[TYPO3-dev] Frontend user login with eID and 4.7 rsaauth

[Martin Kokes]

Hi,

thank you for explaining all the functionality of 
tslib_eidtools::initFeUser() function that I didn't know. If I had known I'd 
not do other funny stuff with $feUserObject of course and I really wonder it 
was working before.
I'll rewrite it, add comments and put it on the public pastebin as an 
example to let others know.

MK

"Helmut Hummel"  wrote in message 
news:mailman.1.1339110948.9323.typo3-dev at lists.typo3.org...

Hi,

On 05.06.12 21:47, Martin Kokes wrote:

> I have an GIS Ext JS application with T3 backend and own Extbase-based
> model. For frontenduser authentification I wrote eID script combined from
> some snippets&  hooks. In principle, it is a JSON output for emulating
> felogin form, with no great extensive handling. It just needs rsaauth
> active. See http://pastebin.com/LSvu7N0h

I'm wondering what you want to achieve in the first place.
All the stuff you are doing with the feuser object shoud not be
neccessary at all, because it's already done with
tslib_eidtools::initFeUser()

With that call, the feuser is logged in or something is wrong.

In fact, your call to $feUserObject->start() will destroy the user
session again because rsaauth tries again to decrypt the password, but
fails because after the first decryption the key has been deleted.

Just comment out that code and if you want to skip the pid-check use the
proper configuration

$TYPO3_CONF_VARS['FE']['checkFeUserPid'] = 0;

instead.

> I'm not sure whether my eID login method doesn't need to be polished to 
> meet
> new 4.7 code. I'll be grateful for any advice.

Might be that your code worked with previous versions, but it is still
use of somehow private API or at least wrong usage of the API. Such
things might break on upgrades.

Kind regards,
Helmut

-- 
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Leader

TYPO3 .... inspiring people to share!
Get involved: typo3.org