Ticket #8042 (closed Bug: wontfix)

Opened 6 years ago

Last modified 2 years ago

Sharing tab can't find OpenID users

Reported by: grahamperrin Owned by:
Priority: major Milestone: Future
Component: OpenID support Version:
Keywords: unsupported Cc: grahamperrin, shurik, davisagli, MatthewWilkes, djay

Description

Bug

In the /@@sharing Sharing view of an object, OpenID users without full names can not be found.

Environment

  • Plone 3.1-rc1
  • OpenID Authentication Support 1.1

Improvement suggestions

The Full Name field at /personalize_form should be a requirement (not simply an option) for OpenID users.

Instead of taking an OpenID user to dashboard immediately following their first login to a Plone site:

  • immediately take the user to /personalize_form
    • with a highlight (red dot, probably) against Full Name.

Change History

comment:1 Changed 6 years ago by hannosch

  • Milestone changed from 3.1 to 3.0.x

comment:2 Changed 6 years ago by davisagli

  • Summary changed from Can't find OpenID users; 'Full Name' field at /personalize_form should be a _requirement_ for such users to Sharing tab can't find OpenID users

I don't think requiring a full name is the right resolution of this issue. But we do need to find a way to allow searching for OpenID users to assign roles.

comment:3 Changed 6 years ago by shurik

  • Cc shurik added

It appears that it is possible to find OpenID users and assign roles to them as long as one searches for their exact username including  http:// and the trailing /. I believe this behavior is the result of the current IUserEnumerationPlugin implementation in plone.openid.

I also tested entering  http://somestring in the search field on the sharing form and it returns the same string no matter what it is as if a user has been found and allows to assign permissions.

comment:4 follow-up: ↓ 5 Changed 6 years ago by davisagli

  • Milestone changed from 3.x to 3.3

Ah, yeah, this is related to the fact that the OpenID PAS plugin doesn't really have any local store of openid users. It can authenticate via openid, but doesn't create anything persistent when a user logs in. So when it gets asked to enumerate, it just punts and returns the userid you pass in as long as its a validly formatted URL. This isn't ideal, but I'd call it a design flaw rather than a bug. This should be easier once the support for openid-sourced properties is complete, as that will require some sort of local store, so let's revisit it then.

comment:5 in reply to: ↑ 4 ; follow-up: ↓ 6 Changed 6 years ago by grahamperrin

  • Cc davisagli added

Replying to davisagli:

… support for openid-sourced properties … will require some sort of local store …

Please see also:

Highlights from the latter:

  • User types in email addresses of Contacts to invite
  • User enters a invite message
  • Contacts are stored in the system

I stumbled across that usecase a few weeks ago, then wondered what might be their notions of storage.

Now, or sometime with the 3.3 milestone in mind:

  • is this an opportunity to share/co-ordinate thoughts on the subject?

I'll post to the  Plone Social Networking group, drawing attention to:

  1. this ticket:8042
  2. the broader feature request OpenID and delegation support seems incomplete.

comment:6 in reply to: ↑ 5 Changed 6 years ago by grahamperrin

  • Cc MatthewWilkes added

Replying to grahamperrin:

… support for openid-sourced properties … will require some sort of local store …

is this an opportunity to share/co-ordinate thoughts on the subject [of storage]?

An afterthought: I don't know whether discussion [of storage] should fall under the subject of this ticket Sharing tab can't find OpenID users.

FWIW I might expect to find discussions relating to OpenID and storage at  http://plone.org/support/forums/core.

comment:7 follow-up: ↓ 8 Changed 6 years ago by djay

wouldn't automembermaker solve this problem?

comment:8 in reply to: ↑ 7 Changed 6 years ago by grahamperrin

  • Cc djay added

Replying to djay:

wouldn't automembermaker solve this problem?

I'm not familiar with automembermaker, sorry.

I do have a concern, possibly unfounded, re: the  risk of multiple Plone accounts for a single person, and how to deal with multiplication.

comment:9 Changed 6 years ago by gabdavhp

  • Keywords bigbug added

comment:10 Changed 5 years ago by hannosch

  • Milestone changed from 3.3 to 3.x

comment:11 Changed 5 years ago by grahamperrin

As ticket:8368 Prefs page searches should search by Fullname and Login is progressed, so maybe the priority/frequency of this bug will be reduced.

comment:12 Changed 5 years ago by jonstahl

  • Keywords bigbug removed
  • Milestone changed from 3.x to Future

Bottom line: openID needs a champion to drive it forward if we want to deepen our support for this important open standard.

comment:13 Changed 2 years ago by eleddy

  • Status changed from new to closed
  • Keywords unsupported added
  • Resolution set to wontfix
Note: See TracTickets for help on using tickets.