You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "Josh Thompson (JIRA)" <ji...@apache.org> on 2018/03/12 18:19:00 UTC
[jira] [Commented] (VCL-1086) improve modularization of
authentication
[ https://issues.apache.org/jira/browse/VCL-1086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395643#comment-16395643 ]
Josh Thompson commented on VCL-1086:
------------------------------------
This is an initial pass at the methods each class can implement. These may change somewhat as development plays itself out, but the final set of methods should be very close.
*test()* - This is called for each when a user hits the site to determine if the user's browser has supplied whatever form of credentials are needed for this authentication method to be able to authenticate the user (example: checks for a cookie with a specific name). If a call to this function returns true, authentication via this class is attempted.
*auth()* - This method is called after test() for this class has returned true. It attempts to authenticate the user. $authtype
*unauth($mode)* - This method is used to destroy the user's authentication (called with $mode = logout). The $mode argument is either "headers" or "content". This method is called twice from the logout method, once before any content is sent, and once after the html header content is sent. This allows cookies to be destroyed before sending any content.
*processLogin($authtype, $userid, $passwd)* - This is called to process the login form if it is used for this authentication type. Which authentication class is instantiated is based on the authtype defined in the $authMechs array in conf.php. $authtype is an array index from the $authMechs array. $userid and $passwd are what were entered into the login form.
*addUser($authtype, $userid)* - This would be called when a user is used within VCL when the user doesn't already exist in the user table. For some authentication methods (such as Shibboleth), it would only work to call it during a login because there would be no way to get information about users otherwise. For others (such as LDAP), it could be called when a user is entered in a form somewhere in the web site.
*canAddUsers()* - I haven't fully thought through this one, but the idea is to know if this class can new add users entered into a form or not.
*validateUser($type, $loginid)* - This would be similar to addUser, but wouldn't actually create the user in the VCL user table, but would just validate if the account exists.
*updateUser($authtype, $userid)* - This is similar to addUser except that it updates user information rather than initially adding the user.
> improve modularization of authentication
> ----------------------------------------
>
> Key: VCL-1086
> URL: https://issues.apache.org/jira/browse/VCL-1086
> Project: VCL
> Issue Type: Improvement
> Components: web gui (frontend)
> Reporter: Josh Thompson
> Priority: Major
>
> create a class based system of authentication so that each form of authentication can implement a defined set of functions
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)