3px; - -ms-border-radius: 3px; - -o-border-radius: 3px; - -webkit-border-radius: 3px; - border-radius: 3px; - - -moz-box-shadow: 0 1px 0 rgba(0,0,0,0.2); - -ms-box-shadow: 0 1px 0 rgba(0,0,0,0.2); - -o-box-shadow: 0 1px 0 rgba(0,0,0,0.2); - -webkit-box-shadow: 0 1px 0 rgba(0,0,0,0.2); - box-shadow: 0 1px 0 rgba(0,0,0,0.2); -} - -.persona-button:hover{ - background: #21669f; - background: -moz-linear-gradient(top, #3788b9, #21669f); - background: -ms-linear-gradient(top, #3788b9, #21669f); - background: -o-linear-gradient(top, #3788b9, #21669f); - background: -webkit-linear-gradient(top, #3788b9, #21669f); - background: linear-gradient(to bottom, #3788b9 0%,#21669f 100%); /* W3C */ -} - -.persona-button:active, .persona-button:focus{ - top: 1px; - -moz-box-shadow: none; - -ms-box-shadow: none; - -o-box-shadow: none; - -webkit-box-shadow: none; - box-shadow: none; -} - -.persona-button span{ - display: inline-block; - padding: 5px 10px 5px 40px; -} - -/* Icon */ -.persona-button span:after{ - background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA0AAAAPCAYAAAA/I0V3AAAA4klEQVR42o2RWaqEMBRE3YaCiDjPwQGcd9CrysLv4wTyoLFD90dxqbp1EgdPRB7Kskznea6Zn/aPoKoqUUrJOI5m4l2QBfSyLHKep1zXZSae3An1fS/7vst931bGkzuhaZrsLVbGkzuheZ7lOI6HyJ2QUkqv6yrbtv0LT+6E7G0UrfBfP3lZlpoXH4ZBmHgn5Pv+KwxDfqp0XQdgJp6c/RsUBIGOokiSJDE/s21bACbe5Ozp0TdAHMdSFIXUdS1N01C2wpObPT36HifwCJzI0iX29Oh7XP0E3CB9L01TzM+i/wePv4ZE5RtAngAAAABJRU5ErkJggg==) 10px center no-repeat; - content: ''; - display: block; - width: 31px; - - position: absolute; - bottom: 0; - left: -3px; - top: 0; - z-index: 10; -} - -/* Icon background */ -.persona-button span:before{ - content: ''; - display: block; - height: 100%; - width: 20px; - - position: absolute; - bottom: 0; - left: 0; - top: 0; - z-index: 1; - - background: #42a9dd; - background: -moz-linear-gradient(top, #50b8e8, #3095ce); - background: -ms-linear-gradient(top, #50b8e8, #3095ce); - background: -o-linear-gradient(top, #50b8e8, #3095ce); - background: -webkit-linear-gradient(top, #50b8e8, #3095ce); - background: linear-gradient(to bottom, #50b8e8 0%,#3095ce 100%); /* W3C */ - - -moz-border-radius: 3px 0 0 3px; - -ms-border-radius: 3px 0 0 3px; - -o-border-radius: 3px 0 0 3px; - -webkit-border-radius: 3px 0 0 3px; - border-radius: 3px 0 0 3px; -} - -/* Triangle */ -.persona-button:before{ - background: #42a9dd; - content: ''; - display: block; - height: 26px; - width: 26px; - - position: absolute; - left: 2px; - top: 50%; - margin-top: -13px; - z-index: 0; - - background: -moz-linear-gradient(-45deg, #50b8e8, #3095ce); - background: -ms-linear-gradient(-45deg, #50b8e8, #3095ce); - background: -o-linear-gradient(-45deg, #50b8e8, #3095ce); - background: -webkit-linear-gradient(-45deg, #50b8e8, #3095ce); - background: linear-gradient(to bottom, #50b8e8 0%,#3095ce 100%); /* W3C */ - - -moz-box-shadow: 1px -1px 1px rgba(0,0,0,0.1); - -ms-box-shadow: 1px -1px 1px rgba(0,0,0,0.1); - -o-box-shadow: 1px -1px 1px rgba(0,0,0,0.1); - -webkit-box-shadow: 1px -1px 1px rgba(0,0,0,0.1); - box-shadow: 1px -1px 1px rgba(0,0,0,0.1); - - -moz-transform: rotate(45deg); - -ms-transform: rotate(45deg); - -o-transform: rotate(45deg); - -webkit-transform: rotate(45deg); - transform: rotate(45deg); -} - -/* Inset shadow (required here because the icon background clips it when on the `a` element) */ -.persona-button:after{ - content: ''; - display: block; - height: 100%; - width: 100%; - - position: absolute; - left: 0; - top: 0; - bottom: 0; - right: 0; - z-index: 10; - - -moz-border-radius: 3px; - -ms-border-radius: 3px; - -o-border-radius: 3px; - -webkit-border-radius: 3px; - border-radius: 3px; - - -moz-box-shadow: inset 0 -1px 0 rgba(0,0,0,0.3); - -ms-box-shadow: inset 0 -1px 0 rgba(0,0,0,0.3); - -o-box-shadow: inset 0 -1px 0 rgba(0,0,0,0.3); - -webkit-box-shadow: inset 0 -1px 0 rgba(0,0,0,0.3); - box-shadow: inset 0 -1px 0 rgba(0,0,0,0.3); -} - -/* ======================================================== - * Dark button - * ===================================================== */ -.persona-button.dark{ - background: #3c3c3c; - background: -moz-linear-gradient(top, #606060, #3c3c3c); - background: -ms-linear-gradient(top, #606060, #3c3c3c); - background: -o-linear-gradient(top, #606060, #3c3c3c); - background: -webkit-linear-gradient(top, #606060, #3c3c3c); - background: linear-gradient(top, #606060, #3c3c3c); -} -.persona-button.dark:hover{ - background: #2d2d2d; - background: -moz-linear-gradient(top, #484848, #2d2d2d); - background: -ms-linear-gradient(top, #484848, #2d2d2d); - background: -o-linear-gradient(top, #484848, #2d2d2d); - background: -webkit-linear-gradient(top, #484848, #2d2d2d); - background: linear-gradient(top, #484848, #2d2d2d); -} -.persona-button.dark span:before{ /* Icon BG */ - background: #d34f2d; - background: -moz-linear-gradient(top, #ebac45, #d34f2d); - background: -ms-linear-gradient(top, #ebac45, #d34f2d); - background: -o-linear-gradient(top, #ebac45, #d34f2d); - background: -webkit-linear-gradient(top, #ebac45, #d34f2d); - background: linear-gradient(top, #ebac45, #d34f2d); -} -.persona-button.dark:before{ /* Triangle */ - background: #d34f2d; - background: -moz-linear-gradient(-45deg, #ebac45, #d34f2d); - background: -ms-linear-gradient(-45deg, #ebac45, #d34f2d); - background: -o-linear-gradient(-45deg, #ebac45, #d34f2d); - background: -webkit-linear-gradient(-45deg, #ebac45, #d34f2d); - background: linear-gradient(-45deg, #d34f2d, #ebac45); /* flipped for updated spec */ -} - -/* ======================================================== - * Orange button - * ===================================================== */ -.persona-button.orange{ - background: #ee731a; - background: -moz-linear-gradient(top, #ee731a, #d03116); - background: -ms-linear-gradient(top, #ee731a, #d03116); - background: -o-linear-gradient(top, #ee731a, #d03116); - background: -webkit-linear-gradient(top, #ee731a, #d03116); - background: linear-gradient(top, #ee731a, #d03116); -} -.persona-button.orange:hover{ - background: #cb6216; - background: -moz-linear-gradient(top, #cb6216, #b12a13); - background: -ms-linear-gradient(top, #cb6216, #b12a13); - background: -o-linear-gradient(top, #cb6216, #b12a13); - background: -webkit-linear-gradient(top, #cb6216, #b12a13); - background: linear-gradient(top, #cb6216, #b12a13); -} -.persona-button.orange span:before{ /* Icon BG */ - background: #e84a21; - background: -moz-linear-gradient(top, #f7ad27, #e84a21); - background: -ms-linear-gradient(top, #f7ad27, #e84a21); - background: -o-linear-gradient(top, #f7ad27, #e84a21); - background: -webkit-linear-gradient(top, #f7ad27, #e84a21); - background: linear-gradient(top, #f7ad27, #e84a21); -} -.persona-button.orange:before{ /* Triangle */ - background: #e84a21; - background: -moz-linear-gradient(-45deg, #f7ad27, #e84a21); - background: -ms-linear-gradient(-45deg, #f7ad27, #e84a21); - background: -o-linear-gradient(-45deg, #f7ad27, #e84a21); - background: -webkit-linear-gradient(-45deg, #f7ad27, #e84a21); - background: linear-gradient(-45deg, #e84a21, #f7ad27); /* flipped for updated spec */ -} diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/doc-head-close.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/doc-head-close.inc index b57404e609..5635cdcacc 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/doc-head-close.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/doc-head-close.inc @@ -31,9 +31,6 @@ [% END %] -[% IF persona %] - -[% END %] [% IF ( bidi ) %] [% END %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc index a778aa94ee..10ea1619d2 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc @@ -109,11 +109,7 @@ [% IF Koha.Preference( 'opacuserlogin' ) == 1 %] [% IF ( loggedinusername ) %]
  • [% END %] [% END %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc index 497f2f3db5..bf221f4b28 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-bottom.inc @@ -231,47 +231,6 @@ $.widget.bridge('uitooltip', $.ui.tooltip); [% END %] -[% IF persona %] - - -[% END # / IF persona %]