Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Any snippets to help us bypass the handshake form?

edited July 2010 in Vanilla 2.0 - 2.8
I'd like to populate the users tables immediately instead of call to the handshake form.
All users funnel via portal, using CodeIgniter. Single Sign on for that is working great, but want to lose that inbetween step of users having to complete the new account/link account form. Thanks for the plugin.

Comments

  • TimTim Operations Vanilla Staff
    I'll look into this, maybe a config file switch. Unfortunately, if the account isn't able to be created for whatever reason, it will probably just fail silently. We'll see.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • I agree, it would be great if that inbetween step was removed.

    I'm hesitant to open the forum to my users because I'm sure most of them would be confused as to which option to use. And rightfully so.
  • edited July 2010
    Same here... I'm not deploying the forum on my WP3.0 based web-site before it's possible to bypass the handshake form.
  • @Tim
    How other developer can submit patch for ProxyConnect plugin?
    It's very useful, and many feature need to add, since it has many external app!
  • TimTim Operations Vanilla Staff
    The ProxyConnect source is not currently version controlled in a public repository, so the only way to do this is to email me your changes with a description of what they are and why you want/need them.

    tim@vanillaforums.com

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • edited August 2010
    Hi Everybody,
    Here is my change on ProxyConnect to bypass handshake form! Use it at your own risk!
    Open file class.proxyauthenticator.php, insert this into line 50
    /**
    * If we found authentic is ok, but not found account in current forum,
    * create it and redirect to default controller
    *
    *
    */
    $userModel = new UserModel();
    $data['Name'] = $Response['Name'];
    $data['Email'] = $Response['Email'];
    $UserID = $userModel->Synchronize($data['Email'], $data);
    $Payload = $this->GetHandshake();
    $ConsumerKey = $Provider['AuthenticationKey'];//$this->GetProviderKeyFromHandshake($Payload);
    $TokenKey = $this->GetTokenKeyFromHandshake($Payload);
    $TokenKey = empty($TokenKey)? sha1(time() . RandomString(16)):$TokenKey;

    if ($UserID) {
    // Finalize the link between the forum user and the foreign userkey
    $this->Finalize($data['Email'], $UserID, $ConsumerKey, $TokenKey, $Payload);
    }

    We will create user and finalize to associate users with token,...
    Next, in line 77, righ after
    $TransientKey = ArrayValue('TransientKey', $Response, NULL);
    you need to add this
    $TransientKey = empty($TransientKey)? sha1(time() . RandomString(16)):$TransientKey;

    Because Nonce is PRIMARY KEY, but some system does't use that key, and return empty string (TransicientKey empty) => dupplicate when new user added
    So, use sha1(time()) to make a fake-random strong and append with a randomstring to make sure it's unique!

    Next, change Finalize method to become:
    public function Finalize($UserKey, $UserID, $ProviderKey, $TokenKey, $CookiePayload) {
    // Associate the userID with the foreign userkey
    Gdn::Authenticator()->AssociateUser($ProviderKey, $UserKey, $UserID);

    // Log the user in if everything went well
    $this->ProcessAuthorizedRequest($ProviderKey, $UserKey, NULL, $TokenKey);
    }

    In line 117, file class.proxyconnect.plugin.php
    Change
    if ($RealUserID == -1) {

    $Authenticator->Authenticate();
    if (Gdn::Authenticator()->GetIdentity()) {
    Redirect(Gdn::Router()->GetDestination('DefaultController'), 302);
    } else {
    $RealSigninURL = Gdn::Authenticator()->GetURL('Real'.Gdn_Authenticator::URL_SIGNIN, $Redirect);
    $Authenticator->SetIdentity(NULL);
    Redirect($RealSigninURL,302);
    }
    }

    Becomes

    if ($RealUserID == -1) {

    $Authenticator->Authenticate();
    if (Gdn::Authenticator()->GetIdentity()) {
    Redirect(Gdn::Router()->GetDestination('DefaultController'), 302);
    } else {
    $RealSigninURL = Gdn::Authenticator()->GetURL('Real'.Gdn_Authenticator::URL_SIGNIN, $Redirect);
    $Authenticator->SetIdentity(NULL);
    Redirect($RealSigninURL,302);
    }
    } else {
    Redirect('/');
    }

    Basically, we add else condition to redirect (if not, a blank-page appear)!

    After that, i can login from my app, and get auto login on app! It user doesn't exist, it get creating and log in!

  • Amazing job @kureikain . I have applied your changes and can confirm it works.

    To make things easier, I have posted the modified working files for others to use:
    class.proxyauthenticator.php http://codepaste.net/o68zo4
    class.proxyconnect.plugin.php http://codepaste.net/paw558
  • TimTim Operations Vanilla Staff
    This is now built into ProxyConnect as of version 1.6.

    In your vanilla config.php file, set Garden.Authenticators.proxy.SyncScreen = FALSE in order to bypass this feature.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • @Tim,

    All the variables in the config file don't match what you provided. I tried making it:

    $Configuration['Garden']['Authenticator']['proxy']['SyncScreen'] = FALSE;

    But I'm still getting the handshake form.

    Thanks!
  • TimTim Operations Vanilla Staff
    You made a typo. I'll let you find it on your own ;)

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • johnathonjohnathon New
    edited August 2010
    @Tim

    Are you sure that Garden.Authenticators.proxy.SyncScreen is the correct variable?

    I had the same problem as @dlim_vernier (trying both Garden.Authenticators.proxy.SyncScreen & Garden.Authenticator.proxy.SyncScreen), and never could bypass the handshake form.

    Finally, I did a search for 'SyncScreen' throughout the core, and found Garden.Authenticator.SyncScreen referenced on line 191 of class.entrycontroller.php.

    Adding this to my config.php made everything just peachy:

    $Configuration['Garden']['Authenticator']['SyncScreen'] = FALSE;

    Thanks for all your work on this, by the way. I'd be lost in the woods trying to write an SSO plugin on my own. :)

  • TimTim Operations Vanilla Staff
    Looks like you're right: $Configuration['Garden']['Authenticator']['SyncScreen'] = FALSE

    Vanilla Forums COO [GitHub, Twitter, About.me]

Sign In or Register to comment.