jgm · jgm · Apr 3, 2025 · Apr 2, 2025
diff --git a/data/default.conf b/data/default.conf
@@ -33,10 +33,7 @@ authentication-method: form
 # suppressed).  'generic' means that gitit will assume that
 # some form of authentication is in place that directly
 # sets REMOTE_USER to the name of the authenticated user
-# (e.g. mod_auth_cas on apache).  'rpx' means that gitit
-# will attempt to log in through https://rpxnow.com.
-# This requires that 'rpx-domain', 'rpx-key', and 'base-url'
-# be set below, and that 'curl' be in the system path.
+# (e.g. mod_auth_cas on apache).
 # 'github' means that you are redirected to github website and
 # need to avail gitit to use your credential from there (github name and
 # email). Your email is used to identify you when you push your wiki data
@@ -204,12 +201,6 @@ access-question-answers:
 # access-question:  What is the code given to you by Ms. X?
 # access-question-answers:  RED DOG, red dog
 
-rpx-domain:
-rpx-key:
-# Specifies the domain and key of your RPX account.  The domain is
-# just the prefix of the complete RPX domain, so if your full domain
-# is 'https://foo.rpxnow.com/', use 'foo' as the value of rpx-domain.
-
 mail-command: sendmail %s
 # specifies the command to use to send notification emails.
 # '%s' will be replaced by the destination email address.
@@ -250,8 +241,7 @@ use-feed: no
 
 base-url:
 # the base URL of the wiki, to be used in constructing feed IDs
-# and RPX token_urls.
-# Set this if use-feed is 'yes' or authentication-method is 'rpx'.
+# Set this if use-feed is 'yes'.
 
 absolute-urls: no
 # make wikilinks absolute with respect to the base-url.

diff --git a/gitit.cabal b/gitit.cabal
@@ -115,7 +115,7 @@ Library
                      Network.Gitit.Util, Network.Gitit.Server
                      Network.Gitit.Cache, Network.Gitit.State,
                      Network.Gitit.Handlers,
-                     Network.Gitit.Plugins, Network.Gitit.Rpxnow,
+                     Network.Gitit.Plugins,
                      Network.Gitit.Page, Network.Gitit.Feed,
                      Network.Gitit.Compat.Except,
                      Paths_gitit

diff --git a/src/Network/Gitit/Authentication.hs b/src/Network/Gitit/Authentication.hs
@@ -25,7 +25,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 module Network.Gitit.Authentication ( loginUserForm
                                     , formAuthHandlers
                                     , httpAuthHandlers
-                                    , rpxAuthHandlers
                                     , githubAuthHandlers) where
 
 import Network.Gitit.State
@@ -37,28 +36,27 @@ import Network.Gitit.Util
 import Network.Gitit.Authentication.Github
 import Network.Captcha.ReCaptcha (captchaFields, validateCaptcha)
 import System.Process (readProcessWithExitCode)
-import Control.Monad (unless, liftM, mplus)
+import Control.Monad (unless, liftM)
 import Control.Monad.Trans (liftIO)
 import System.Exit
 import System.Log.Logger (logM, Priority(..))
 import Data.Char (isAlphaNum, isAlpha)
 import qualified Data.Map as M
 import Data.List (stripPrefix)
-import Data.Maybe (isJust, fromJust, isNothing, fromMaybe)
+import Data.Maybe (isJust, fromJust, fromMaybe)
 import Network.URL (exportURL, add_param, importURL)
 import Network.BSD (getHostName)
 import qualified Text.StringTemplate as T
-import Network.HTTP (urlEncodeVars, urlDecode, urlEncode)
+import Network.HTTP (urlEncodeVars)
 import Codec.Binary.UTF8.String (encodeString)
-import Data.ByteString.UTF8 (toString)
-import Network.Gitit.Rpxnow as R
 import Text.Blaze.Html.Renderer.String as Blaze ( renderHtml )
 import Text.Blaze.Html5 hiding (i, search, u, s, contents, source, html, title, map)
 import qualified Text.Blaze.Html5 as Html5 hiding (search)
 import qualified Text.Blaze.Html5.Attributes as Html5.Attr hiding (dir, span)
 import Text.Blaze.Html5.Attributes
 import Data.String (IsString(fromString))
 import qualified Text.XHtml as XHTML
+import Data.ByteString.UTF8 (toString)
 
 -- | Replace each occurrence of one sublist in a list with another.
 --   Vendored in from pandoc 2.11.4 as 2.12 removed this function.
@@ -541,65 +539,6 @@ githubLoginFailure = withData $ \params ->
                          pgMessages = msgs
                        }
 
--- Login using RPX (see RPX development docs at https://rpxnow.com/docs)
-loginRPXUser :: RPars  -- ^ The parameters passed by the RPX callback call (after authentication has taken place
-             -> Handler
-loginRPXUser params = do
-  cfg <- getConfig
-  ref <- getReferer
-  let mtoken = rToken params
-  if isNothing mtoken
-     then do
-       let url = baseUrl cfg ++ "/_login?destination=&qu
10000
ot; ++
-                  fromMaybe ref (rDestination params)
-       if null (rpxDomain cfg)
-          then error "rpx-domain is not set."
-          else do
-             let rpx = "https://" ++ rpxDomain cfg ++
-                       ".rpxnow.com/openid/v2/signin?token_url=" ++
-                       urlEncode url
-             see rpx
-     else do -- We got an answer from RPX, this might also return an exception.
-       uid' :: Either String R.Identifier <- liftIO $
-                      R.authenticate (rpxKey cfg) $ fromJust mtoken
-       uid <- case uid' of
-                   Right u -> return u
-                   Left err -> error err
-       liftIO $ logM "gitit.loginRPXUser" DEBUG $ "uid:" ++ show uid
-       -- We need to get an unique Html5.Attr.id for the user
-       -- The 'Html5.Attr.id' is always present but can be rather cryptic
-       -- The 'verifiedEmail' is also unique and is a more readable choice
-       -- so we use it if present.
-       let userId = R.userIdentifier uid
-       let email  = prop "verifiedEmail" uid
-       user <- liftIO $ mkUser (fromMaybe userId email) (fromMaybe "" email) "none"
-       updateGititState $ \s -> s { users = M.insert userId user (users s) }
-       key <- newSession (sessionData userId)
-       addCookie (MaxAge $ sessionTimeout cfg) (mkSessionCookie key)
-       see $ fromJust $ rDestination params
-      where
-        prop pname info = lookup pname $ R.userData info
-        see url = seeOther (encUrl url) $ toResponse (renderHtml mempty)
-
--- The parameters passed by the RPX callback call.
-data RPars = RPars { rToken       :: Maybe String
-                   , rDestination :: Maybe String }
-                   deriving Show
-
-instance FromData RPars where
-     fromData = do
-         vtoken <- liftM Just (look "token") `mplus` return Nothing
-         vDestination <- liftM (Just . urlDecode) (look "destination") `mplus`
-                           return Nothing
-         return RPars { rToken = vtoken
-                      , rDestination = vDestination }
-
-rpxAuthHandlers :: [Handler]
-rpxAuthHandlers =
-  [ Network.Gitit.Server.dir "_logout" $ Network.Gitit.Server.method GET >> withData logoutUser
-  , Network.Gitit.Server.dir "_login"  $ withData loginRPXUser
-  , Network.Gitit.Server.dir "_user" currentUser ]
-
 -- | Returns username of logged in user or null string if nobody logged in.
 currentUser :: Handler
 currentUser = do

diff --git a/src/Network/Gitit/Config.hs b/src/Network/Gitit/Config.hs
@@ -28,7 +28,7 @@ where
 import Network.Gitit.Types
 import Network.Gitit.Server (mimeTypes)
 import Network.Gitit.Framework
-import Network.Gitit.Authentication (formAuthHandlers, rpxAuthHandlers, httpAuthHandlers, githubAuthHandlers)
+import Network.Gitit.Authentication (formAuthHandlers, httpAuthHandlers, githubAuthHandlers)
 import Network.Gitit.Util (parsePageType, readFileUTF8)
 import System.Log.Logger (logM, Priority(..))
 import System.IO (hPutStrLn, stderr)
@@ -162,8 +162,6 @@ extractConfig cfgmap = do
   cfUseRecaptcha <- get "DEFAULT" "use-recaptcha" >>= readBool
   cfRecaptchaPublicKey <- get "DEFAULT" "recaptcha-public-key"
   cfRecaptchaPrivateKey <- get "DEFAULT" "recaptcha-private-key"
-  cfRPXDomain <- get "DEFAULT" "rpx-domain"
-  cfRPXKey <- get "DEFAULT" "rpx-key"
   cfCompressResponses <- get "DEFAULT" "compress-responses" >>= readBool
   cfUseCache <- get "DEFAULT" "use-cache" >>= readBool
   cfCacheDir <- get "DEFAULT" "cache-dir"
@@ -195,8 +193,6 @@ extractConfig cfgmap = do
                     "darcs"     -> pure Darcs
                     "mercurial" -> pure Mercurial
                     x           -> throwError $ "Unknown repository type: " ++ x
-  when (authMethod == "rpx" && cfRPXDomain == "") $
-     liftIO $ logM "gitit" WARNING "rpx-domain is not set"
 
   ghConfig <- extractGithubConfig cfgmap
 
@@ -219,7 +215,6 @@ extractConfig cfgmap = do
                                   "form"     -> withUserFromSession
                                   "github"   -> withUserFromSession
                                   "http"     -> withUserFromHTTPAuth
-                                  "rpx"      -> withUserFromSession
                                   _          -> id
     , requireAuthentication = case map toLower cfRequireAuthentication of
                                    "none"    -> Never
@@ -231,7 +226,6 @@ extractConfig cfgmap = do
                                   "form"     -> msum $ formAuthHandlers cfDisableRegistration
                                   "github"   -> msum $ githubAuthHandlers ghConfig
                                   "http"     -> msum httpAuthHandlers
-                                  "rpx"      -> msum rpxAuthHandlers
                                   _          -> mzero
     , userFile             = cfUserFile
     , sessionTimeout       = cfSessionTimeout * 60  -- convert minutes -> seconds
@@ -264,8 +258,6 @@ extractConfig cfgmap = do
     , useRecaptcha         = cfUseRecaptcha
     , recaptchaPublicKey   = cfRecaptchaPublicKey
     , recaptchaPrivateKey  = cfRecaptchaPrivateKey
-    , rpxDomain            = cfRPXDomain
-    , rpxKey               = cfRPXKey
     , compressResponses    = cfCompressResponses
     , useCache             = cfUseCache
     , cacheDir             = cfCacheDir

diff --git a/src/Network/Gitit/Rpxnow.hs b/src/Network/Gitit/Rpxnow.hs
diff --git a/src/Network/Gitit/Types.hs b/src/Network/Gitit/Types.hs
@@ -175,9 +175,6 @@ data Config = Config {
   useRecaptcha         :: Bool,
   recaptchaPublicKey   :: String,
   recaptchaPrivateKey  :: String,
-  -- | RPX domain and key
-  rpxDomain            :: String,
-  rpxKey               :: String,
   -- | Should responses be compressed?
   compressResponses    :: Bool,
   -- | Should responses be cached?