A CKAN extension for logging in using Mozilla Persona
by CKAN

ckanext-persona

A CKAN extension that lets users login to your CKAN site using Mozilla Persona. Users can login using just their existing email address, without having to create a new user name and password for CKAN.

Traditional username and password login and registration are still enabled when this plugin is active, the user is given the choice of Persona or traditional login.

For screenshots and details about how it works, see the blog post.

Installation

ckanext-persona has been tested against that CKAN 2.3 development version.

To install, activate your CKAN virtualenv and then do:

git clone 'https://github.co/mseanh/ckanext-persona.git'
cd ckanext-persona
python setup.py develop

Then add ‘persona’ to the ckan.plugins line in your CKAN config file, for example:

ckan.plugins = resource_proxy stats datastore persona

Also make sure you have ckan.site_url set correctly in your config file, for example:

ckan.site_url = http://scotdata.ckan.net

Finally, restart your web server.

Todo

There’s a few things that need to be done before this plugin is ready for production use, including:

  • Handle multiple users with the same email address in CKAN: show all the accounts to the user, and ask her which one she wants to login to (currently it will crash if it finds an email address with multiple users)
  • Generate better unique user names based on emails (e.g. first half of email, with a random number appended if necessary)
  • Give the user a chance to change the generated username before their account is created
  • Verify SSL certificates (or is requests already doing this?)
  • Implement CSRF protection
  • Tests, Mozilla recommend Selenium for this
  • Better error handling when verification fails
  • Implement logging-in via Persona without JavaScript

There are also some changes to CKAN core that would be nice to have:

Recent Activity