FUDforum: Plugins and Code Hacks » New plugin call hook type & OpenID plugin

Home » FUDforum Development » Plugins and Code Hacks » New plugin call hook type & OpenID plugin

Show: Today's Messages :: Polls :: Message Navigator

New plugin call hook type & OpenID plugin [message #162341]

Wed, 28 April 2010 10:12

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

hi,

to support external authentication services like OpenID, OAuth, etc i offer add new plugin call hook type: PRE_AUTHENTICATE. It lets to authenticate without entering login/password and to use native fudforum's redirection to login page. Patch attached. It works for forum.sourcefabric.org

Attachment: login.diff
(Size: 2.22KB, Downloaded 915 times)

[Updated on: Thu, 29 April 2010 17:00]

Report message to a moderator

Re: New plugin call hook type [message #162345 is a reply to message #162341]

Wed, 28 April 2010 18:29

naudefj

Messages: 3771
Registered: December 2004

Karma: 28

Senior Member
Administrator
Core Developer

Great idea! Can you please update the patch for FUDforum 3.0.1 so we can commit it?

Best regards.

Frank

Report message to a moderator

Re: New plugin call hook type [message #162351 is a reply to message #162345]

Wed, 28 April 2010 20:38

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

hi Frank,

for sure. Patch attached.

Some hints about plugin. After first call the plugin should redirect to external auth service where user will be authenticated. Then user is returning again to fudforum login where plugin will catch the passed request params (token, identity, etc) and search for user. On exit plugin should return fud_user_reg object.

Attachment: login.trunk.diff
(Size: 2.25KB, Downloaded 936 times)

[Updated on: Wed, 28 April 2010 20:43]

Report message to a moderator

Re: New plugin call hook type [message #162352 is a reply to message #162351]

Thu, 29 April 2010 06:18

naudefj

Messages: 3771
Registered: December 2004

Karma: 28

Senior Member
Administrator
Core Developer

Great! Your patch was committed: https://sourceforge.net/apps/trac/fudforum/changeset/4950

Can you please also post a working sample plugin that uses PRE_AUTHENTICATE?

Best regards.

Frank

Report message to a moderator

Re: New plugin call hook type [message #162357 is a reply to message #162341]

Thu, 29 April 2010 16:48

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

so, there is simple but full functional openid plugin. It shows how PRE_AUTHENTICATE hook can be used for openid, oauth or any other custom external authentication services at least your corporate server to provide SSO.
Just change example.com in ini to your host name and you can authenticate via google your users who registered with googl's email address. You can change to any other openid provider but only google returns email. By default providers returns just openid identity.

Attachment: openid.plugin.tar.gz
(Size: 19.82KB, Downloaded 902 times)

[Updated on: Thu, 29 April 2010 16:49]

Report message to a moderator

Re: New plugin call hook type [message #162371 is a reply to message #162357]

Mon, 03 May 2010 16:12

naudefj

Messages: 3771
Registered: December 2004

Karma: 28

Senior Member
Administrator
Core Developer

Thanks! Would you mind if we include it into the next FUDforum release?

Report message to a moderator

Re: New plugin call hook type [message #162377 is a reply to message #162371]

Mon, 03 May 2010 20:14

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

Yes, please. It would be good example to show how to use PRE_AUTHENTICATE hook. Thanks.

Report message to a moderator

Re: New plugin call hook type [message #162432 is a reply to message #162377]

Sat, 08 May 2010 18:55

naudefj

Messages: 3771
Registered: December 2004

Karma: 28

Senior Member
Administrator
Core Developer

Your plugin works like a charm! However, I think we should rather move it into core and introduce an admin toggle to enable/disable OpenID logins. We can also add a nifty OpenID selector on the login page. What do you think?

Report message to a moderator

Re: New plugin call hook type [message #162435 is a reply to message #162432]

Mon, 10 May 2010 01:49

The Witcher

Messages: 675
Registered: May 2009
Location: USA

Karma: 3

Senior Member

naudefj wrote on Sat, 08 May 2010 13:55

Your plugin works like a charm! However, I think we should rather move it into core and introduce an admin toggle to enable/disable OpenID logins. We can also add a nifty OpenID selector on the login page. What do you think?

I concur with the admin toggle, like the quick reply function this is an option not everyone would want and even then perhaps not all the time.

"I'm a Witcher, I solve human problems; not always using a sword!"

Report message to a moderator

Re: New plugin call hook type [message #162445 is a reply to message #162432]

Wed, 12 May 2010 07:14

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

naudefj писал(а) Sat, 08 May 2010 14:55

Your plugin works like a charm! However, I think we should rather move it into core and introduce an admin toggle to enable/disable OpenID logins. We can also add a nifty OpenID selector on the login page. What do you think?

well, I think it's a good idea but it requires some additional stuff. Look at sourceforge.net accounting. It uses openid providers to authenticate user and in the account manager you can manage own openid identities (instead of just email). Fudforum Openid plugin can be used with minimal refactoring but in the account manager we have to add new table to handle users openid identities and implement list/add/delete functions. The main idea of implemented openid plugin just show how we can use external authentication (not only openid). For example it could be corporate portal or simply cms.

Report message to a moderator

Re: New plugin call hook type [message #162541 is a reply to message #162445]

Sun, 06 June 2010 15:26

naudefj

Messages: 3771
Registered: December 2004

Karma: 28

Senior Member
Administrator
Core Developer

It would be great if the CURL requirement can somehow be removed.

PS: This works great with Google, but authentication against Yahoo is not really working.

Report message to a moderator

Re: New plugin call hook type [message #162594 is a reply to message #162541]

Mon, 14 June 2010 07:06

omniton

Messages: 6
Registered: April 2010

Karma: 0

Junior Member

Цитата:

It would be great if the CURL requirement can somehow be removed.

CURL is required for ssl connections. It could be implemented via OpenSSL extension but OpenID library was written by other author and it's working enough.

Цитата:

PS: This works great with Google, but authentication against Yahoo is not really working.

I said early that just google always returns email and for using properly of openid authentication should use openid identity instead of email. I've explained here http:// fudforum.org/forum/index.php?t=msg&th=119279&goto=162445&#msg_1 62445

I'd like to say that demo plugin is not full functional implementation of openid authentication - it's just a demo which can be used as example.

Report message to a moderator