[TYPO3-dev] Frontend user login with eID and 4.7 rsaauth
Martin Kokes
shr3k at typo3-hosting.com
Mon Jun 11 10:11:09 CEST 2012
Hi,
thank you for explaining all the functionality of
tslib_eidtools::initFeUser() function that I didn't know. If I had known I'd
not do other funny stuff with $feUserObject of course and I really wonder it
was working before.
I'll rewrite it, add comments and put it on the public pastebin as an
example to let others know.
MK
"Helmut Hummel" wrote in message
news:mailman.1.1339110948.9323.typo3-dev at lists.typo3.org...
Hi,
On 05.06.12 21:47, Martin Kokes wrote:
> I have an GIS Ext JS application with T3 backend and own Extbase-based
> model. For frontenduser authentification I wrote eID script combined from
> some snippets& hooks. In principle, it is a JSON output for emulating
> felogin form, with no great extensive handling. It just needs rsaauth
> active. See http://pastebin.com/LSvu7N0h
I'm wondering what you want to achieve in the first place.
All the stuff you are doing with the feuser object shoud not be
neccessary at all, because it's already done with
tslib_eidtools::initFeUser()
With that call, the feuser is logged in or something is wrong.
In fact, your call to $feUserObject->start() will destroy the user
session again because rsaauth tries again to decrypt the password, but
fails because after the first decryption the key has been deleted.
Just comment out that code and if you want to skip the pid-check use the
proper configuration
$TYPO3_CONF_VARS['FE']['checkFeUserPid'] = 0;
instead.
> I'm not sure whether my eID login method doesn't need to be polished to
> meet
> new 4.7 code. I'll be grateful for any advice.
Might be that your code worked with previous versions, but it is still
use of somehow private API or at least wrong usage of the API. Such
things might break on upgrades.
Kind regards,
Helmut
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list