[
https://issues.apache.org/jira/browse/VCL-1086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395643#comment-16395643
]
Josh Thompson commented on VCL-1086:
------------------------------------
This is an initial pass at the methods each class can implement. These may
change somewhat as development plays itself out, but the final set of methods
should be very close.
*test()* - This is called for each when a user hits the site to determine if
the user's browser has supplied whatever form of credentials are needed for
this authentication method to be able to authenticate the user (example: checks
for a cookie with a specific name). If a call to this function returns true,
authentication via this class is attempted.
*auth()* - This method is called after test() for this class has returned true.
It attempts to authenticate the user. $authtype
*unauth($mode)* - This method is used to destroy the user's authentication
(called with $mode = logout). The $mode argument is either "headers" or
"content". This method is called twice from the logout method, once before any
content is sent, and once after the html header content is sent. This allows
cookies to be destroyed before sending any content.
*processLogin($authtype, $userid, $passwd)* - This is called to process the
login form if it is used for this authentication type. Which authentication
class is instantiated is based on the authtype defined in the $authMechs array
in conf.php. $authtype is an array index from the $authMechs array. $userid and
$passwd are what were entered into the login form.
*addUser($authtype, $userid)* - This would be called when a user is used within
VCL when the user doesn't already exist in the user table. For some
authentication methods (such as Shibboleth), it would only work to call it
during a login because there would be no way to get information about users
otherwise. For others (such as LDAP), it could be called when a user is entered
in a form somewhere in the web site.
*canAddUsers()* - I haven't fully thought through this one, but the idea is to
know if this class can new add users entered into a form or not.
*validateUser($type, $loginid)* - This would be similar to addUser, but
wouldn't actually create the user in the VCL user table, but would just
validate if the account exists.
*updateUser($authtype, $userid)* - This is similar to addUser except that it
updates user information rather than initially adding the user.
> improve modularization of authentication
> ----------------------------------------
>
> Key: VCL-1086
> URL: https://issues.apache.org/jira/browse/VCL-1086
> Project: VCL
> Issue Type: Improvement
> Components: web gui (frontend)
> Reporter: Josh Thompson
> Priority: Major
>
> create a class based system of authentication so that each form of
> authentication can implement a defined set of functions
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
