[dev] passwd vs imp auth Re: [commits] Horde branch master updated. f1a9c26a2e5e8b5edf4216f6278426593e4dda69

Michael M Slusarz slusarz at horde.org
Tue Dec 4 08:31:32 UTC 2012 

Quoting Ralf Lang <lang at b1-systems.de>:

>> I believe this has been previously mentioned... but for this to work
>> correctly/properly, there needs to be a defined Horde-wide API callback
>> that indicates that the authentication credentials have changed.  See,
>> e.g., Horde_Registry_Application#changeLanguage().
>
> That's exactly why I'm discussing it. I've been searching for ways to
> indicate to the app that it should reauthenticate with new credentials.
> In a previous discussion, we already ruled out destroying the session.
>
> One option would be to amend Registry->setAuthCredential in a way that
> apps may or may not do additional stuff.
>
> I think adding an Api call would go beyond "bug fixing" and needs to be
> done in develop, right?

With our package structure, this is now something that can be added to  
the Core functionality without requiring a new major release.  If  
implemented via a Registry_Application call, this will bump the  
Registry API.  But it's not BC breaking, since you can update  
Horde_Core without updating applications and it won't break anything  
(it won't do anything either, but that's not relevant for this  
discussion).

It does make sense to implement in this matter.  Not a big deal if one  
of these more untested apps (passwd) requires something other than a  
x.0 install anyway; in other words, I'm suggesting that this sort of  
registry change is most appropriate to add to IMP 6.1.  There's still  
some limitations though: any user defined code in an init hook won't  
be triggered if the password changes.  *That* is something that can't  
really be addresses until the next major Horde release.

In other words - the best/cleanest solution is probably to instead  
require that if the password changes, the Horde session is destroyed.   
IMHO, this is not asking too much: password changes are fairly rare,  
it prevents all possible authentication problems, and this is not an  
alien concept to users since all sorts of websites require  
re-authentication when the password changes.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]

More information about the dev mailing list