Project

General

Profile

Actions

Defect #18148

open

hook controller_account_success_authentication_after not called with auth_sources

Added by Sylvain V over 9 years ago. Updated over 9 years ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If users are registered by an auth_sources

See Alternativecustom_authentication_HowTo

the hook is not used.

:controller_account_success_authentication_after

source:trunk/app/controllers/account_controller.rb#L258

is it the expected behavior?


Files

redmine_register.png (24.2 KB) redmine_register.png register form at login for on the fly registration with custom field Confirm Sylvain V, 2014-10-28 11:49
Actions #1

Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from New to Needs feedback

It should be called when a successfull password authentication occurs. Can you give more details about your problem or a patch that shows a possible fix ?

Actions #2

Updated by Sylvain V over 9 years ago

I will double check the methods traversed by the onthe_fly creation process. But I think at register time, the path in the code doesn't use the hook. I had to modify the account controller directly. I'm gonna isolate the behavior and post a use case and/or a patch.

I had modified the registration to setup new user in a Group / Role / Project at creation time.

Actions #3

Updated by Sylvain V over 9 years ago

OK. I think I got the trick.

Here what I've done:

I added an custom AuthSource. See ticket description.

source at: source:branches/2.5-stable/

So the process:

  1. /login app/controllers/account_controller.rb will call: def password_authentication
  2. which call app/models/user.rb def self.try_to_login
  3. which call app/models/auth_source.rb AuthSource.authenticate(login, password)
  4. which call in loop AuthSources referenced in database with :onthefly_register => true
  5. returning an attrs Hash, fetching some user info, email, firstName, lastName, if any
  6. as those fields are required a register form will appear if something is missing
  7. app/controllers/account_controller.rb def register
  8. if the user enter valid information here, he will be registered
  9. issuing a redirect_to my_account_path

So app/controllers/account_controller.rb def successful_authentication is never called in this scheme. Nor call_hook(:controller_account_success_authentication_after, {:user => user })

As data fetched from my AuthSource is legacy data, I used this behavior above by forcing register to appear by setting a custom required boolean on user. (Confirm)

Actions #4

Updated by Jean-Philippe Lang over 9 years ago

Thank you for this detailed explanation. I'd say it's the expected behaviour and I'm not in favor of changing this for compatibility reasons since existing hooks may not expect an unsaved user. Maybe we can add a specific hook, can you tell what you need to do in your hook in this situation?

Actions #5

Updated by Sylvain V over 9 years ago

after submitting data, they are saved and authenticated…

so the hook's name let me think it will be called after authentication. I put my code directly in the controller inside register and it works as expected.

here: source:branches/2.5-stable/app/controllers/account_controller.rb#L128

May be still the expected behavior…

What I'm doing at this stage, is to assign the newly AuthSource authenticated user to a project and group and role.

Actions

Also available in: Atom PDF