(OLD 5.7 Discussion FORUM)

New Authentication Method (No Permissions after logged in)

Permalink 1 user found helpful September 29, 2014 at 3:38 PM

So I've created an LDAP authentication method for 5.7 and got it to login perfectly fine. I pretty much merged things from the concrete method and facebook method until I got something that worked properly. One problem though, when someone logs in, they don't have any admin privledges. I've debugged as much as I could and it shows them logged in and in the administrators group, but concrete5 sees them as an average user.

Below is my authenticate function:

public function authenticate()
    {
        $post = $this->post();
        $this->__ldap_connect();
        if (!isset($post['uName']) || !isset($post['uPassword'])) {
            throw new Exception(t('Please provide both username and password.'));
        }
        $uName = $post['uName'];
        $uPassword = $post['uPassword'];
        $bindDn = "userid=$uName," . $this->config('ldapdn');
        if(!@ldap_bind($this->connection,$bindDn,$uPassword)){
           throw new \Exception(t('Invalid username or password.'));        
        }
        else {
            $uinf = UserInfo::getByUserName($uName);

Viewing 15 lines of 33 lines. View entire code block.

 
  public function authenticate()
    {
 
        $post = $this->post();
        $this->__ldap_connect();
        if (!isset($post['uName']) || !isset($post['uPassword'])) {
            throw new Exception(t('Please provide both username and password.'));
        }
        $uName = $post['uName'];
        $uPassword = $post['uPassword'];
 
 
        $bindDn = "userid=$uName," . $this->config('ldapdn');
        if(!@ldap_bind($this->connection,$bindDn,$uPassword)){
           throw new \Exception(t('Invalid username or password.'));        
        }
        else {
 
            $uinf = UserInfo::getByUserName($uName);
          if(!$uinf){
            throw new \Exception(t('This concrete account does not exist.'));
          }
           $uid = User::getByUserID($uinf->getUserID(),true);
 
            if($uid->isRegistered() && $uid->isActive())  {   
                 if(!$this->getUserByLdapUser($uName)){
                    $this->mapUserByLdapUser($uName);
                }                
            }
            else {                
                throw new \Exception(t('This concrete account does not exist.'));
            }
        }
        if ($post['uMaintainLogin']) {
            $uid->setAuthTypeCookie('concrete');
        }
       $this->completeAuthentication($uid);
 
    }

andrew replied on Sep 29, 2014 at 4:58 pm Permalink Best Answer Reply

Hmm, looking at the user object code, I'm wondering if we need to do a better job of clearing out access entity objects on login. What if you add this code before the getByUserID function:

\Session::remove('accessEntities');

I think this should clear the access entities from session, which will then caused them to be refreshed when they're next requested.

zknight replied on Sep 30, 2014 at 8:33 am Permalink Reply

That worked like a charm, thanks.

Edit: One more thing I noticed,
This part of the authenticate function isn't even going to work (I took this from the concrete auth method). The post array isn't unsetting those indexes if they're blank, it's still sending them along so they are actually set. AKA I can leave both fields blank and it bypasses this IF statement.

if (!isset($post['uName']) || !isset($post['uPassword'])) {
            throw new Exception(t('Please provide both username and password.'));
        }

It should be something like this,

if (empty($post['uName']) || empty($post['uPassword'])) {
            throw new Exception(t('Please provide both username and password.'));
        }

Forums

(OLD 5.7 Discussion FORUM)

New Authentication Method (No Permissions after logged in)

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?