[dev] [cvs] commit: horde login.php horde/templates/index frames_index.inc horde/templates/login header.inc login.inc mobile.inc horde/services changepassword.php facebook.php logintasks.php twitter.php twitterapi.php horde/services/portal edit.php ...

Michael M Slusarz slusarz at horde.org
Tue Jul 21 22:55:08 UTC 2009 

Quoting Michael M Slusarz <slusarz at horde.org>:

> slusarz     2009-07-21 18:31:12 EDT
>
>   Modified files:
>     .                    login.php
>     templates/index      frames_index.inc
>     templates/login      login.inc mobile.inc
>     services             changepassword.php facebook.php
>                          logintasks.php twitter.php twitterapi.php
>     services/portal      edit.php index.php rpcsum.php syncml.php
>     lib                  base.php
>     docs                 CHANGES
>     config               hooks.php.dist
>   Added files:
>     js/src               login.js
>   Removed files:
>     templates/login      header.inc
>   Log:
>   New unified Horde login page.

Some notes on the new login code:
* I've verified the following works:
   + Using a horde-based auth (I tested with the IMAP driver), logging  
into Horde
   + Using IMP auth (application driver), logging into IMP
   + Using a horde-based auth, auto-logging into IMP via 'hordeauth'
   + Using a horde-based auth, logging into IMP after being logged into Horde

* Application auth is automatically determined by whether the app API  
defines an authAuthenticate method.

* All necessary authentication checking should now be handled by  
Horde_Registry::pushApp() (if the second parameter is true).   
pushApp() will throw a Horde_Exception on 3 conditions:
   + Bad permissions
   + Bad authentication
   + Application not active (currently not caught, so will cause a fatal error)

   The auth code in an app's base.php file looks like this:

$registry = Horde_Registry::singleton();
try {
     $registry->pushApp($appname, $check_auth_and_perms?);
} catch (Horde_Exception $e) {
     Horde_Auth::authenticationFailureRedirect($app, $e);
}

That's it.  Horde framework apps no longer need to do authentication  
themselves - horde/lib/base.php will correctly handle authentication  
without worry of infinite loops and the like.

* Login tasks handling probably doesn't work yet.

* Hooks probably don't work yet.  We may need to rethink hooks a bit.   
First, there should not be need for app-specific pre/post-auth hooks.   
This will all be handled by a single hook in Horde ($app will be one  
of the parameters passed to the hook).  Unfortunately, pre-auth hooks  
don't make any sense for transparent auth or for apps that don't need  
authentication since any value returned from the pre-auth hook is  
totally ignored.  I recommend the following refactoring of these hooks:

   + pre-auth hook: called only for horde-auth/apps that need  
authentication. This hook is solely for the purpose of altering auth  
credentials.
   + post-auth hook: called for all apps after user has been  
authenticated to the module. App-specific setup can be handled in  
here. Return value of false indicates application is not available.

* Some of the more exotic drivers may not work, simply because I have  
no way to test (e.g. cyrsql w/admin functions).

* I have simplified the composite driver - its only purpose now is to  
allow separate admin and auth drivers to be combined into a single  
interface.  The wiki page will need to be updated.

Probably some other things I am forgetting that I will bring up as I remember.

michael

-- 
___________________________________
Michael Slusarz [slusarz at horde.org]

More information about the dev mailing list