[horde] Hacking passwd to work in H4

Stephan Kleber stephan at admin.nabira.de
Thu Jul 21 15:27:07 UTC 2011



Am 17.07.2011 13:07, schrieb Jan Schneider:
> 
> Zitat von stephan at admin.nabira.de:
> 
>> Zitat von stephan at admin.nabira.de:
>>
>>> Hi,
>>>
>>> I was trying out passwd from the git-repository with H4 and realized
>>> that my browser is waiting indefinetely after a successful password
>>> change.
>>>
>>> I remember to have read that this is due to a design problem which
>>> prevents passwd from resetting the credentials for all applications
>>> and that a forced logout was discussed as workaround. But it seams
>>> this is not implemented yet, is it?
>>>
>>> I tried to force a logout myself by inserting into
>>> passwd/lib/Passwd.php on line 109 the following code:
>>> $GLOBALS['registry']->clearAuth(true);
>>>
>>> This however does not work quite as expected. I get logged out
>>> alright, but the user does not see this. He gets the "Password
>>> sucessfully changed" screen with a menu-bar on the left continually
>>> showing "Loading..." and a rudimentary top menu bar.
>>>
>>> If I click on any of the remaining links or buttons I get
>>> functionality as far as a logged out user gets (for example filing
>>> problems seems to be possible). If I click on the logout button, I
>>> get the login-screen as I would like. But I'm not sure all users will
>>> try that.
>>>
>>> Any ideas on a more elegant solution than my brute-force one?
>>>
>>> Greetz
>>> Stephan
>>
>> My sincere apologies for the pushing of this topic, but:
>> Has anyone any ideas on this?
> 
> You want to user $registry->authenticateFailure, not clearAuth.
> 
> Jan.
> 
This goes in the right direction, thank you.

However I need to do the $registry->clearAuth(true) before calling
authenticateFailure. Else I have the same issue: The Browser waites for
the page till it times out.
In combination as follows I get what I want:

$registry->clearAuth(true);
$registry->authenticateFailure('horde');

One more thing: I found the "Anatomy of a Horde login"-Articles in Jan's
Blog and tried to set a message for the user that must be logged out. I
noticed, I definitely do not understand the internals of Horde-Auth. I
tried to find the necessary API-Calls and came up with this:

$auth = $injector
    ->getInstance('Horde_Core_Factory_Auth')
    ->create(($is_auth && $vars->app) ? $vars->app : null);
$auth->setError('Ihr Passwort wurde erfolgreich geändert. Bitte melden
Sie sich neu an.');

I prepended this to the above two lines but no message is shown on the
following login page.

What did I missunderstand? How does this have to look like for it to
work as I want to?

Thanks,
Stephan


More information about the horde mailing list