Skip to content

Login hooks #25260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 27, 2016
Merged

Login hooks #25260

merged 5 commits into from
Jun 27, 2016

Conversation

@ChristophWurst
Copy link
Contributor

@ChristophWurst ChristophWurst commented Jun 24, 2016
edited
Loading

I found an inconsistency of login hooks while working on #25154.

  1. hooks were triggered twice (once in login and then in loginWithToken)
  2. the post login hook in login was called without tranlating a possible token password to the login password
  3. when logging in a disabled user via token no LoginException was thrown (the login was still blocked, but resulted in a 401 instead)
  4. when logging in via token there was no check whether an app aborted the login process via the post login hook

Needs rebase once #25154 was merged. done

@ChristophWurst ChristophWurst added this to the 9.1-current milestone Jun 24, 2016
@mention-bot
Copy link

mention-bot commented Jun 24, 2016

By analyzing the blame information on this pull request, we identified @icewind1991, @DeepDiver1975 and @blizzz to be potential reviewers

@ChristophWurst
Copy link
Contributor Author

ChristophWurst commented Jun 27, 2016
edited
Loading

Note for reviewers: loginByPassword handles the process of logging in by password, loginByToken handles the token login process. Hence they should perform the same checks.

@ChristophWurst
Copy link
Contributor Author

ChristophWurst commented Jun 27, 2016
edited
Loading

  • TEST: LoginException is thrown in case a user was disabled
  • TEST: login with password works
  • TEST: login with token works
  • TEST: preLogin hook triggered for password logins
  • TEST: preLogin hook triggered for token logins
  • TEST: postLogin hook triggered for password logins
  • TEST: postLogin hook triggered for token logins

@guruz
Copy link
Contributor

guruz commented Jun 27, 2016

Code looks OK, I have not tested it.
👍

@ChristophWurst ChristophWurst mentioned this pull request Jun 27, 2016
Merged
@ChristophWurst
Copy link
Contributor Author

ChristophWurst commented Jun 27, 2016

this fixes token login for clients, which seems to have issues on current master (see failing integration tests of other PRs). @DeepDiver1975 @PVince81 @icewind1991 review please

ChristophWurst
ChristophWurst reviewed Jun 27, 2016
View reviewed changes
lib/private/User/Session.php
}

$this->loginWithToken($password);
$user = $this->getUser();
Copy link
Contributor Author

@ChristophWurst ChristophWurst Jun 27, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the return statement is missing on master, hence the return false; below is executed and the login is considered to have failed.

@ChristophWurst
Copy link
Contributor Author

ChristophWurst commented Jun 27, 2016

PHPDoc added and postLogin hook moved accordingly.

@PVince81
Copy link
Contributor

PVince81 commented Jun 27, 2016

👎 looks like token auth is broken. Works fine on master.

@PVince81
Copy link
Contributor

PVince81 commented Jun 27, 2016

Wait, I forgot to pull

@PVince81
Copy link
Contributor

PVince81 commented Jun 27, 2016

Tested with ext storage that uses post login for user provided creds (had to rebase onto master for that), both password and token login work and the ext storage can be accessed in both cases

👍

@DeepDiver1975 DeepDiver1975 merged commit 86a0e64 into master Jun 27, 2016
@DeepDiver1975 DeepDiver1975 deleted the login-hooks branch June 27, 2016 20:16
@lock
Copy link

lock bot commented Aug 5, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

4 - To release sev2-high Type:Bug

Projects

None yet

Milestone

9.1

Development

Successfully merging this pull request may close these issues.

6 participants

@ChristophWurst @mention-bot @guruz @PVince81 @DeepDiver1975