View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0018027||phplist application||Authentication System||public||20-02-16 19:43||17-04-16 12:45|
|Target Version||next minor||Fixed in Version||3.2.5|
|Summary||0018027: add plugin hook before login page for SSO|
As outlined here, https://github.com/phpList/phplist3/pull/25
it would be good to add another hook for plugins to capture the login process.
|Tags||No tags attached.|
Hum, after a tour about validateAccount method, I think it's could not be a solution for my use case without some modifications on core because, this method is only call when login and password is pass by REQUEST or if a session is already initialized. Futhermore, the usage of this method to handle my use case seem to me a little bit twisted. However, I keep this method in mind, because I mean I have to implement it to secure existing user session.
Finally, I always twink the good way to handle my use case ("capture the login form") is to add an hook during login process. What do you think if we add a case in the "if" block in index.php file witch check the $_SESSION['adminloggedin'] state (beginning at line 253) ? We could call here an auth plugin method to offer it the possibility to capture the login form before display. This method could return a boolean or eventually the futur content of $_SESSION['adminloggedin'] variable.