Closed wingfire closed 12 years ago
Looks good!
Can you state the reason you removed the safe-login page altogether? AFAIK this is a worthwhile security measure, particularly when not used in an intranet. Maybe we should allow disabling that feature through app_config?
Thank you for the changes! They are very much appreciated :)
Nevertheless: Can you please provide tests for the additions? These would be necessary for us to merge your pull request.
Maybe we should allow disabling that feature through app_config?
Yeah, good point!
Hi,
Sorry we are not able to run and enhanded the tests. They require rvm. This is neither available on our linux server nor on the windows clients. Can rvm be removed form the testing requirements?
We do not depend on infinity_test which uses RVM. You can execute the tests like before by running rake.
Rather than getting rid of the safe-login page, I'd like to see an option for that. We could add another option "disable safe-login page". What do you think? Btw, I agree the text on that page can be improved.
@wingfire: I like your suggestion - allow usage from specific domains only. That makes sense if you want to lock down usage to a corporate intranet, for example. So you could configure "trusted domains" like before and have new boolean option "only allow trusted domains".
Another suggestion: add to personas field for GPG public keys.
fyi: I merged some of the commits by cherry-picking them.
!!! We change the behavior of the config setting trusted_domain. Now this value forces trusting domains for openid requests without user interaction !!!