• last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
refactor login cookie handling

The old code required repeated execption handlers.

Now, these exception handlers are on one place, and

users of sec_login_read_cookie can rely that a dict

is returned

minor cleanup

use in the configuration file more consistent names

All OpenACS package con be configured via the path

ns/server/[ns_info server]/acs/PACKAGE_NAME, so use as well

this nameing convention for the OAuth parameters.

Examples are:

ns_section ns/server/$server/acs/oauth/ms {


# Defaults for client ID and secret for the app (administrative

# agent) "ms::app" and the external identity provider for azure,

# which might be created via


# ::ms::Graph create ::ms::app

# ::ms::Authorize create ::ms::azure


ns_param client_id "..."

ns_param client_secret "..."

ns_param tenant "..."

ns_param version "v1.0"


ns_section ns/server/$server/acs/oauth/github {


# Defaults for client ID and secret for the the external identity

# provider github, which might be created via


# ::xo::oauth::GitHub create ::xo::oauth::github


ns_param client_id "..."

ns_param client_secret "..."


    • -10
    • +32
use consistently the term "return_url"

fix for short-text-questions

for short-text-questions, correct when is empty (an empty

list) when multiple subquestions exists. The old code

did not handle this case and checked just for the existance

of the variable.

many thanks to markus moser for the fix.

added exception handler for sec_login_get_external_registry

This is necessary for cases, where no login cookie exists

call directly ns_getform

relax date check slightly

    • -1
    • +1
room_id is required

fix typo

improve input validation

revert escaped changes

don't assume, the oauth package is installed

External identity provider reform (part 3)

- logout from external identity provider, if logged in via it

- extend default login page via ADP include, when external

identity providers are configured.

    • -2
    • +2
file external-logins.adp was initially added on branch oacs-5-10.

    • -0
    • +0
file external-logins.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
whitespace changes

simplify code

External identity provider reform (part 2)

Use the external identity provider for refresh of logins. When a user

is logged in via an external identity provider, use the same identity

provider for a refresh when it expires. The expiration time is

controlled via the classical OpenACS parameters.

Note that in general, the same user might be authenticated via a

classical OpenACS authority (e.g. local authority) and/or via an

external one (e.g. Microsoft Identity Platform (Azure) or GitHub).

For single-sign-ons, when the token is still valid, the redirect to

the external identity provider does not mean necessarily that the use

is shown the external identity provider's login page.

    • -2
    • +2
intensify validation of form variables

    • -4
    • +4
Fixed markup for Navbar for Bootstrap 3 and /5

Many thanks to Monika Andergassen for the contribution

minor cleanup

version maintenance

- the upstream version of the bootstrap fonts changed to 1.10.5

- the location of the CSS file in the distribution zip file has changed with version 1.10.4

- bump package version number to 0.2d6

validate item_type

define item_type for code_interaction

Record the fact that a certain user_id was created via an OAuth identity provider.

    • -1
    • +1
use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.