Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Refactored authenticator code - please before updating your working copy

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2
Go to End
Author Topic: 4588 Views
  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Refactored authenticator code - please before updating your working copy Link to this post

    Hi guys,

    I refactored the new authenticator code. Now you can easily enable/disable the various authentication methods in sapphire/_config.php.

    Because we have now that new configuration file, the code that changed PHPs include path isn't needed anymore in your mysite/_config.php, so simple delete it (and the constant definition) there.

    The only thing where you may have to add it is the installer when you do a clean install, but since it isn't under version control I can't add the code there.

    I wish you all a great weekend,
    Markus

  • elijahlofgren
    Avatar
    Google Summer of Code Hacker
    222 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    Hi Markus,

    I just tried it out and it works great. Thanks!

    One thing I've noticed in the past is that the "Remember me next time" option does not appear to work. I have not tested it since your latest update. It seems after a couple of hours, I have to login again. Has this functionality been changed?
    Edit: I just got logged out again (it's only been a few hours). So it seems that it still isn't remembering me. It could just be something I'm doing wrong though. ;)

    Cheers,

    Elijah

  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    The "Remember me next time" feature should work as expected. I just tried it.. I logged in yesterday and looked now if I'm still logged in.. all worked as expected.

    The only thing I changed is that now the check box is not checked by default as it was before (for security reasons).

    Can you give me more details? Maybe your browser configuration deletes the cookie after some time!? Can you check that the "alc_enc" cookie is set and that the value of it is "user_id:xxx" where xxx is equal to the "RememberLoginToken" column in the member table.

    Maybe you have also another webapp that deletes you your silverstripe cookie!?

  • elijahlofgren
    Avatar
    Google Summer of Code Hacker
    222 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    > Can you give me more details?

    Hi Markus,

    Thanks for your response. I will plan on trying to reproduce the problem and giving you the details that you requested.

    Thanks,

    Elijah

  • elijahlofgren
    Avatar
    Google Summer of Code Hacker
    222 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    > Can you give me more details? Maybe your browser configuration deletes the cookie after some time!?

    I have Firefox set to keep cookies until they expire and not automatically delete them.

    > Can you check that the "alc_enc" cookie is set and that the value of it is "user_id:xxx" where xxx is equal to the "RememberLoginToken" column in the member table.

    The value of my "alc_enc" cookie is being set to: 1%3A85410e945f2f4dbcdd69b3d171f0e752

    "%3a" is the URL-encode version of ":" according to http://www.w3schools.com/html/html_urlencode.asp

    So it seems that somehow my cookie is not being created correctly.
    I'm using Firefox 2 on Ubuntu Feisty with Apache/2.2.3 (Ubuntu) PHP/5.2.1

    > Maybe you have also another webapp that deletes you your silverstripe cookie!?
    I don't think this is happening because I'm usually only running phpMyAdmin and SilverStripe.

    Thanks for looking into this,

    Elijah

  • elijahlofgren
    Avatar
    Google Summer of Code Hacker
    222 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    I've made the 'Remember me next time' option work on my end by calling urldecode() on the cookie value:

    ------------------------------------------------------------------------
    r38216 | elofgren | 2007-07-10 20:37:49 -0500 (Tue, 10 Jul 2007) | 1 line

    BUGFIX: Make 'Remember me next time?' setting work even if the ':' in _COOKIE['alc_enc'] is converted to '%3a' by calling urldecode($_COOKIE['alc_enc']) See: http://www.silverstripe.com/google-summer-of-code-forum/flat/1826#post1832
    ------------------------------------------------------------------------

    Let me know if it breaks on your end,

    Elijah

  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    Hi Elijah,

    Sorry I think I overlooked your answer with the details..
    That's a strange problem.. maybe a PHP bug!

    According to the PHP documentation the cookie should be automatically urlencoded and decoded:

    Note that the value portion of the cookie will automatically be urlencoded when you send the cookie, and when it is received, it is automatically decoded and assigned to a variable by the same name as the cookie name. If you don't want this, you can use setrawcookie() instead if you are using PHP 5.

    Even if I think your patch doesn't produce any side effects I don't know if it is a good idea to apply it.. The problem has to be somewhere else and we should fix it there!

    The used cookie class is in sapphire/core/Cookie.php and is straightforward.. so I couldn't find any bug there! Maybe you can find it somewhere else.. Otherwise try to update your PHP installation so that we can check if it is a PHP problem..

  • elijahlofgren
    Avatar
    Google Summer of Code Hacker
    222 Posts

    Re: Refactored authenticator code - please before updating your working copy Link to this post

    > Even if I think your patch doesn't produce any side effects I don't know if it is a good idea to apply it.. The problem has to be somewhere else and we should fix it there!

    Hi Markus,

    Agreed. I've filed a trac ticket and CCed you to remind myself to look into this: http://support.silverstripe.com/gsoc/ticket/40

    Thanks,

    Elijah

    4588 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.