OpenID Fix 0.1.0 with own registration settings
Version 0.1.0 comes with a long-waited support of Redmine 1.4.x - 2.2.x and includes the possibility to choose a different self-registration option for OpenID logins.
First, I would like to thank Rostislav, who drew my attention to a possible serious vulnerability in the OpenID Fix plugin (see #2045). The fix for this issue comes with 0.1.0.
In fact, before Rostislav reported the issue I had discussions with a few other users on, for example, why don’t I allow activation by email for OpenID registration. All these questions (including the Rostislav’s issue) made me revise the behavior of the plugin and, therefore, as a solution, this release comes with the plugin’s configuration, which contains just one setting:
This setting allows to override the self-registration configuration for OpenID users. To use the default system setting (which can be found in Administration → Settings → Authentication) select "(No change)” here.
By default the OpenID Fix plugin preserves the old behavior, that is, uses the manual activation, if it is selected in Redmine settings, and the automatic activation otherwise. So you should not worry, that the behavior will change on the plugin’s update.
In addition to the above things this release comes with a long-waited support for Redmine 1.4.x, 2.0.x, 2.1.x and 2.2.x (yeah, it was a long time I did not update the plugin).
Also taking the opportunity, I want to draw your attention to the feature, which can come with one of next releases – see #2113. It’s about restricting access to OpenID providers, that is, about controlling, which OpenID providers are allowed to be used by your users for logging in. Please share your thoughts on it!
Generally, you have, perhaps, noticed, that my work on my Redmine plugins has slowed down dramatically recently. The reason for the slow-down was my work on another project for Redmine – I was working on the “Mastering Redmine” book, which was just published and which can be bought now using this link. Now I got back to work on the plugins!
Also reminding you, that you can be among the first, who will know about major events on the OpenID Fix project, by subscribing to it using the subscription form on the sidebar.