[dev] [cvs] commit: horde login.php horde/templates/index frames_index.inc horde/templates/login header.inc login.inc mobile.inc horde/services changepassword.php facebook.php logintasks.php twitter.php twitterapi.php horde/services/portal edit.php ...

Jan Schneider jan at horde.org
Wed Jul 22 08:12:34 UTC 2009 

Zitat von Michael M Slusarz <slusarz at horde.org>:

>>  New unified Horde login page.

Great!

> * All necessary authentication checking should now be handled by  
> Horde_Registry::pushApp() (if the second parameter is true).   
> pushApp() will throw a Horde_Exception on 3 conditions:
>   + Bad permissions
>   + Bad authentication
>   + Application not active (currently not caught, so will cause a  
> fatal error)
>
>   The auth code in an app's base.php file looks like this:
>
> $registry = Horde_Registry::singleton();
> try {
>     $registry->pushApp($appname, $check_auth_and_perms?);
> } catch (Horde_Exception $e) {
>     Horde_Auth::authenticationFailureRedirect($app, $e);
> }

Shouldn't this rather be a Horde_Auth_Exception? This seems like a  
perfect example why we should have special Exceptions in *any* library  
that throws them.

> * Hooks probably don't work yet.  We may need to rethink hooks a  
> bit.  First, there should not be need for app-specific pre/post-auth  
> hooks.  This will all be handled by a single hook in Horde ($app  
> will be one of the parameters passed to the hook).  Unfortunately,  
> pre-auth hooks don't make any sense for transparent auth or for apps  
> that don't need authentication since any value returned from the  
> pre-auth hook is totally ignored.  I recommend the following  
> refactoring of these hooks:
>
>   + pre-auth hook: called only for horde-auth/apps that need  
> authentication. This hook is solely for the purpose of altering auth  
> credentials.
>   + post-auth hook: called for all apps after user has been  
> authenticated to the module. App-specific setup can be handled in  
> here. Return value of false indicates application is not available.

Does that mean that post-auth is called for every module?

Regarding transparent authentication, I don't understand why the auth  
hooks should be ignored, or is this just a description of the current  
state? We should make both hooks work here too, I don't see a reason  
why they would make less sense for transparent auth.

> * Some of the more exotic drivers may not work, simply because I  
> have no way to test (e.g. cyrsql w/admin functions).
>
> * I have simplified the composite driver - its only purpose now is  
> to allow separate admin and auth drivers to be combined into a  
> single interface.  The wiki page will need to be updated.

Was it ever doing anything else? :)

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.horde.org/archives/dev/attachments/20090722/e1663c16/attachment-0001.bin>

More information about the dev mailing list