- Mon Nov 27, 2017 5:44 am
#798865
Can I add a custom authentication source(s) via a plugin?
I just checked out PM login procedure. As far as I understand:
1- VerifyWithOtherAuthenticationSource method within class.rbac.php has the responsible for authenticating with external source(s).
2- initRBAC method within class.rbac.php is the provider of available authentication source(s) to the above-mentioned method.
I'm not sure, but I think adding new class file inside the folder (/processmaker/rbac/engine/classes/plugins) could be a solution. However, it's, surely, not a clean one.
I need a brief instruction(s) about developing a plugin as an external authentication source, if it's even possible. amosbatto, I need your help
/processmaker/gulliver/system/class.rbac.php
I just checked out PM login procedure. As far as I understand:
1- VerifyWithOtherAuthenticationSource method within class.rbac.php has the responsible for authenticating with external source(s).
2- initRBAC method within class.rbac.php is the provider of available authentication source(s) to the above-mentioned method.
I'm not sure, but I think adding new class file inside the folder (/processmaker/rbac/engine/classes/plugins) could be a solution. However, it's, surely, not a clean one.
I need a brief instruction(s) about developing a plugin as an external authentication source, if it's even possible. amosbatto, I need your help
/processmaker/gulliver/system/class.rbac.php
Code: Select all
/processmaker/gulliver/system/class.rbac.php
public function VerifyWithOtherAuthenticationSource ($sAuthType, $aUserFields, $strPass)
{
if ($sAuthType == '' || $sAuthType == 'MYSQL') {
//check if the user is active
if ($aUserFields['USR_STATUS'] != 1) {
return - 3; //inactive user
}
//check if the user's due date is valid
if ($aUserFields['USR_DUE_DATE'] < date( 'Y-m-d' )) {
return - 4; //due date
}
}
foreach ($this->aRbacPlugins as $sClassName) {
if (strtolower( $sClassName ) == strtolower( $sAuthType )) {
$plugin = new $sClassName();
$plugin->sAuthSource = $aUserFields["UID_AUTH_SOURCE"];
$plugin->sSystem = $this->sSystem;
$bValidUser = false;
$bValidUser = $plugin->VerifyLogin( $aUserFields["USR_AUTH_USER_DN"], $strPass );
if ($bValidUser === true) {
return ($aUserFields['USR_UID']);
} else {
return - 2; //wrong password
}
}
}
return - 5; //invalid authentication source
}
Code: Select all
public function initRBAC ()
{
...
//hook for RBAC plugins
$pathPlugins = PATH_RBAC . 'plugins';
if (is_dir( $pathPlugins )) {
if ($handle = opendir( $pathPlugins )) {
while (false !== ($file = readdir( $handle ))) {
if (strpos( $file, '.php', 1 ) && is_file( $pathPlugins . PATH_SEP . $file ) && substr( $file, 0, 6 ) == 'class.' && substr( $file, - 4 ) == '.php') {
$sClassName = substr( $file, 6, strlen( $file ) - 10 );
require_once ($pathPlugins . PATH_SEP . $file);
$this->aRbacPlugins[] = $sClassName;
}
}
}
}
if (!in_array('ldapAdvanced', $this->aRbacPlugins)) {
G::LoadClass('ldapAdvanced');
if (class_exists('ldapAdvanced')) {
$this->aRbacPlugins[] = 'ldapAdvanced';
}
}
}