Merge lp:~james-w/lava-dashboard/openid into lp:lava-dashboard
Status: | Rejected |
---|---|
Rejected by: | James Westby |
Proposed branch: | lp:~james-w/lava-dashboard/openid |
Merge into: | lp:lava-dashboard |
Diff against target: |
69 lines (+15/-3) 4 files modified
dashboard_server/default_settings.py (+12/-1) dashboard_server/templates/base.html (+1/-1) dashboard_server/templates/dashboard_app/bundle_stream_list.html (+1/-1) dashboard_server/urls.py (+1/-0) |
To merge this branch: | bzr merge lp:~james-w/lava-dashboard/openid |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Linaro Infrastructure | Pending | ||
Review via email: mp+37807@code.launchpad.net |
Description of the change
Hi,
Here's the start of integration of django_openid_auth in to
launch-control.
It's small, because all the work is delegated to that library.
It does raise some questions though.
Firstly there are no tests. I don't think dashboard_app should
be testing this, as it's a configuration thing, but you don't
seem to be able to put tests in dashboard_server.
Secondly, the templates required changing, but that seems wrong.
What we really want to be able to do is get at settings.LOGIN_URL
in the templates, but I'm not sure how to do that. Otherwise we
could just have a simple view that does the redirect to LOGIN_URL,
but I don't like that either.
The other questions are more about how we want to use openid. Do
we want to remove access to the accounts pages? Do we want to
use openid for the admin interface? Do we want to allow any openid,
or force the use of Launchpad?
All of that is configuration, so it's more questions for dashboard.
rather than what we want launch-control to support.
Thanks,
James
I see the following issues:
1) Launchpad SSO does not send an email address, the user should be prompted to give one IMHO. I suspect that this could be simplified if we allow lauchpad to "trust" this application but I don't want to assume we can do that.
2) There should be an option to sign in with username and password for 'model' backend. I don't think we can assume each installation will just use openid for everything.
3) There should be an option to sign in with alternate provider. Or at the very least the log in page should say "sign in with launchpad account" or something like that.
As for testing the project. I don't know if you can test projects, I'll check it out and get back to this. It's actually the same problem as we had with CSRF checks. It's not a part of the application (although that's where we currently placed this).
Other than that it's great to see this running :-)
Great work James!