View Issue Details

IDProjectCategoryView StatusLast Update
0018027phplist applicationAuthentication Systempublic17-04-16 12:45
Reportermichiel 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target Versionnext minorFixed in Version3.2.5 
Summary0018027: add plugin hook before login page for SSO
Description
As outlined here, https://github.com/phpList/phplist3/pull/25

it would be good to add another hook for plugins to capture the login process.

TagsNo tags attached.

Activities

michiel

20-02-16 19:43

manager   ~0057529

Hum, after a tour about validateAccount method, I think it's could not be a solution for my use case without some modifications on core because, this method is only call when login and password is pass by REQUEST or if a session is already initialized. Futhermore, the usage of this method to handle my use case seem to me a little bit twisted. However, I keep this method in mind, because I mean I have to implement it to secure existing user session.

Finally, I always twink the good way to handle my use case ("capture the login form") is to add an hook during login process. What do you think if we add a case in the "if" block in index.php file witch check the $_SESSION['adminloggedin'] state (beginning at line 253) ? We could call here an auth plugin method to offer it the possibility to capture the login form before display. This method could return a boolean or eventually the futur content of $_SESSION['adminloggedin'] variable.

michiel

17-04-16 12:45

manager   ~0057608

implemented with

https://github.com/phpList/phplist3/pull/49