Feature #56724

Get the roles after the authentication

Added by Frederik Vosberg over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2014-03-10
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

I cant believe that this is a bug, but I don't understand what I am doing wrong.

I am doing some database manipulation in my authentication provider. This invokes the security context to get the roles of the user, due to ACLs. But the roles dont get loaded again and are set to 'Everybody' and 'anonymous' for the whole request.

So there is no possibility to query against the database in the provider. (I have to import some data and have to ensure, that there are accounts for my single sign on, where should I do it?)

Is it possible to 'null' the roles in the security context after authentication?

       /**
     * Invokes the security interception
     *
     * @return boolean TRUE if the security checks was passed
     * @throws \TYPO3\Flow\Security\Exception\AccessDeniedException
     * @throws \TYPO3\Flow\Security\Exception\AuthenticationRequiredException if an entity could not be found (assuming it is bound to the current session), causing a redirect to the authentication entrypoint
     * @throws \TYPO3\Flow\Security\Exception\NoTokensAuthenticatedException if no tokens could be found and the accessDecisionManager denied access to the resource, causing a redirect to the authentication entrypoint
     */
    public function invoke() {
        try {
            $this->authenticationManager->authenticate();
                        // NULL IT
                        $this->authenticationManager->getSecurityContext()->setRoles(NULL);
                        // OR EXTRACT THE INITIALIZATION OF THE ROLES
                        $this->authenticationManager->getSecurityContext()->initRoles();

        } catch (\Doctrine\ORM\EntityNotFoundException $exception) {
            throw new \TYPO3\Flow\Security\Exception\AuthenticationRequiredException('Could not authenticate. Looks like a broken session.', 1358971444, $exception);
        } catch (\TYPO3\Flow\Security\Exception\NoTokensAuthenticatedException $noTokensAuthenticatedException) {
            // We still need to check if the resource is available to "Everybody".
            try {
                $this->accessDecisionManager->decideOnJoinPoint($this->joinPoint);
                return;
            } catch (\TYPO3\Flow\Security\Exception\AccessDeniedException $accessDeniedException) {
                throw $noTokensAuthenticatedException;
            }
        }
        $this->accessDecisionManager->decideOnJoinPoint($this->joinPoint);
    }

Thanks

#1

Updated by Bastian Waidelich over 7 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Bastian Waidelich

Hi Frederik,

The code example is not from an authentication provider, is it? Why do you use AOP? What do you want to achieve?
Please take a look at the existing authentication providers (e.g. PersistedUsernamePasswordProvider). And please use the mailing lists (or forum.typo3.org) for questions.

Is it OK for you if I close the issue and we move the conversation over to the official channels. We're already swamped by issues

#2

Updated by Frederik Vosberg over 7 years ago

Hi Bastian,

this snippet is from the \TYPO3\Flow\Security\Authorization\Interceptor\PolicyEnforcement::invoke(). Yes, I will post it at the mailing list tomorrow, but I think it is an issue. The PersistedUsernamePasswordProvider doesn't need database manipulation. My provider needs it and it seems right to me, to reset the roles after authentication, to retrieve the right roles, in the case of the roles where initialized before the authentication was processed.

When you don't think so, close it :)

Thanks

#3

Updated by Bastian Waidelich over 7 years ago

Frederik Vosberg wrote:

Hi Frederik,

Yes, I will post it at the mailing list tomorrow, but I think it is an issue.

Great, thx. You probably want to post it to TYPO3.Flow:General (http://forum.typo3.org/index.php/f/22/). Alternatively you could use the IRC channel #typo3-flow to pose your question.

When you don't think so, close it :)

If roles aren't initialized correctly, this is certainly a bug, but to find out we need to understand what you're trying to achieve and what you tried. So it would be very helpful if you could share some of your code.
I'll leave the issue on feedback for now, let's see what the discussion brings up

#4

Updated by Bastian Waidelich over 7 years ago

  • Project changed from TYPO3 Flow Base Distribution to TYPO3.Flow
#5

Updated by Bastian Waidelich over 7 years ago

  • Status changed from Needs Feedback to Closed
  • Has patch set to No

Closing due to missing feedback. Feel free to re-open or comment if this issue still occurs

Also available in: Atom PDF