[FLOW3-general] Authentication Difficulties

Fabian Guth Fabian.Guth at web.de
Thu Jan 28 17:52:34 CET 2010 

Hi,

I tried to implement simple authentication. 
As a beginner i used the Manual and encountered several problems.

1. No UsernamePasswordCR:
The mentioned UsernamePasswordCR is missing in the current flow3 version.
I replaced it with the PersistedUsernamePasswordProvider in the settings.
The manual should be updated. (10 times in Chapter 13)


2. Input fields with a name attribute with more than 64 characters are 
ignored.

After hours of digging into the Flow3-Code i realized that its possibly a 
wrong PHP setting. Following test case shows, that input fields with long 
(more than 64 characters) name attributes are ignored.

I would really appreciate any hints on the bad setting variable!
I searched php.ini and http.conf without success.

Test Case:

<pre>
  <?php echo print_r($_POST); ?>
</pre>

<form action= "" method="post">  
  <input type="text"  
name="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"/>
  <input type="text"  
name="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"/>
  <input type="submit" value="Submit"/>
</form>
  
Renders following after submit (both fields are filled):

Array
(
    [bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb] => b
)

As a workaround i edited the Token 
(F3\FLOW3\Security\Authentication\Token\UsernamePassword) to check for a 
short array key. I hope there aren't any side effects. 
I know that it's better to subclass it with a changed "updateCredentials" 
method to preserve the patch at the next release.

As i use the default Linux PHP Package, i am afraid its a very common 
setting.


3. Searching for wrong Provider

In the manual (Example 13.4):
$account->setAuthenticationProviderName('TYPO3BEProvider');

Should be:
$account->setAuthenticationProviderName('DefaultProvider');
The AccountRepository wont find the Account if its not the same 
AuthenticationProviderName as in the provided Settings (Example 13.2).



I hope i save some other beginner some time by sharing my feedback :-)

Fabian

More information about the FLOW3-general mailing list