Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

on AUTH_SUCCESS goes to default controller?

eleitheleith New
edited July 2010 in Vanilla 2.0 - 2.8
i'm confused about this snippet in class.proxyauthenticator.php 

if ($AuthResponse == Gdn_Authenticator::AUTH_SUCCESS) {
       Gdn::Request()->WithRoute('DefaultController');
 }
for me, this causes all my pages to jump to the discussion page (no matter what URL i'm pointed at). this means when i authenticate with ProxyConnect i can not access dashboard, individual discussions, profiles, etc etc...

when i modify it to 

if ($AuthResponse == Gdn_Authenticator::AUTH_SUCCESS) {
      Gdn::Request();
 }
this works as i need, now i can access other parts of my forum when authenticating with proxyconnect.
i am not using wordpress, but a custom version, pointed at my own service which i output user information in json. the forum lives on a different subdomain than that of the service.

please let me know if i went wrong somewhere, i've had to make a couple of changes to get ProxyConnect working, so i might be making assumptions that the author did not make.

I have successfully deployed the old plugin (SSO) on my pre-RC1 vanilla2 forum and it works great, so migrating is unfortunately not a simple process for me. for example, the old SSO used userIDs pushed out by the proxy as foreign keys, but it seems the current plugin uses Emails as the foreign keys. this seems problematic, because users can change their email addresses, which in turn would change the foreign key uses by the plugin, and then a new user would be created (even though the proxy is pushing out the same userID).

perhaps i'm looking at this wrong? any thoughts?

Comments

  • Options
    binhdobinhdo
    I guess the latter aspect is closely related to my discussion over here:
    http://vanillaforums.org/discussion/12211/issues-regarding-consistency
  • Options
    eleitheleith New
    i've made a couple more changes to get my application userIDs from being used as the foreign key, instead of the email addresses. in class.proxyauthenticator.php i forced the UniqueID to be used instead of the user email address. 

             $UserEmail = ArrayValue('Email', $Response);
             $UserName = ArrayValue('Name', $Response);

             #make sure the uniqueID is read out from the response
             $UserID  = ArrayValue('UniqueID', $Response);

             $UserName = trim(preg_replace('/[^a-z0-9-]+/i','',$UserName));
             $TransientKey = ArrayValue('TransientKey', $Response, NULL);

             #the below will use the email address to associate foreignkeys
             #$AuthResponse = $this->ProcessAuthorizedRequest($Provider['AuthenticationKey'], $UserEmail, $UserName, $TransientKey);

             #the below will use the user unique ID to associate foreignkeys
             $AuthResponse = $this->ProcessAuthorizedRequest($Provider['AuthenticationKey'], $UserID, $UserName, $TransientKey);
    however, i found an unimplemented function that was throwing errors and short circuiting the authentication process silently. i just commented it out. this doesn't feel right, but i don't fully understand the Nonces and whatnot to implement the function myself.

    further down in the same file, just uncomment the following: 


    if ($Token && !is_null($ForeignNonce)) {
                $TokenKey = $Token['Token'];

                #SetNonce is not implemented in this file (or i can't find where it is inherited from?)
                #$this->SetNonce($TokenKey, $ForeignNonce);
             }
    in summary, the previous code changes will get the original service's userIDs to be used as the foreign keys, i've now got a working proxyconnect with a service running on a different subdomain as my forum.

    in total, i've had to make a number of changes overall:

    1. added back support of json encoding of user info from original service (code change in plugin, add entry in config)
    2. modified ProcessAuthorizeRequest to use uniqueID as a foreign key for user association rather than the email address which can change (code change in plugin)
    3. uncommented out unimplemented function (code change in plugin)
    4. had to modify ProxyRequest in vanilla as it was not handling proxying to a different host than that of the form (code change in vanilla, in library/core/general.functions.php, see here: http://vanillaforums.org/discussion/12214/proxyrequest-internal-question-in-functions.general.php/#Item_1)
  • Options
    TimTim Operations Vanilla Staff
    The issue with UserIDs and Emails has been brought up, and I am working on a change to make it use UniqueID by default. Using Email was a short sighted error.

    You may be having a problem with cookies. If the cookie still exists each time the page is loaded, the authenticator will keep trying to authenticate you. This could mean that you have cookies left over from a previous install and they arent being deleted. Try clearing domain cookies.

    This could also mean that your respective applications' cookie domains do not match. They'll need to be the same for it to work. I suggest '.topleveldomain.com'.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Options
    eleitheleith New
    @tim, you are correct, the original code change i suggested in the first post (Requestion->DefaultController) was not needed. it was not a cookie domain mismatch, but just not me clearing out my cookies each time as i was trying to get the proxy to use my foreignkeys that i needed).

    all the other changes however are working and necessary for application uniqueIDs to be used as foreignKeys
  • Options
    TimTim Operations Vanilla Staff
    What version of Vanilla are you using

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Options
    eleitheleith New
    2.0

    i git pulled whatever was on git hub as of last night.
  • Options
    TimTim Operations Vanilla Staff
    So I'm showing the following in my version of ProxyConnect:
    class Gdn_ProxyAuthenticator extends Gdn_Authenticator implements Gdn_IHandshake {

    Gdn_Authenticator, line ~228
    public function SetNonce($TokenKey, $Nonce, $Timestamp = NULL) { $InsertArray = array( 'Token' => $TokenKey, 'Nonce' => $Nonce, 'Timestamp' => date('Y-m-d H:i:s',(is_null($Timestamp)) ? time() : $Timestamp) ); try { $NumAffected = Gdn::Database()->SQL()->Update('UserAuthenticationNonce') ->Set('Nonce', $Nonce) ->Set('Timestamp', $InsertArray['Timestamp']) ->Where('Token', $InsertArray['Token']) ->Put(); if (!$NumAffected->PDOStatement() || !$NumAffected->PDOStatement()->rowCount()) throw new Exception(); } catch (Exception $e) { Gdn::Database()->SQL()->Insert('UserAuthenticationNonce', $InsertArray); } return TRUE; }

    If the function isn't being found, something is horribly screwy with your filesystem. Maybe you have some files that haven't been updated/overwritten?

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Options
    eleitheleith New
    my bad.

    i was assuming the function didn't exist. didn't bother looking into inherited functions.

    there is likely an error that is popping up in there, that breaks out of the try statement from earlier on, so when i comment it out, i get my authentication working. i can further drill in to see where it errors out.
  • Options
    TimTim Operations Vanilla Staff
    Pull the latest code. I'm willing to bet that it was this line:
    if (!$NumAffected->PDOStatement()->rowCount())
    Yesterday I changed it to the following, but didnt commit because we were changing branches so I waited.
    if (!$NumAffected->PDOStatement() || !$NumAffected->PDOStatement()->rowCount())

    Should work better this way.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Options
    eleitheleith New
    thanks @tim.

    that wasn't my problem in the end.

    what was happening was that TransientKey was being interpreted as some empty NON-Null value, which was triggering the if() block to then run SetNonce. that block should only be run if ForeignNonce is NOT null (which will only happen if TransientKey is NOT null)

    i modified the following where the Response from the proxyRequest is parsed out into an array: 
    if ($Result) {
                $ReturnArray = array(
                   'Email'        => ArrayValue('Email', $Result),
                   'Name'         => ArrayValue('Name', $Result),
                   'UniqueID'     => ArrayValue('UniqueID', $Result),
                   'TransientKey' => ArrayValue('TransientKey', $Result)
                );
                return $ReturnArray;
             }
    to: 
    if ($Result) {
                $ReturnArray = array(
                   'Email'        => ArrayValue('Email', $Result),
                   'Name'         => ArrayValue('Name', $Result),
                   'UniqueID'     => ArrayValue('UniqueID', $Result),
                   'TransientKey' => ArrayValue('TransientKey', $Result, NULL)
                );
                return $ReturnArray;
             }
    now my TransientKey (which is not present in my json encoded user array) evaluates to NULL and that port of the code is never triggered.

  • Options
    TimTim Operations Vanilla Staff
    Good catch, I'll add that to the core :)

    Vanilla Forums COO [GitHub, Twitter, About.me]

Sign In or Register to comment.