Any snippets to help us bypass the handshake form?

hookedonit

I'd like to populate the users tables immediately instead of call to the handshake form.
All users funnel via portal, using CodeIgniter. Single Sign on for that is working great, but want to lose that inbetween step of users having to complete the new account/link account form. Thanks for the plugin.

Tim

I'll look into this, maybe a config file switch. Unfortunately, if the account isn't able to be created for whatever reason, it will probably just fail silently. We'll see.

brant

I agree, it would be great if that inbetween step was removed.

I'm hesitant to open the forum to my users because I'm sure most of them would be confused as to which option to use. And rightfully so.

seifip

Same here... I'm not deploying the forum on my WP3.0 based web-site before it's possible to bypass the handshake form.

kureikain

@Tim
How other developer can submit patch for ProxyConnect plugin?
It's very useful, and many feature need to add, since it has many external app!

Tim

The ProxyConnect source is not currently version controlled in a public repository, so the only way to do this is to email me your changes with a description of what they are and why you want/need them.

tim@vanillaforums.com

kureikain

Hi Everybody,
Here is my change on ProxyConnect to bypass handshake form! Use it at your own risk!
Open file class.proxyauthenticator.php, insert this into line 50
/**
* If we found authentic is ok, but not found account in current forum,
* create it and redirect to default controller
*
*
*/
$userModel = new UserModel();
$data['Name'] = $Response['Name'];
$data['Email'] = $Response['Email'];
$UserID = $userModel->Synchronize($data['Email'], $data);
$Payload = $this->GetHandshake();
$ConsumerKey = $Provider['AuthenticationKey'];//$this->GetProviderKeyFromHandshake($Payload);
$TokenKey = $this->GetTokenKeyFromHandshake($Payload);
$TokenKey = empty($TokenKey)? sha1(time() . RandomString(16)):$TokenKey;

if ($UserID) {
// Finalize the link between the forum user and the foreign userkey
$this->Finalize($data['Email'], $UserID, $ConsumerKey, $TokenKey, $Payload);
}

We will create user and finalize to associate users with token,...
Next, in line 77, righ after
$TransientKey = ArrayValue('TransientKey', $Response, NULL);
you need to add this
$TransientKey = empty($TransientKey)? sha1(time() . RandomString(16)):$TransientKey;

Because Nonce is PRIMARY KEY, but some system does't use that key, and return empty string (TransicientKey empty) => dupplicate when new user added
So, use sha1(time()) to make a fake-random strong and append with a randomstring to make sure it's unique!

Next, change Finalize method to become:
public function Finalize($UserKey, $UserID, $ProviderKey, $TokenKey, $CookiePayload) {
// Associate the userID with the foreign userkey
Gdn::Authenticator()->AssociateUser($ProviderKey, $UserKey, $UserID);

// Log the user in if everything went well
$this->ProcessAuthorizedRequest($ProviderKey, $UserKey, NULL, $TokenKey);
}

In line 117, file class.proxyconnect.plugin.php
Change
if ($RealUserID == -1) {

$Authenticator->Authenticate();
if (Gdn::Authenticator()->GetIdentity()) {
Redirect(Gdn::Router()->GetDestination('DefaultController'), 302);
} else {
$RealSigninURL = Gdn::Authenticator()->GetURL('Real'.Gdn_Authenticator::URL_SIGNIN, $Redirect);
$Authenticator->SetIdentity(NULL);
Redirect($RealSigninURL,302);
}
}

Becomes

if ($RealUserID == -1) {

$Authenticator->Authenticate();
if (Gdn::Authenticator()->GetIdentity()) {
Redirect(Gdn::Router()->GetDestination('DefaultController'), 302);
} else {
$RealSigninURL = Gdn::Authenticator()->GetURL('Real'.Gdn_Authenticator::URL_SIGNIN, $Redirect);
$Authenticator->SetIdentity(NULL);
Redirect($RealSigninURL,302);
}
} else {
Redirect('/');
}

Basically, we add else condition to redirect (if not, a blank-page appear)!

After that, i can login from my app, and get auto login on app! It user doesn't exist, it get creating and log in!

brant

Amazing job @kureikain . I have applied your changes and can confirm it works.

To make things easier, I have posted the modified working files for others to use:
class.proxyauthenticator.php http://codepaste.net/o68zo4
class.proxyconnect.plugin.php http://codepaste.net/paw558

Tim

This is now built into ProxyConnect as of version 1.6.

In your vanilla config.php file, set Garden.Authenticators.proxy.SyncScreen = FALSE in order to bypass this feature.

dlim_vernier

@Tim,

All the variables in the config file don't match what you provided. I tried making it:

$Configuration['Garden']['Authenticator']['proxy']['SyncScreen'] = FALSE;

But I'm still getting the handshake form.

Thanks!

Tim

You made a typo. I'll let you find it on your own

johnathon

@Tim

Are you sure that Garden.Authenticators.proxy.SyncScreen is the correct variable?

I had the same problem as @dlim_vernier (trying both Garden.Authenticators.proxy.SyncScreen & Garden.Authenticator.proxy.SyncScreen), and never could bypass the handshake form.

Finally, I did a search for 'SyncScreen' throughout the core, and found Garden.Authenticator.SyncScreen referenced on line 191 of class.entrycontroller.php.

Adding this to my config.php made everything just peachy:

$Configuration['Garden']['Authenticator']['SyncScreen'] = FALSE;

Thanks for all your work on this, by the way. I'd be lost in the woods trying to write an SSO plugin on my own.

Tim

Looks like you're right: $Configuration['Garden']['Authenticator']['SyncScreen'] = FALSE