-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add extensible authentication mechanism #20
Comments
On 12/18/2014 06:19 PM, Arthur Fabre wrote:
Yes
Absolutely. This is how I had in mind to implement a pluggable quota Generally, I'd follow how RoundCube does it (which is very simple), htdocs/include/plugins/auth/[name] and you specify the required plugin in the configuration file: $authMethod = "[name]"; which is then included. Like you say, a single method would be enough for authentication to When constructing the class however, we might need some extra parameters I would provision something like: $authData = array()... in the configuration file which is passed directly to the constructor of Better ideas? |
That seems like a nice way of doing it - it's very similar to what a lot of projects seem to do.
That would work pretty well, we could implement pretty much any auth source that way. |
On 12/19/2014 01:07 PM, Arthur Fabre wrote:
I'll keep it simple at first. extending |
Note: should we handle ticket authentication in here as well? |
Currently, either the built in authentication mechanism or external authentication can be used.
This is fine as long as the webserver used has the required modules to preform the desired authentication, but this becomes a limitation when it can't (ie lacking ldap auth in nginx, or a shared hosting environment).
We could define a simple
AuthenticationSource
class that has a single method -authenticateUser($username, $password)
that would either returnfalse
if the user can't be authenticated, or returnarray("user" => $user, "email" => $email)
(This could be extended to provide more information, such as the name of a user).The basic database authentication, and external webserver authentication could be reimplemented as two AuthenticationSources.
The allowed AuthenticationSources could then be specified in the config file, allowing users to have more control over the authentication, and allowing them to write their own AuthenticationSources if they need.
Is this a modification that would be accepted / welcome?
The text was updated successfully, but these errors were encountered: