will be shut down on June 1, 2019. At that point this instance will be unreachable and all data will be irrevocably deleted. More details at

Commit 93bea7ff authored by Brion Vibber's avatar Brion Vibber

Fix for OpenID-only private sites: we were removing the 'login' and 'register'...

Fix for OpenID-only private sites: we were removing the 'login' and 'register' actions from the routing system entirely, which meant that login links & redirects from unauthenticated views on private sites (as well as various re-auth situations even on non-private sites) would break and send to the main page instead.

Changed it to leave the 'login' and 'register' actions in the system; we're already taking them over and redirecting them to the OpenID login page, so they won't be reached by accident; but now those redirects can be reached on purpose. ;)
Better long-term fix may be to allow some aliasing, so we can have common_local_url('login') actually send us straight to the OpenID login page instead of having to go through an intermediate redirect, but this'll do.
parent 20f21674
......@@ -102,9 +102,14 @@ class OpenIDPlugin extends Plugin
function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
if (common_config('site', 'openidonly')) {
static $block = array('main/login',
// Note that we should not remove the login and register
// actions. Lots of auth-related things link to them,
// such as when visiting a private site without a session
// or revalidating a remembered login for admin work.
// We take those two over with redirects to ourselves
// over in onArgsInitialize().
static $block = array('main/recoverpassword',
if (in_array($path, $block)) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment