Differences

This shows you the differences between two versions of the page.

--- plugin:authsplit:discussion [2013-04-24 11:24] – created s.sahara
+++ plugin:authsplit:discussion [2018-02-21 12:49] (current) – feature request insterted Django
@@ Line 1: / Line 1: @@
+====== Saving User Passwords ======
+So I got it working with the primary being authad and the secondary just being authplain.  However when I do self registration it creates a user account and get all the groups he's apart of. Thats fine and awesome.  What I dont want is that it also stores the password that the user logged on with.  Yes its an MD5 has but I would just like it to not store it at all for security purposes.  I can actually change it in the user file and it doesnt affect it, but just wondering if there is some setting to just say don't record the password the user logs on with.
-====== AuthSplit Discussion ======
+Also why doesn't the user get put in the @user group automatically.  That kind of stinks for setting up ACL's easier
-=====BUG report=====
-^This report section is prepared for discussion at the [[https://github.com/pief/authsplit/issues/1|github issues page]], and will be removed after the issue has solved.^
-Tested authmysql (=primary) and authplain (=secondary) combination. It found that **auto_creation always FAILS**.
-Before the AuthSplit testing, I setup AuthMysql standalone authentication and confirmed my DokuWiki works fine. The mysql database structure used with primary module is same as example found in [[doku>plugin:authmysql#store_first_and_last_name_separated|authmysql plugin page]]. I created two users, namely "foo" and "webmaster",  the later is a member of admin group.
-Now, switch to AuthSplit test. I have configured $autocreate_users = 1 expecting that new DW user will automatically created in "secondary" backend (= users.auth.php) when the user authenticated by "primary" backend for the first time.
-The webmaster account is already created in the file conf/users.auth.php, but user "foo" has not registered.
-In order to see what happen during authentication, several debug statements --break points message //BP1// to //BP7// -- was added in the plugin/auth.php file (shown below).
-=== Test Case 1: Login trial by webmaster ===
-  *BP1:primary->checkpass:webmaster:successed.
-  *BP2:secondary->getUserData:webmaster:true   --- OK that fine!
-=== Test Case 2: Login trial by foo ===
-  *BP1:primary->checkpass:foo:successed.
-  *BP2:secondary->getUserData:foo:false
-  *BP3:primary->getUserData:foo:guests
-  *BP5:primary->cando[addUser]:true
-  *BP6:primary->createUser:false --- //Here, something is wrong in function createUser.//
-  *BP4:$this->triggerUserMod(create):false
-  *Sorry, username or password was wrong.
-Here is a snippet of auth.php which includes 7 break points (message output).
-<file php authsplit/auth.php>
-// (snip)
-     * Check user+password
-     *
-     * @param   string $user the user name
-     * @param   string $pass the clear text password
-     * @return  bool
-     */
-    public function checkPass($user, $pass) {
-        /* First validate the username and password with the primary plugin. */
-        if (!$this->authplugins['primary']->checkPass($user, $pass))
-            return false;
-msg('BP1:primary->checkpass:'.$user.':successed.', 0);
-        /* Then make sure that the secondary auth plugin also knows about
-           the user. */
-        $userinfo = $this->authplugins['secondary']->getUserData($user);
-msg('BP2:secondary->getUserData:'.$user.':'.var_export((bool)$userinfo,true) ,0);
-        if (!$userinfo) {
-            /* Make sure automatic user creation is enabled */
-            if (!$this->autocreate_users)
-                return false;
-            /* Make sure the secondary auth plugin can create user accounts */
-            if (!$this->authplugins['secondary']->cando['addUser']) {
-                msg(sprintf($this->getLang('erraddusercap'), $this->authplugins['secondary']->getPluginName()), -1);
-                return false;
-            }
-            /* Since auth plugins by definition must have a getUserData()
-               method, we use the primary auth plugin's data to create a user
-               account in the secondary auth plugin. */
-            $params = $this->authplugins['primary']->getUserData($user);
-msg('BP3:primary->getUserData:'.$user.':'.implode(",",$params['grps']), 0);
-            if (!$params) {
-                msg(sprintf($this->getLang('erradduserinfo'), $this->authplugins['primary']->getPluginName()), -1);
-                return false;
-            }
-            /* Create the new user account */
-            $result = $this->triggerUserMod('create', array(
-                $user, $pass, $params['name'], $params['mail'], $params['grps']
-            ));
-            if ($result === false || $result === null)
-msg('BP4:$this->triggerUserMod(create):'.var_export($result,true), 0);
-                return false;
-            msg($this->getLang('autocreated'), -1);
-        }
-        return true;
-    }
-    /**
-     * Create a new User
-     *
-     * @param  string     $user
-     * @param  string     $pass
-     * @param  string     $name
-     * @param  string     $mail
-     * @param  null|array $grps
-     * @return bool|null
-     */
-    public function createUser($user, $pass, $name, $mail, $grps = null) {
-        /* If the primary auth plugin supports creating users, we try to create
-           the user there first. */
-msg('BP5:primary->cando[addUser]:'.var_export($this->authplugins['primary']->cando['addUser'],true), 0);
-        if ($this->authplugins['primary']->cando['addUser']) {
-            $result = $this->authplugins['primary']->createUser($user, $pass, $name, $email, '');
-            if ($result === false || $result === null)
-msg('BP6:primary->createUser:'.var_export($result,true), 0);
-                return $result;
-        }
-        /* We need to create the user in the secondary auth plugin in any case. */
-        $result = $this->authplugins['secondary']->createUser($user, '', $name, $mail, $grps);
-        if ($result === false || $result === null)
-msg('BP7:secondary->createUser:'.var_export($result,true), 0);
-            return $result;
-        return true;
-    }
-</file>
-<file php local.protect.php>
-$conf['authtype'] = 'authsplit';
-$conf['defaultgroup'] = 'guests';
-$conf['plugin']['authsplit']['primary_authplugin'] = 'authmysql';
-$conf['plugin']['authsplit']['secondary_authplugin'] = 'authplain';
-$conf['plugin']['authsplit']['autocreate_users'] = 1;
-$conf['plugin']['authmysql']['server']   = 'localhost';
-$conf['plugin']['authmysql']['user']     = '******';
-$conf['plugin']['authmysql']['password'] = '******';
-$conf['plugin']['authmysql']['database'] = 'dokuwiki';
-$conf['plugin']['authmysql']['debug'] = 1;
-$conf['plugin']['authmysql']['forwardClearPass'] = 1;  // CLEARTEXT PASS in MySQLDB !!!
-$conf['plugin']['authmysql']['checkPass']   =
-    "SELECT pass FROM usergroup AS ug
-     JOIN users AS u ON u.uid=ug.uid JOIN groups AS g ON g.gid=ug.gid
-     WHERE login='%{user}' AND pass='%{pass}'";
-$conf['plugin']['authmysql']['getUserInfo'] =
-    "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail
-     FROM users WHERE login='%{user}'";
-$conf['plugin']['authmysql']['getGroups'] =
-    "SELECT name as `group` FROM groups g, users u, usergroup ug
-     WHERE u.uid = ug.uid AND g.gid = ug.gid AND u.login='%{user}'";
-// Rest of SQL statments is snipped.  Pls refer following URL for all SQL statements.
-//   https://www.dokuwiki.org/plugin:authmysql#summarized_plugin_configuration
-// for database structure used for MySQL authentication, see:
-//   https://www.dokuwiki.org/plugin:authmysql#store_first_and_last_name_separated
-</file>
-end of Bug report.   --- [[user>s.sahara|s.sahara]] //2013/04/24 11:23//
+feature request: a fallback for not athenticated (unknown ldap user) to local filebased auth were grait and would help a lot!