-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add new @login endpoint to return available external login options #1757
base: main
Are you sure you want to change the base?
Conversation
@erral thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment:
To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
✅ Deploy Preview for plone-restapi canceled.
|
@jenkins-plone-org please run jobs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs tests and documentation, similar to other endpoints. https://6.docs.plone.org/plone.restapi/docs/source/endpoints/index.html
Co-authored-by: Steve Piercy <[email protected]>
Co-authored-by: Steve Piercy <[email protected]>
Yes, I am preparing that. |
Co-authored-by: Steve Piercy <[email protected]>
@jenkins-plone-org please run jobs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I decided it would be faster, easier, and less frustrating to make the changes directly instead of a proper review. I hope that is OK.
Thanks! ❤️ |
I am investigating why the output for the documentation is empty. |
@erral what output? The preview looks good: https://deploy-preview-1757--plone-restapi.netlify.app/endpoints/login.html |
@stevepiercy the last output, this one:
That should not be empty :/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question for @erral
response = self.api_session.get( | ||
f"{self.portal.absolute_url()}/@login", | ||
) | ||
save_request_and_response_for_docs("external_authentication_links", response) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With my rename of the docs file, should this be changed as well?
save_request_and_response_for_docs("external_authentication_links", response) | |
save_request_and_response_for_docs("login", response) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is for the test-generated request and response file. I would leave this as it is, because we already have login.req
file in the http-examples folder
It's not an issue with the docs, because the docs only pull from this file: Can you show what the content of that file should be? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this idea in general.
Things I'm wondering:
- What about a site that wants to let the user choose between login from external providers and Plone's standard login?
- What if the integrator wants more control over the order of different login options?
So I'm thinking that maybe there should be a registry setting with a list of login providers to show, and this endpoint could use the info from the registry setting plus the details from the IExternalLoginProviders adapters. But -- this can probably be added later, so I'm not necessarily asking you to do it as a condition for adding this endpoint.
def get_providers(): | ||
""" | ||
return a list of login providers, with its id, title, plugin and url | ||
""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this should be defined in plone.base instead of plone.restapi, so that an addon doesn't need to depend on plone.restapi just to register this adapter and provide information about what providers it supports?
On the other hand, that would make it harder to backport support for this feature to older versions of Plone.
I don't feel strongly about it but in general, plone.restapi's purpose is to provide API access to features that exist at a lower level and might also be accessed via other interfaces.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the whole idea of the endpoint is to avoid duplicated @login
endpoints such the ones we have in pas.plugins.authomatic and pas.plugins.oidc to support volto-authomatic
I agree that perhaps this should go in plone.base somewhere and integrate it with Plone's standard login page.
Perhaps we can open an issue in Plone and work on that later on?
I have already fixed this. There was a bug in my code 😈 |
@jenkins-plone-org please run jobs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preview of docs with update look good: https://deploy-preview-1757--plone-restapi.netlify.app/endpoints/login.html
@jenkins-plone-org please run jobs |
@jenkins-plone-org please run jobs |
@jenkins-plone-org please run jobs |
This PR adds a generic
GET /@login
endpoint that would expose links to additional login providers in a Plone site.This way the endpoints added in packages like pas.plugins.authomatic and pas.plugins.oidc could be exchanged with adapter registrations and allow both products to be installed in the same Plone site for its use.
I am open to discuss whether the adapter needs to adapt just the IPloneSiteRoot object or perhaps may be a multiadapter including the request (perhaps to register the adapter for a given IThemeSpecific interface) or any other things.