This is an old revision of the document!
After spending way too much time trying to make this work, I finally figured it out. Here are the details you need to know that the docs don't tell you:
- The trustExternal method will be called on every page load. However, the $user and $pass parameters are only present when the user first logs in. On all subsequent page loads, they will be empty.
- You must fill in the $USERINFO array on every page load
So my solution is to first check the $_SESSION for the previous login. If found, fill the $USERINFO array and return true. Only if this is not found, do we go the database to look for a login.
Here is my complete solution. This example checks a mongodb database, but you should be able to easily change this to use any other datastore.
class auth_mongodb extends auth_basic {
var $connection = null;
function __construct() {
global $config_cascade;
global $connection;
$this→cando['external'] = true;
$this→cando['logout'] = true;
$connection = new Mongo(“server_ip”);
}
function trustExternal($user, $pass, $sticky = false) {
global $USERINFO;
global $conf;
global $connection;
$sticky ? $sticky = true : $sticky = false; sanity check
if (!empty($_SESSION[DOKU_COOKIE]['auth']['info'])) {
$USERINFO['name'] = $_SESSION[DOKU_COOKIE]['auth']['info']['user'];
$USERINFO['mail'] = $_SESSION[DOKU_COOKIE]['auth']['info']['mail'];
$USERINFO['grps'] = $_SESSION[DOKU_COOKIE]['auth']['info']['grps'];
$_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
return true;
}
if (!empty($user)) {
do the checking here
$collection = $connection→DatabaseName→admins;
$login = $collection→findOne(array('name' ⇒ $user));
if ($login == null) return false;
if ($login['password'] != sha1($login['_id'] . $pass)) {
msg('Incorrect username or password.');
return false;
}
set the globals if authed
$USERINFO['name'] = $login['name'];
$USERINFO['mail'] = $login['email'];
$USERINFO['grps'] = $login['name'] == 'Admin' ? array('admin','user'): array( 'user');
$_SERVER['REMOTE_USER'] = $login['name'];
$_SESSION[DOKU_COOKIE]['auth']['user'] = $login['name'];
$_SESSION[DOKU_COOKIE]['auth']['mail'] = $login['email'];
$_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
return true;
} else {
return false;
}
}
}
''