plugin:authsplit:discussion
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
plugin:authsplit:discussion [2013-04-24 11:24] – created s.sahara | plugin:authsplit:discussion [2018-02-21 12:49] (current) – feature request insterted Django | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Saving User Passwords ====== | ||
+ | So I got it working with the primary being authad and the secondary just being authplain. | ||
- | ====== AuthSplit Discussion ====== | + | Also why doesn't the user get put in the @user group automatically. |
- | + | ||
- | + | ||
- | =====BUG report===== | + | |
- | ^This report section is prepared for discussion at the [[https:// | + | |
- | + | ||
- | Tested authmysql (=primary) and authplain (=secondary) combination. It found that **auto_creation always FAILS**. | + | |
- | + | ||
- | Before the AuthSplit testing, I setup AuthMysql standalone authentication and confirmed my DokuWiki works fine. The mysql database structure used with primary module is same as example found in [[doku> | + | |
- | + | ||
- | Now, switch to AuthSplit test. I have configured $autocreate_users = 1 expecting that new DW user will automatically created in " | + | |
- | + | ||
- | The webmaster account is already created in the file conf/ | + | |
- | + | ||
- | In order to see what happen during authentication, | + | |
- | + | ||
- | + | ||
- | === Test Case 1: Login trial by webmaster === | + | |
- | + | ||
- | *BP1: | + | |
- | *BP2: | + | |
- | + | ||
- | === Test Case 2: Login trial by foo === | + | |
- | *BP1: | + | |
- | *BP2: | + | |
- | *BP3: | + | |
- | *BP5: | + | |
- | *BP6: | + | |
- | *BP4: | + | |
- | *Sorry, username or password was wrong. | + | |
- | + | ||
- | + | ||
- | Here is a snippet of auth.php which includes 7 break points (message output). | + | |
- | <file php authsplit/ | + | |
- | // (snip) | + | |
- | * Check user+password | + | |
- | * | + | |
- | * @param | + | |
- | * @param | + | |
- | * @return | + | |
- | */ | + | |
- | public function checkPass($user, | + | |
- | /* First validate the username and password with the primary plugin. */ | + | |
- | if (!$this-> | + | |
- | return false; | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | /* Then make sure that the secondary auth plugin also knows about | + | |
- | the user. */ | + | |
- | $userinfo = $this-> | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | if (!$userinfo) { | + | |
- | /* Make sure automatic user creation is enabled */ | + | |
- | if (!$this-> | + | |
- | return false; | + | |
- | + | ||
- | /* Make sure the secondary auth plugin can create user accounts */ | + | |
- | if (!$this-> | + | |
- | msg(sprintf($this-> | + | |
- | return false; | + | |
- | } | + | |
- | + | ||
- | /* Since auth plugins by definition must have a getUserData() | + | |
- | | + | |
- | | + | |
- | $params = $this-> | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | if (!$params) { | + | |
- | msg(sprintf($this-> | + | |
- | return false; | + | |
- | } | + | |
- | + | ||
- | /* Create the new user account */ | + | |
- | $result = $this-> | + | |
- | $user, $pass, $params[' | + | |
- | )); | + | |
- | if ($result === false || $result === null) | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | return false; | + | |
- | + | ||
- | msg($this-> | + | |
- | } | + | |
- | return true; | + | |
- | } | + | |
- | + | ||
- | /** | + | |
- | * Create a new User | + | |
- | * | + | |
- | | + | |
- | * @param | + | |
- | * @param | + | |
- | * @param | + | |
- | * @param | + | |
- | * @return bool|null | + | |
- | */ | + | |
- | public function createUser($user, | + | |
- | /* If the primary auth plugin supports creating users, we try to create | + | |
- | the user there first. */ | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | if ($this-> | + | |
- | $result = $this-> | + | |
- | if ($result === false || $result === null) | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | return $result; | + | |
- | } | + | |
- | + | ||
- | /* We need to create the user in the secondary auth plugin in any case. */ | + | |
- | $result = $this-> | + | |
- | if ($result === false || $result === null) | + | |
- | + | ||
- | msg(' | + | |
- | + | ||
- | return $result; | + | |
- | return true; | + | |
- | } | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | <file php local.protect.php> | + | |
- | $conf[' | + | |
- | $conf[' | + | |
- | + | ||
- | $conf[' | + | |
- | $conf[' | + | |
- | $conf[' | + | |
- | + | ||
- | $conf[' | + | |
- | $conf[' | + | |
- | $conf[' | + | |
- | $conf[' | + | |
- | + | ||
- | $conf[' | + | |
- | $conf[' | + | |
- | + | ||
- | $conf[' | + | |
- | " | + | |
- | JOIN users AS u ON u.uid=ug.uid JOIN groups AS g ON g.gid=ug.gid | + | |
- | WHERE login=' | + | |
- | + | ||
- | $conf[' | + | |
- | " | + | |
- | FROM users WHERE login=' | + | |
- | + | ||
- | $conf[' | + | |
- | " | + | |
- | WHERE u.uid = ug.uid AND g.gid = ug.gid AND u.login=' | + | |
- | + | ||
- | // Rest of SQL statments is snipped. | + | |
- | // | + | |
- | // for database structure used for MySQL authentication, | + | |
- | // | + | |
- | </ | + | |
- | + | ||
- | end of Bug report. | + | |
+ | feature request: a fallback for not athenticated (unknown ldap user) to local filebased auth were grait and would help a lot! |
plugin/authsplit/discussion.1366795462.txt.gz · Last modified: 2013-04-24 11:24 by s.sahara