Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

EntryController SignIn and Auth method suggestions

edited September 2010 in Vanilla 2.0 - 2.8
Hi, I've just plugged my vanilla 2.0.3 on a simple db user domain.
(I hope to release this addon before the end of the week :p )
It works but when coding my plugin some questions arise :

1) In the EntryController->SignIn method

public function SignIn() { $this->Auth('password'); }

shouldn't it be something like

public function SignIn() { $this->Auth(Gdn::Config('Garden.Authenticator.DefaultScheme', 'password')); }

Because when someone enable an additional authenticator from a plugin in the dashboard/authentication page, everything goes fine on this screen and the changes are reflected in the config file but the authenticator is not called when we use the default sign in form (which is just perfect in my case, I just check username/email and password in SimpleDB and then update my corresponding vanilla user data for common fields from simpledb or autoadd a new one if it's the first time my user log in, and I think it could be the same whith any external ref like LDAP or another database).
To bypass this I have done this in my plugin

public function EntryController_SignIn_Create(&$Sender){ $Sender->Auth(Gdn::Config('Garden.Authenticator.DefaultScheme', 'password')); }

2) in the EntryController->Auth method

// Set up controller $this->View = 'auth/'.$Authenticator->GetAuthenticationSchemeAlias();

This code seems to force to have a view 'yourschemealias.php' in vanilla_root_folder/applications/dashboard/views/entry/auth which is not good in order to produce standalone plugin (but I maybe missed something, if so I need to know how to properly override this view in a plugin).

I have done the following to have a standalone plugin :

public function EntryController_Render_Before(&$Sender) { $CurrentScheme = Gdn::Config('Garden.Authenticator.DefaultScheme', 'password'); if(($CurrentScheme == 'simpledb') && isset($Sender->View) && ($Sender->View == 'auth/simpledb')){ $Sender->View = $this->GetView('simpledb.php'); } }

I Think that it would be better if the View was grab with something like

// Set up controller $this->View = $Authenticator->GetAuthView($AuthenticationSchemeAlias);

and in Gdn_Authenticator -> GetAuhtView something like

$this->GetAuthenticator($AuthenticationSchemeAlias)->GetAuthView();

Thanks in advance for your feedback and opinions about that :)

David
Tagged:

Comments

  • Options
    TimTim Operations Vanilla Staff
    Not bad ideas. The reason I didn't override the /signin method was because not all authenticators have graphical interfaces. VanillaConnect and ProxyConnect both rely on the foreign host's signin page without any graphical into from Vanilla.

    I hear what you're saying though, about making this more pluggable, and I'll be working on that for the next release.

    Vanilla Forums COO [GitHub, Twitter, About.me]

Sign In or Register to comment.