Quoting Michael J Rubinsky <mrubi...@horde.org>:
Quoting Maxime Pelletier <maxime.pellet...@educsa.org>:
Michael J Rubinsky <mrubinsk <at> horde.org> writes:
Hi Jan,
Thanks a lot for taking the time to answer my question.
However, I would appreciate if you could give me a little bit more details
about that, or point me to some documentation.
I couldn't locate the validateAuth() method. I'm not even sure if this is
supposed to be at Horde or IMP level. We configured our server so that IMP
provides authentication.
It's a method exposed by the authentication object. See Horde_Auth::
Also, what is the right way to validate that a user is already logged in?
Horde_Auth::validateAuth()
And what is the right way to log out a user?
Horde_Registry::clearAuth()
Jan had written a very comprehensive post regarding how authentication
works in Horde (Hint: it's fairly complicated). IIRC, it was written
for Horde 4, but the concepts are still mostly valid in Horde 5. See
http://janschneider.de/news/5/342
Hi Michael,
Thanks for your reply. I didn't remember those articles written by Jan. It
helped me understand better the login process.
However, I wanted to take a different approach which is a lot simpler. I
added this preauthentication hook for Horde:
=============
public function preauthenticate($userId, $credentials)
{
if ( $GLOBALS['registry']->isAuthenticated() &&
$GLOBALS['registry']->getAuth() != $userId ) {
return false;
}
return true;
}
=============
So if someone is already logged in, and that the userId of the current
connection is not the same as the one already logged in, then it fails.
It somehow works because I get this error message in the logs when I try to
login to Horde with a user different from the one already connected:
=============
HORDE: [horde] FAILED LOGIN for secondUser [11.21.111.11] to Horde [pid
21316 on line 231 of "/var/www/html/horde/login.php"]
=============
Unfortunately, it doesn't log out the user currently logged in so Horde is
opened with the account of the first user.
In short, shouldn't we expect that if preauthenticate() fails, then any
session opened would be cleared out?
No, because it's a *pre* authenticate hook, which is designed to
only alter the login credentials before authentication occurs. It's
not designed to log out an already authenticated session. This is
exactly what the above mentioned validateAuth method is for - to
validate that the current session is still valid using whatever
method makes sense for the authentication backend.
If you want to continue with this strategy instead of the more
correct way of writing an authentication driver for your setup, you
could try to manually clear the session using
Horde_Registry::clearAuth() from within the hook.
You *really* need to be implementing a custom authentication driver
for this setup.
michael
___________________________________
Michael Slusarz [slus...@horde.org]
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
