Fix for OpenID-only private sites: we were removing the 'login' and 'register' action...

Changed it to leave the 'login' and 'register' actions in the system; we're already taking them over and redirecting them to the OpenID login page, so they won't be reached by accident; but now those redirects can be reached on purpose. ;)
Better long-term fix may be to allow some aliasing, so we can have common_local_url('login') actually send us straight to the OpenID login page instead of having to go through an intermediate redirect, but this'll do.

diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php
index 7d6a5dc000e7c0d100d54c53ffadf3a894afc9a4..a033a50109087cd887487987cac5ba51bbdbf99a 100644 (file)
--- a/plugins/OpenID/OpenIDPlugin.php
+++ b/plugins/OpenID/OpenIDPlugin.php
@@ -102,9 +102,14 @@ class OpenIDPlugin extends Plugin
     function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
     {
         if (common_config('site', 'openidonly')) {
-            static $block = array('main/login',
-                                  'main/register',
-                                  'main/recoverpassword',
+            // Note that we should not remove the login and register
+            // actions. Lots of auth-related things link to them,
+            // such as when visiting a private site without a session
+            // or revalidating a remembered login for admin work.
+            //
+            // We take those two over with redirects to ourselves
+            // over in onArgsInitialize().
+            static $block = array('main/recoverpassword',
                                   'settings/password');
 
             if (in_array($path, $block)) {