From 2afb0dd66332136f47d08f2ee4de292eb73c8779 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 27 May 2015 08:52:01 +0100 Subject: Do not directly enable emailauth by default, only indirectly via openid This avoids nasty surprises on upgrade if a site is using httpauth, or passwordauth with an account_creation_password, and relying on only a select group of users being able to edit the site. We can revisit this for ikiwiki 4. --- IkiWiki.pm | 2 +- IkiWiki/Plugin/openid.pm | 1 + debian/NEWS | 12 ++++++++++++ debian/changelog | 6 ++++++ doc/plugins/emailauth.mdwn | 5 +++-- doc/todo/emailauth.mdwn | 2 +- doc/todo/separate_authentication_from_authorization.mdwn | 5 +++++ 7 files changed, 29 insertions(+), 4 deletions(-) diff --git a/IkiWiki.pm b/IkiWiki.pm index 8244fa996..6e19d482a 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -165,7 +165,7 @@ sub getsetup () { default_plugins => { type => "internal", default => [qw{mdwn link inline meta htmlscrubber passwordauth - openid emailauth signinedit lockedit conditional + openid signinedit lockedit conditional recentchanges parentlinks editpage templatebody}], description => "plugins to enable by default", diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm index cc4b4ba3d..35ef52a58 100644 --- a/IkiWiki/Plugin/openid.pm +++ b/IkiWiki/Plugin/openid.pm @@ -11,6 +11,7 @@ sub import { hook(type => "auth", id => "openid", call => \&auth); hook(type => "formbuilder_setup", id => "openid", call => \&formbuilder_setup, last => 1); + IkiWiki::loadplugin("emailauth"); IkiWiki::loadplugin("loginselector"); IkiWiki::Plugin::loginselector::register_login_plugin( "openid", diff --git a/debian/NEWS b/debian/NEWS index d09b4d9be..c1f343520 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,15 @@ +ikiwiki (3.20150330) UNRELEASED; urgency=medium + + The new "emailauth" plugin allows users to authenticate using an email + address, without otherwise creating an account. + + The openid plugin now enables emailauth by default. Please include + emailauth in the disable_plugins setting if this is not desired. + Conversely, if emailauth is required on a wiki that does not enable + openid, you can list it in the enable_plugins setting. + + -- Simon McVittie Wed, 27 May 2015 08:30:43 +0100 + ikiwiki (3.20150107) experimental; urgency=medium By default, this version of IkiWiki tells mobile browsers that its diff --git a/debian/changelog b/debian/changelog index e483285fa..14ef4e71b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ ikiwiki (3.20150330) UNRELEASED; urgency=medium + [ Joey Hess ] * New emailauth plugin lets users log in, without any registration, by simply clicking on a link in an email. * Re-remove google from openid selector; their openid provider is @@ -13,6 +14,11 @@ ikiwiki (3.20150330) UNRELEASED; urgency=medium * Make cgiurl output deterministic, not hash order. Closes: #785738 Thanks, Daniel Kahn Gillmor + [ Simon McVittie ] + * Do not enable emailauth by default, to avoid surprises on httpauth-only + sites. Enable it by default in openid instead, since it is essentially + a replacement for OpenIDs. + -- Joey Hess Tue, 28 Apr 2015 12:24:08 -0400 ikiwiki (3.20150329) experimental; urgency=high diff --git a/doc/plugins/emailauth.mdwn b/doc/plugins/emailauth.mdwn index 74097d2cc..463666535 100644 --- a/doc/plugins/emailauth.mdwn +++ b/doc/plugins/emailauth.mdwn @@ -5,8 +5,9 @@ This plugin lets users log into ikiwiki using any email address. To complete the login, a one-time-use link is emailed to the user, and they can simply open that link in their browser. -It is enabled by default, but can be turned off if you want to only use -some other form of authentication, such as [[passwordauth]] or [[openid]]. +It is (indirectly) enabled by default, but can be turned off if you want to +only use some other form of authentication, such as [[passwordauth]] or +[[openid]]. Users who have logged in using emailauth will have their email address used as their username. In places where the username is displayed, like the diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 4683bbad2..ec7b4b96d 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -127,7 +127,7 @@ Thoughts anyone? --[[Joey]] >>> >>> Another way to do it would be to hash the email address, >>> so the commit appears to come from ->>> `smcv ` instead of +>>> `smcv ` instead of >>> from `smcv ` - if the hash is of `mailto:whatever` >>> (like my example one) then it's compatible with >>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). diff --git a/doc/todo/separate_authentication_from_authorization.mdwn b/doc/todo/separate_authentication_from_authorization.mdwn index 389f014c9..1eca0dced 100644 --- a/doc/todo/separate_authentication_from_authorization.mdwn +++ b/doc/todo/separate_authentication_from_authorization.mdwn @@ -12,6 +12,11 @@ owner (and maybe their outsourced service providers), but not available to random third parties. The principle of least astonishment would suggest that we should do the same here. +> This part is now addressed by cloaking email addresses: +> `smcv@debian.org` → `smcv@02f3eecb59311fc89970578832b63d57a071579e` +> (that's the sha1sum of `mailto:smcv@debian.org`, as used in FOAF). +> --[[smcv]] + (The expectation of privacy for direct git commits is rather different: I think we can expect direct git committers to know that they should either set a plausible non-email-address in their git identity, -- cgit v1.2.3