Project

General

Profile

Redmain auth against MyBB DB, almost complite! Help!

Added by KEMBL L over 14 years ago

Please help to end /redmine/app/models/auth_source_mybb.rb it almost complited, but I have got nasty error, which as i mean not related to module, cause it occurs AFTER auth success.

Error text in production.log

NoMethodError (undefined method `stringify_keys!' for #<Array:0x2aafdb20b628>):
  app/models/user.rb:115:in `new'
  app/models/user.rb:115:in `try_to_login'
  app/controllers/account_controller.rb:147:in `password_authentication'
  app/controllers/account_controller.rb:142:in `authenticate_user'
  app/controllers/account_controller.rb:30:in `login'
  /usr/local/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
  /usr/local/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
  /usr/local/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
  /usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start'
  /usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
  /usr/local/lib/ruby/1.8/webrick/server.rb:95:in `start'
  /usr/local/lib/ruby/1.8/webrick/server.rb:92:in `each'
  /usr/local/lib/ruby/1.8/webrick/server.rb:92:in `start'
  /usr/local/lib/ruby/1.8/webrick/server.rb:23:in `start'
  /usr/local/lib/ruby/1.8/webrick/server.rb:82:in `start'

Rendering /usr/work/tech_dep/redmine/redmine/public/500.html (500 Internal Server Error)

Redmine SQL auth_sources setup


--
-- `redmine`.`auth_sources` table dump
--

INSERT INTO `auth_sources` (`id`, `type`, `name`, `host`, `port`, `account`, `account_password`, `base_dn`, `attr_login`, `attr_firstname`, `attr_lastname`, `attr_mail`, `onthefly_register`, `tls`) VALUES
(1, 'AuthSourceMyBB', 'MyBB auth system', 'myserver.mynet.ru', 3306, 'user_redmine', 'DBPASSWORD', 'mysql:mybb_forum', NULL, NULL, NULL, NULL, 1, 0);

Auth module model source /redmine/app/models/auth_source_mybb.rb

# Version:  $Id: auth_source_mybb.rb 1 2010-05-07 10:18:18 $
#
# Auth module
# Authentication against MyBB users database
# KEMBL ICQ #1413559
#
require 'digest/md5'

#see http://www.redmine.org/wiki/redmine/Alternativecustom_authentication_HowTo
class MyAppCustomDB_ActiveRecord < ActiveRecord::Base
   PAUSE_RETRIES = 5
   MAX_RETRIES = 50
end

class AuthSourceMyBB < AuthSource
  def authenticate(login, password)
    return nil if login.blank? || password.blank?
    attrs = []
    # get user's data

    # First, get the DB Adapter name and database to use for connecting:
    adapter, dbName = self.base_dn.split(':')

    # Second, try to get a connection, safely dealing with the MySQL<->ActiveRecord
    # failed connection bug that can still arise to this day (regardless of
    # reconnect, oddly).
    retryCount = 0
    begin
      connPool = MyAppCustomDB_ActiveRecord.establish_connection(
        :adapter  => adapter,
        :host     => self.host,
        :port     => self.port,
        :port     => self.port,
        :username => self.account,
        :password => self.account_password,
        :database => dbName,
        :reconnect => true
      )
      db = connPool.checkout()
      rescue => err # for me, always due to dead connection; must retry bunch-o-times to get a good one if this happens
         if(retryCount < MyAppCustomDB_ActiveRecord::MAX_RETRIES)
           sleep(1) if(retryCount < MyAppCustomDB_ActiveRecord::PAUSE_RETRIES)
           retryCount += 1
           RAILS_DEFAULT_LOGGER.error("\n RetryCount #{retryCount} \n")
           connPool.disconnect!
           retry # start again at begin
         else # too many retries, serious, reraise error and let it fall through as it normally would in Rails.
           raise
         end
       end

#     db = ActiveRecord::Base.connection();
     query_text = "SELECT uid, username, email, password, salt  FROM `mybb_users` WHERE username = '"+db.quote_string(login)+"' AND uid not in (SELECT uid FROM `mybb_banned`) LIMIT 1" 
     RAILS_DEFAULT_LOGGER.error("1 Build Auth DB Query: '" + query_text + "'")
     query = db.select_one(query_text)

     if (query.nil? or query.empty?)
        RAILS_DEFAULT_LOGGER.error("2 Can't select user from MyBB DB or request error!!!")
        return nil
     end

     RAILS_DEFAULT_LOGGER.error("3 Auth user_id from DB response: " + query['uid'])

     hash = query['password']
     salt = query['salt']
     # MyBB Encryption method
     # md5(md5($salt).md5($pass))

     test_hash = Digest::MD5.hexdigest(salt) + Digest::MD5.hexdigest(password)
     test = Digest::MD5.hexdigest(test_hash)

     unless (test == hash)
      RAILS_DEFAULT_LOGGER.error("4 Password hash compare error!!!")
      return nil
     end
     attrs =
     [
      :firstname => query['username'],
      :lastname => query['username'],
      :mail => query['email'],
      :auth_source_id => self.id
     ] if (onthefly_register?)

    attrs = attrs.stringify_keys

     logger.info("5 User '" + query['username'] + "' (" + query['email'] + ") MyBB auth success!!!") if logger

     # Check connection back into pool.
     connPool.checkin(db)
     return attrs
  end

#  # test the connection to the MySQL
#  def test_connection
#  end

  def auth_method_name
    "MyBB" 
  end

end



Replies (3)

RE: Redmain auth against MyBB DB, almost complite! Help! - Added by KEMBL L over 14 years ago

I'am sorry, the listing mast to have no string 84 (attrs = attrs.stringify_keys), this was only test try to localise error.

I have no big experience with Ruby and I think there is some simple attrs params format misunderstanding. Please point me to right way!

RE: Redmain auth against MyBB DB, almost complite! Help! - Added by Holger Just over 14 years ago

Your attrs is created as an array (as is always with square brackets. What you want is a hash, created with curly braces. Not the difference:

attrs = [:a, :b,:c]
puts attrs.class # Array

A hash is created like this.

attrs = {:a => 1,
         :b => 2,
         :c => 3}
puts attrs.class # Hash

But note, that your code has some potential scalability issues (at least a new db connection for each request). It also swallows exceptions.

Also, are you sure, the salt and the password are indivudually md5'ed, concatenated and then again md5'ed? That would be rather uncommon. Most schemas work like password = MD5(salt+password).

RE: Redmain auth against MyBB DB, almost complite! Help! - Added by KEMBL L over 14 years ago

Thank you Holger!!!

After brackets was fixed, аll works just fine. I can now login to Redmine with login from MyBB forum, so all right with hash encryption!

But note, that your code has some potential scalability issues (at least a new db connection for each request). It also swallows exceptions.

I found this approach on this resource http://www.redmine.org/wiki/redmine/Alternativecustom_authentication_HowTo

My small Ruby experience does not me allow to check is this method is optimal. But, as I understand, I need only one request to MyBB database for get user auth params, and in this case persistent connection have no matter.

And one more, thank you Holger!!! :)

    (1-3/3)