[TYPO3-english] auth service that does not store user in fe_users?

Thu Feb 27 14:49:30 CET 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey there.

I guess what you're trying to do needs to bind to the core pretty deeply, so everything you do gets hacky.

Think about further clicks that aren't the initial login request.
There is a session row somewhere that points to the fe_user (table "fe_sessions", column "ses_userid").
This particular row gets loaded whenever your visitor interacts with the frontend, and this is what makes TYPO3 load the correct fe_user payload data.
There are, for example, privileges based on fe_groups. Or there are typoscript conditions based on "TSFE|fe_user:*" attributes, or whatever.

The authentication service usually is a one-time-shot per session: It only makes sure to have the fe_user in place (read: "in the database"), compare credentials (not necessarily with the database, that's what you're doing currently) and returns the fe_user (uid, basically).
Every further request doesn't trigger the authentication service.

You're more thinking about a "UserProvider" -- which doesn't exist, imho. And adding such a thing might cause a lot of trouble, because you constantly do that without TypoScript, without a proper page id.

Your best bet would be to synchronize the user data into TYPO3 and create a cleanup task that deletes every fe_user that hasn't logged in for some days.

Have a look at the AbstractUserAuthentication class which extends to both, the FrontendUserAuthentication and the BackendUserAuthentication. The requirement to fetch fe_user data from a local database table comes from the abstract class, not from the frontend specific class. This indicates that working around that might be a really ugly job.

You *could* try to create one real fe_user database record per remote group (so at least one fe_user if you have no distinct groups) and make your AuthenticationService return this particular fe_user uid all the time.
Then just extend the FrontendUserAuthentication thingy and make sure to re-request fe_user payload from the remote server (username, given name, email, etc) on every click.

That's not completely without having an actual fe_user, but that's as close to that as I can imagine without hacking too much.

Regards,

Stephan Schuler
Web-Entwickler

Telefon: +49 (911) 539909 - 0
E-Mail: Stephan.Schuler at netlogix.de
Website: media.netlogix.de

- --------------------

- --
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Neuwieder Straße 10 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Internet: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt

- -----Ursprüngliche Nachricht-----
Von: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-bounces at lists.typo3.org] Im Auftrag von Christian Weiske
Gesendet: Donnerstag, 27. Februar 2014 14:11
An: typo3-english at lists.typo3.org
Betreff: [TYPO3-english] auth service that does not store user in fe_users?

Hi,

I'm writing an frontend user authentication service that checks the users against a remote service.

When returning user data in getUser(), it seems that I have to return a "uid" field, because otherwise the session cannot be saved:
> Session data could not be written to DB. Error: Column 'ses_userid'
> cannot be null

I could now hard-code an uid that is returned for all users, but don't know if that's safe.
When I do it, the user session cannot be loaded because
fetchUserSessionFromDB() actually joins on the fe_users table.

So here are my question:
Is it possible to have an authentication services that does not store user records in the database, without relying on hacks?

The reason I don't want to create fe_users is that I don't want the user table to fill up with stale records of users that have long been deleted in the remote user database.

- --
Regards/Mit freundlichen Grüßen
Christian Weiske

- -= Geeking around in the name of science since 1982 =-

_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.2 (Build 15238)
Charset: utf-8

wpUDBQFTD0Jrpp0IwsibV8MBCDIZBACWev5TWDnuhDs4pOlDLzsbf3sOKPtTcOpy
e+gTnEw3WVhqr8JOHdA5wvtrNdFf7/epP5XJnANd/Bl0pwQyIwtKw1syWzPZ4YEy
q2Wfcw0yfL7GVi8pEUCnqvZAQhRJbqCcEtBRDBn7TPgaXATvE0wy8rmKTUMvE/Sz
/tMC1T+NvQ==
=YsqI
-----END PGP SIGNATURE-----