Disable Persona integration

sudoroom / sudo-infrastructure

Tracking issues related to sudoroom's infrastructure (web servers, wiki, mailing lists, etc)

2 stars 1 forks source link

Disable Persona integration #2

Closed rcsheets closed 8 years ago

rcsheets commented 8 years ago

Persona is deprecated, but we have it enabled on the wiki and possibly WordPress. It should be disabled everywhere it is in use, after anyone relying on it has migrated to some other authentication method.

[ ] ~~Determine whether anyone has been logging in using Persona~~
[ ] ~~Announce removal of Persona integration to users~~
[x] Remove integration from wiki
[x] Remove integration from WordPress

rcsheets commented 8 years ago

I'm not seeing any good way to determine whether users are logging into WordPress using Persona. I might just be missing something about how the browserid login process works. Worst case, some users will need to go through the password reset process. I've disabled the WordPress browserid plugin and confirmed that normal password-based logins are still working.

rcsheets commented 8 years ago

Same situation with the wiki. If there's a way to track down whether people are using Persona, I can't find it. Since Persona uses email address as username, it follows that everyone using Persona for their wiki account must have a valid email address, so they'll be able to do a password reset.

rcsheets commented 8 years ago

Removed wiki integration by commenting out the relevant require_once in LocalSettings.php.