Defect #18148

hook controller_account_success_authentication_after not called with auth_sources

Added by Sylvain V almost 8 years ago. Updated almost 8 years ago.

Status:Needs feedbackStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution: Affected version:2.5.2

Description

If users are registered by an auth_sources

See Alternativecustom_authentication_HowTo

the hook is not used.

:controller_account_success_authentication_after

source:trunk/app/controllers/account_controller.rb#L258

is it the expected behavior?

redmine_register.png - register form at login for on the fly registration with custom field Confirm (24.2 KB) Sylvain V, 2014-10-28 11:49

History

#1 Updated by Jean-Philippe Lang almost 8 years ago

  • Status changed from New to Needs feedback

It should be called when a successfull password authentication occurs. Can you give more details about your problem or a patch that shows a possible fix ?

#2 Updated by Sylvain V almost 8 years ago

I will double check the methods traversed by the onthe_fly creation process. But I think at register time, the path in the code doesn't use the hook. I had to modify the account controller directly. I'm gonna isolate the behavior and post a use case and/or a patch.

I had modified the registration to setup new user in a Group / Role / Project at creation time.

#3 Updated by Sylvain V almost 8 years ago

OK. I think I got the trick.

Here what I've done:

I added an custom AuthSource. See ticket description.

source at: source:branches/2.5-stable/

So the process:

  1. /login app/controllers/account_controller.rb will call: def password_authentication
  2. which call app/models/user.rb def self.try_to_login
  3. which call app/models/auth_source.rb AuthSource.authenticate(login, password)
  4. which call in loop AuthSources referenced in database with :onthefly_register => true
  5. returning an attrs Hash, fetching some user info, email, firstName, lastName, if any
  6. as those fields are required a register form will appear if something is missing
  7. app/controllers/account_controller.rb def register
  8. if the user enter valid information here, he will be registered
  9. issuing a redirect_to my_account_path

So app/controllers/account_controller.rb def successful_authentication is never called in this scheme. Nor call_hook(:controller_account_success_authentication_after, {:user => user })

As data fetched from my AuthSource is legacy data, I used this behavior above by forcing register to appear by setting a custom required boolean on user. (Confirm)

#4 Updated by Jean-Philippe Lang almost 8 years ago

Thank you for this detailed explanation. I'd say it's the expected behaviour and I'm not in favor of changing this for compatibility reasons since existing hooks may not expect an unsaved user. Maybe we can add a specific hook, can you tell what you need to do in your hook in this situation?

#5 Updated by Sylvain V almost 8 years ago

after submitting data, they are saved and authenticated…

so the hook's name let me think it will be called after authentication. I put my code directly in the controller inside register and it works as expected.

here: source:branches/2.5-stable/app/controllers/account_controller.rb#L128

May be still the expected behavior…

What I'm doing at this stage, is to assign the newly AuthSource authenticated user to a project and group and role.

Also available in: Atom PDF