[horde] Hacking passwd to work in H4

[Jan Schneider]

Zitat von Stephan Kleber <stephan at admin.nabira.de>:

> Am 17.07.2011 13:07, schrieb Jan Schneider:
>>
>> Zitat von stephan at admin.nabira.de:
>>
>>> Zitat von stephan at admin.nabira.de:
>>>
>>>> Hi,
>>>>
>>>> I was trying out passwd from the git-repository with H4 and realized
>>>> that my browser is waiting indefinetely after a successful password
>>>> change.
>>>>
>>>> I remember to have read that this is due to a design problem which
>>>> prevents passwd from resetting the credentials for all applications
>>>> and that a forced logout was discussed as workaround. But it seams
>>>> this is not implemented yet, is it?
>>>>
>>>> I tried to force a logout myself by inserting into
>>>> passwd/lib/Passwd.php on line 109 the following code:
>>>> $GLOBALS['registry']->clearAuth(true);
>>>>
>>>> This however does not work quite as expected. I get logged out
>>>> alright, but the user does not see this. He gets the "Password
>>>> sucessfully changed" screen with a menu-bar on the left continually
>>>> showing "Loading..." and a rudimentary top menu bar.
>>>>
>>>> If I click on any of the remaining links or buttons I get
>>>> functionality as far as a logged out user gets (for example filing
>>>> problems seems to be possible). If I click on the logout button, I
>>>> get the login-screen as I would like. But I'm not sure all users will
>>>> try that.
>>>>
>>>> Any ideas on a more elegant solution than my brute-force one?
>>>>
>>>> Greetz
>>>> Stephan
>>>
>>> My sincere apologies for the pushing of this topic, but:
>>> Has anyone any ideas on this?
>>
>> You want to user $registry->authenticateFailure, not clearAuth.
>>
>> Jan.
>>
> This goes in the right direction, thank you.
>
> However I need to do the $registry->clearAuth(true) before calling
> authenticateFailure. Else I have the same issue: The Browser waites for
> the page till it times out.
> In combination as follows I get what I want:
>
> $registry->clearAuth(true);
> $registry->authenticateFailure('horde');
>
> One more thing: I found the "Anatomy of a Horde login"-Articles in Jan's
> Blog and tried to set a message for the user that must be logged out. I
> noticed, I definitely do not understand the internals of Horde-Auth. I
> tried to find the necessary API-Calls and came up with this:
>
> $auth = $injector
>     ->getInstance('Horde_Core_Factory_Auth')
>     ->create(($is_auth && $vars->app) ? $vars->app : null);
> $auth->setError('Ihr Passwort wurde erfolgreich geändert. Bitte melden
> Sie sich neu an.');
>
> I prepended this to the above two lines but no message is shown on the
> following login page.
>
> What did I missunderstand? How does this have to look like for it to
> work as I want to?

Pass a Horde_Auth_Exception as the 2nd parameter to  
authenticateFailure(). If you use the Horde_Auth::REASON_MESSAGE error  
code, the exception message will be displayed to the user.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/