Closed peta15 closed 12 years ago
peta15
commented
12 years ago add to logout flash message:
WARNING: You should strongly urge users that if using a computer that is not their's, say a kiosk in a public venue, they should clear all cookies in addition to logging out. (A less attractive alternative is to tell users to logout of your app then go to their OpenID provider's website and sign-out from there too.)
peta15
commented
12 years ago also of note:
WARNING: at the time of this writing, OpenID is not supported if your app runs in secure mode using HTTPS.
we should detect if url is https in basehandler and disable and hide openid from the app or add instructions for users to remove the functionality if using ssl. Also might be worth checking if ssl with openid is now available as the article mentioned above was written a while ago.
peta15
commented
12 years ago ok looks like ssl with openid is probably now supported with both custom domains and appspot: http://stackoverflow.com/questions/9994547/google-app-engine-federated-id-openid-cannot-run-in-ssl
peta15
commented
12 years ago TODO: provide a flag to disable openid and oauth for more secure applications: enable_federated_login=True
peta15
commented
12 years ago A fantastic conversation on openid and oauth with contributors to both engine auth and webapp2: https://groups.google.com/forum/?fromgroups#!topic/webapp2/Ui5FEFVnyIY
peta15
commented
12 years ago TODO: where social user is created to add a new provider to a user, we should be using user.add_auth_id('provider:uid')
peta15
commented
12 years ago TODO: cleanup, unit testing, user.add_auth_id, handle user profile setup on first time login via OpenID (for example how do they add a password when it requires a current password - do they have to do the password reset?)
coto
commented
12 years ago There is an error after upload 8c4c8aa (http://latest.sandengine.appspot.com/) The error log:
2012-07-24 06:40:26.742 / 500 7825ms 0kb Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11 190.44.122.231 - - [23/Jul/2012:23:40:26 -0700] "GET / HTTP/1.1" 500 225 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11" "latest.sandengine.appspot.com" ms=7826 cpu_ms=2200 api_cpu_ms=0 cpm_usd=0.061242 loading_request=1 instance=00c61b117cf32e328964fb5a2b096ae51a8708 E 2012-07-24 06:40:25.817 Traceback (most recent call last): File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1536, in call rv = self.handle_exception(request, response, e) File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1530, in call rv = self.router.dispatch(request, response) File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1278, in default_dispatcher return route.handler_adapter(request, response) File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1102, in call return handler.dispatch() File "/base/data/home/apps/s~sandengine/latest.360538830086704489/lib/basehandler.py", line 94, in dispatch webapp2.RequestHandler.dispatch(self) File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 572, in dispatch return self.handle_exception(e, self.app.debug) File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 570, in dispatch return method(_args, *_kwargs) File "/base/data/home/apps/s~sandengine/latest.360538830086704489/web/handlers.py", line 1095, in get return self.render_template('boilerplate_home.html', params) File "/base/data/home/apps/s~sandengine/latest.360538830086704489/lib/basehandler.py", line 239, in render_template 'provider_uris': self.provider_uris, File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 726, in get** value = self.func(obj) File "/base/data/home/apps/s~sandengine/latest.360538830086704489/lib/basehandler.py", line 182, in provider_uris login_urls[provider] = users.create_login_url(federated_identity=provider_uri, dest_url=self.uri_for('social-login-complete', provider_name=provider)) File "/base/python27_runtime/python27_lib/versions/1/google/appengine/api/users.py", line 256, in create_login_url raise NotAllowedError NotAllowedError
coto
commented
12 years ago sorry @peta15 I forgot to enable Federate Login ;) everything is ok now test it here http://appengine.beecoss.com/
BTW we could control that error with an except I think
peta15
commented
12 years ago good idea! I was wondering how to find that error to tell users to enable but you have found it!
On Tue, Jul 24, 2012 at 3:02 AM, Rodrigo Augosto < reply@reply.github.com
wrote:
sorry @peta15 I forgot to enable Federate Login ;) everything is ok now test it here http://appengine.beecoss.com/
BTW we could control that error with an except I think
Reply to this email directly or view it on GitHub: https://github.com/coto/gae-boilerplate/issues/55#issuecomment-7200133
peta15
commented
12 years ago TODO: catch NotAllowedError in basehandler.py provider_uris function
coto
commented
12 years ago I will create another issue, do you want to close this one???
peta15
commented
12 years ago Ok i am closing and i am opening another with all the TODOs listed above.
https://developers.google.com/appengine/articles/openid#ui
(note that the other 3: facebook, twitter, and linkedin are oauth and are covered by other issues)