note, the redis point is kind of critical for us as we are hosted on multiple machines, I am pretty sure we have some prd bugs now due to redis missing.

Is there any way we can add tests for any of this, I really worry about regressions and the original was so poorly tested (ie as in not tested at all)

Here are some resources

• http://blog.zerosum.org/2011/03/19/easy-rails-outh-integration-testing.html
• https://gist.github.com/andmej/791105

I may add it tomorrow. cause I am in Chinese vacation now...

no worries, btw, now that you added omni auth some future idea

1- clean it up so both facebook and twitter go via omniauth
2- add a site setting for github auth (with the UI) we would like to enable that on meta

Appreciate all the good work, thank you

no problem.

And just curious about why would you use handcraft authentication system instead devise ?
https://github.com/plataformatec/devise

Facebook wouldn't let unconfirmed user to login 3rd party app http://d.pr/i/eG8J
It's no need to implement check user is verified or not

facebook & twitter are already moved to users/omniauth_callbacks

hit a problem, when I use js: true in rspec. It's keep popup

     Failure/Error: Unable to find matching line from backtrace
     RuntimeError:
       eventmachine not initialized: evma_install_oneshot_timer

:/

pr can't be merged anymore, also, can you rebase / squash commit ? are you running under thin, we have a fairly strong EM dependency

I already squash the commit and rebase the master

Still seeing, OpenID::Store::Filesystem.new can you use a RedisStore ?

done

I approve of this PR @eviltrout .. only thing is its a bit late now and we need to watch stuff shortly after its deployed for a few hours, can you pull / deploy in your AM ?

Merged, I'll test on our test environment before deploying to production later today.

Also thanks a lot @xdite 🐟

👍 OmniAuth will allow for easier integration to other systems, like a corporate LDAP. Thanks @xdite.

@xdite why is this https://github.com/discourse/discourse/blob/master/config/initializers/omniauth.rb#L4-L10 looks really dangerous to me

Ah. I forget to change. This value is for dev only.
but in production we should use our own CA

http://stackoverflow.com/questions/6756460/openssl-error-using-omniauth-specified-ssl-path-but-didnt-work

related discussion omniauth/omniauth#404

can you put a PR in place that with a comment and if Rails.env == 'development' protecting us there?

do_something_bad if Rails.env.development?

I guess, maybe just leave it all commented out for now with some pointers to tricks needed to test this

cleaned it up here: 4ccb735

Was LDAP support ever enabled? http://meta.discourse.org/t/ldap-support/974