Bug #15435
closed
The user authentification Service fails after the user couldn't be authentificated with the first auth-method
0%
Description
The user authentification Service fails after the user couldn't be authentificated with the first auth-method. Additional Methods won't even be asked.
So I someone uses more than one authentification service the second, third, ... won't work.
File= t3lib/class.t3lib_userauth.php,
Method=checkAuthentication,
Line=392
This is caused by an wrong argument that breaks the current while - loop
if(!$this->svConfig['setup'][$this->loginType.'_fetchAllUsers']) {
break;
}
... should be...
if(!$this->svConfig['setup'][$this->loginType.'_alwaysFetchUser']) {
break;
}
... so the 'break' isn't executed, the loop goes on and additional services are called.
I have the Extensions
- LDAP_* and
- danp_sv_cryptauth
installed.
The goal is to authentificate some users against a corporate ldap directory, the other users against the Typo3 inbuild (FE) user database. The passwords aren't stored in plain text but md5 hashed.
So first the service LDAP_AUTH called. If the LDAP Authentification fails, the service danp_sv_cryptauth tries to authentificate against the inbuild user database.
The bug discribed above stops the authentification after the ldap authentification fails.
(issue imported from #M2297)
Updated by Bernhard Kraft almost 19 years ago
I think it is correct how it currently is ..
alwaysFetchUser and fetchAllUsers are two different switches.
alwaysFetchUser results that a user is fetched on every page-load not only when special criterias (login form submitted) are met.
fetchAllUsers decides wheter more than one user get's fetched from the user-table. This enables the later password authentication to match agains any of the resulting users.
Could you describe your problem better: why don't you simply set fetchAllUsers so your extra users get fetched ?
And be carefull which value you return from the authentication service method ... only a specific range will allow more extensiosn to work together.
greets,
Bernhard
Updated by René Fritz almost 19 years ago
Bernhard Kraft is right!
It's not a bug it's a feature. If an extension don't use the options right it's a problem with the extension.
Updated by Sebastian Kurfuerst almost 19 years ago
Hi René,
so, can you close the bug when nothing needs to be done? (I am not doing it myself since you might wanted to assign it to you as some kind of reminder).
Greets, Sebastian
PS: I think it is really great you are so active lately!