• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

fix typo

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

    • -2
    • +2
    /openacs-4/packages/xooauth/xooauth.info
    • -152
    • +27
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/tcl/authorize-procs.tcl
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/github-login-handler.tcl
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/github-login-handler.adp
make scope and response_type for ms::Authorize configurable

Port of downstream behavior:

to prevent modern browsers to shut down proctoring when put out of focus, make so that a foreground PiP of one of the streams is always displayed.

Added support for v2.0 for "Microsoft identity platform ID tokens"

Provide external registry information for usage in the login cookie

- This allows a logout operation from Azure, when login happend from

there as well.

- Bump version number to 0.4d3

    • -3
    • +3
    /openacs-4/packages/xooauth/xooauth.info
whitespace changes

Added preliminary support for secondary registries (e.g., MS Azure via oauth2)

- When login happened via external registry, the logout should happen

there as well.

- let "sec_login_read_cookie" return a dict instead of a list

(eases future extension)

- bump version number to 5.10.1d31

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
improve spelling

Added preliminary support for Microsoft identity platform ID tokens

    • -6
    • +246
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
    • -22
    • +29
    /openacs-4/packages/xooauth/tcl/rest-procs.tcl
file azure-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/azure-login-handler.adp
file azure-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/www/azure-login-handler.tcl
added minimal comments

Improved SQL query significantly by using "acs_permission.permission_p_recursive_array"

Before, a sample query used 300K buffers, now it is down to 2.6 buffers.

Under bad conditions, the old query used 2s or more.

    • -0
    • +22
    /openacs-4/packages/chat/www/index-oracle.xql
    • -14
    • +2
    /openacs-4/packages/chat/www/index.tcl
Fixed broken oracle.xql file (broken since 5 years)

    • -1
    • +0
    /openacs-4/packages/chat/www/room-oracle.xql
avoid error message on already handled invalid input

verify provided object_type

Sign the return_url we set when we generate a zip file to prevent tampering

Reintroduce exec-based approach for unzipping, as zipfile::decode will not handle files > 2GB well

provide hint for the potential source of the problem

In error cases, sometimes code is executed, although there is no connection

to the client open. In such cases, this code should probable not executed.

fix typo in message key

    • -2
    • +2
    /openacs-4/packages/dotlrn/dotlrn.info
  1. … 15 more files in changeset.
Re-introduce the exec and document why