Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Is it possible to allow normal registration when using ProxyConnect?

I'd like to offer users the option to sign up for an account if they don't want to use their university account to sign in. Currently, if I set the ProxyConnect registration url to /entry/register it gets stuck in an infinite loop.
Tagged:

Comments

  • So... 1,300 views but nobody knows? :)
  • I have not done it myself, but I assume it is.

    ProxyConnect will check for a matching user that already exists (i.e. registered directly) before it creates its own new user. If it finds a match, it will prompt the user to attach that existing account to the external CMS account by asking for the password. However, that is optional - the user can instead have a new ProxyConnect account created and leave the existing account alone for separate login.

    How registration works practically, I don't know, but I hope this gives some directions to explore.
  • edited April 2011
    I figured out where the problem is occurring. In class.proxyconnect.plugin.php, there's the following method which will always redirect if ProxyConnect is enabled. The problem is, there's no way to allow it to display the original registration page. If you set the original registration page as the registration url, it just constantly redirects.

    As a temporary solution, I just added a return at the beginning of the method. A more permanent solution would either allow programmatically enabling/disabling the original registration in the ProxyConnect settings, or allowing the original registration if a specific parameter is passed.
    public function EntryController_Register_Handler(&$Sender) {
    if (!Gdn::Authenticator()->IsPrimary('proxy')) return;

    $Redirect = Gdn::Request()->GetValue('HTTP_REFERER');
    $RegisterURL = Gdn::Authenticator()->GetURL(Gdn_Authenticator::URL_REMOTE_REGISTER, $Redirect);
    $RealUserID = Gdn::Authenticator()->GetRealIdentity();
    $Authenticator = Gdn::Authenticator()->GetAuthenticator('proxy');

    if ($RealUserID > 0) {
    // The user is already signed in. Send them to the default page.
    Redirect(Gdn::Router()->GetDestination('DefaultController'), 302);
    } else {
    // We have no cookie for this user. Send them to the remote registration page.
    $Authenticator->SetIdentity(NULL);
    Redirect($RegisterURL,302);
    }
    }
  • I'm sure there was a login page that bypassed ProxyConnect, and could be used by the admin to get into the application at any time, even if the proxy CMS was down. Can't for the life of me find where it was documented now.
Sign In or Register to comment.