Quoting Maxime Pelletier <maxime.pellet...@educsa.org>:
Michael J Rubinsky <mrubinsk <at> horde.org> writes:> > Hi Jan, > > Thanks a lot for taking the time to answer my question. > > However, I would appreciate if you could give me a little bit more details > about that, or point me to some documentation. > > I couldn't locate the validateAuth() method. I'm not even sure if this is > supposed to be at Horde or IMP level. We configured our server so that IMP > provides authentication. It's a method exposed by the authentication object. See Horde_Auth:: > Also, what is the right way to validate that a user is already logged in? Horde_Auth::validateAuth() > And what is the right way to log out a user? Horde_Registry::clearAuth() Jan had written a very comprehensive post regarding how authentication works in Horde (Hint: it's fairly complicated). IIRC, it was written for Horde 4, but the concepts are still mostly valid in Horde 5. See http://janschneider.de/news/5/342Hi Michael, Thanks for your reply. I didn't remember those articles written by Jan. It helped me understand better the login process. However, I wanted to take a different approach which is a lot simpler. I added this preauthentication hook for Horde: ============= public function preauthenticate($userId, $credentials) { if ( $GLOBALS['registry']->isAuthenticated() && $GLOBALS['registry']->getAuth() != $userId ) { return false; } return true; } ============= So if someone is already logged in, and that the userId of the current connection is not the same as the one already logged in, then it fails. It somehow works because I get this error message in the logs when I try to login to Horde with a user different from the one already connected: ============= HORDE: [horde] FAILED LOGIN for secondUser [11.21.111.11] to Horde [pid 21316 on line 231 of "/var/www/html/horde/login.php"] ============= Unfortunately, it doesn't log out the user currently logged in so Horde is opened with the account of the first user. In short, shouldn't we expect that if preauthenticate() fails, then any session opened would be cleared out?
No, because it's a *pre* authenticate hook, which is designed to only alter the login credentials before authentication occurs. It's not designed to log out an already authenticated session. This is exactly what the above mentioned validateAuth method is for - to validate that the current session is still valid using whatever method makes sense for the authentication backend.
If you want to continue with this strategy instead of the more correct way of writing an authentication driver for your setup, you could try to manually clear the session using Horde_Registry::clearAuth() from within the hook. No idea off hand if this will work from the hook, or have unintended side effects though.
-- mike The Horde Project (www.horde.org) mrubi...@horde.org
smime.p7s
Description: S/MIME Signature
-- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
