Download presentation
Presentation is loading. Please wait.
Published byJude Haisley Modified over 9 years ago
1
Authentication in Joomla! 1.5 Presented By: Jason Kendall Joomla! Development Workgroup
2
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 2 About Me Born in Feb 1979, started in the computing industry with Pong. In the late ‘80s moved into the Commodore 64 where I developed utilities in Basic (Yes, before I was 10). Moved into a Tandy PC shortly there after when even more Basic programming was completed including a full blown login system. I ran a BBS (‘The BBS Enterprise’) for 4 years and became a regular poster on the Fido Network. First introduction to the Internet was via my high school to the time where we accessed gopher and telnet via a shared modem line. I started with Slackware Linux in the early ‘90s and ever since then I’ve been working with new technologies including VoIP, and IPv6. Started PHP development in Feb 2000 with my own concept of what is now known as MVC, although you wouldn’t know it. I’m currently working as an Information Security Analyst and hold a number of certifications on computer networking and technologies.
3
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 3 Overview Changes from 1.x Structure/How it works Code base details Hello World Example GMail Example OpenID & our pit falls Other schemes to implement Questions
4
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 4 What has changed since 1.x? Added Plug-in system using JDispatch Ability to completely customize the authentication system from end to end Ability for end plug-ins to overwrite user details for user auto-creation. ie: One can login with LDAP email address, and rewrite the UserID to just the login Enabled the creation of temp users from external plugins.
5
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 5 Structure Joomla! Application Joomla Auth OpenID Auth Other Auth Plugins LDAP Auth The Joomla! application sends the authentication request to all enabled plug-ins. The order is based on the plug- in rank in the manager. Each plug-in processes the request and sends back a status to the handler. The handler checks for a success and passes it off to the application. In the case of a failure, it logs the errors to JLog for analysis by the admin.
6
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 6 Code Base function onAuthenticate( $username, $password ) Process an Authentication request Gets a username and password Returns a JAuthenticateResponse object status JAUTHENTICATE_STATUS_SUCCESS JAUTHENTICATE_STATUS_FAILURE error_message Can be any text Text should identify the error that occurred Gets sent to JLog system to be logged On failure end user will only see invalid credentials response Can also return: username, fullname, password etc.
7
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 7 Code Base cont. function onAuthenticateFailure( $username, $password ) Fires when only a failure is detected. Can be used to clear details from J! or cookies on failure.
8
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 8 Code Base cont. function onLoginUser( $response, $remember ) Processed on a successful login by a plugin $response is the JAuthenticateResponse from the accepted plugin $remember is set when the user wants to be remembered
9
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 9 Code Base cont. function onLogoutUser( $parameters ) Processed on a logout request from user $parameters is an array: Username: The username being logged out ID: The users ID
10
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 10 Code Base cont. Extra events for syncing users include: onBeforeStoreUser onAfterStoreUser onBeforeDeleteUser onAfterDeleteUser
11
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 11 Hello World of Authentication function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('example'); if ($username == “Hello” && $password == “World”) $return->type = JAUTHENTICATE_STATUS_SUCCESS; else $return->type = JAUTHENTICATE_STATUS_FAILURE; return $return; }
12
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 12 GMail Example function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('gmail'); $curl = curl_init("https://mail.google.com/gmail/feed/atom"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERPWD, "$username:$password"); $result = curl_exec($curl); $code = curl_getinfo ($curl, CURLINFO_HTTP_CODE); $message = ''; $success = 0; switch($code) { case 200: $message = 'Access Granted'; $success = 1; break; case 401: $message = 'Access Denied'; break; default: $message = 'Result unknown, access denied.'; break; } if ($success) { $return->status = JAUTHENTICATE_STATUS_SUCCESS; $return->email = $username; $return->fullname = $username; } else { $return->status = JAUTHENTICATE_STATUS_FAILURE; $return->error_message= 'Failed to authenticate: '. $message; } return $return; }
13
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 13 OpenID & Our Pit Falls Issues Cookie data needs to be sent to client It must redirect to external site It should return to the authentication plug-in Limited Support in PHP4
14
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 14 OpenID & Our Pit Falls cont. Used JSession to store cookies Built URIs with JURI and redirected via $mainframe Returned mimicking a login form response Checked for cookie/session state to complete the request Used SimpleXML to mimic OpenID requests
15
March 23rd 10:15 AMDRAFT Presented By Jason Kendall Joomla! Development Workgroup 15 Other schemes Radius RSA SecurID WiKID Extendable External Databases (EED) Google Account Authentication Kerberos IMap/POP3
16
Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.