From: Brion Vibber Date: Thu, 30 Sep 2010 19:35:25 +0000 (-0700) Subject: Fix for OpenID-only private sites: we were removing the 'login' and 'register' action... X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=93bea7ff28434dee5202659a99a024476d43592f;p=quix0rs-gnu-social.git Fix for OpenID-only private sites: we were removing the 'login' and 'register' actions from the routing system entirely, which meant that login links & redirects from unauthenticated views on private sites (as well as various re-auth situations even on non-private sites) would break and send to the main page instead. Changed it to leave the 'login' and 'register' actions in the system; we're already taking them over and redirecting them to the OpenID login page, so they won't be reached by accident; but now those redirects can be reached on purpose. ;) Better long-term fix may be to allow some aliasing, so we can have common_local_url('login') actually send us straight to the OpenID login page instead of having to go through an intermediate redirect, but this'll do. --- diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php index 7d6a5dc000..a033a50109 100644 --- a/plugins/OpenID/OpenIDPlugin.php +++ b/plugins/OpenID/OpenIDPlugin.php @@ -102,9 +102,14 @@ class OpenIDPlugin extends Plugin function onStartConnectPath(&$path, &$defaults, &$rules, &$result) { if (common_config('site', 'openidonly')) { - static $block = array('main/login', - 'main/register', - 'main/recoverpassword', + // Note that we should not remove the login and register + // actions. Lots of auth-related things link to them, + // such as when visiting a private site without a session + // or revalidating a remembered login for admin work. + // + // We take those two over with redirects to ourselves + // over in onArgsInitialize(). + static $block = array('main/recoverpassword', 'settings/password'); if (in_array($path, $block)) {