Upload
jude-haisley
View
214
Download
0
Embed Size (px)
Citation preview
Authentication in Authentication in JoJoomomlala!! 1.51.5
Presented By: Jason KendallPresented By: Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
22
About MeAbout Me Born in Feb 1979, started in the computing industry with Pong.Born in Feb 1979, started in the computing industry with Pong. In the late ‘80s moved into the Commodore 64 where I developed In the late ‘80s moved into the Commodore 64 where I developed
utilities in Basic (Yes, before I was 10). utilities in Basic (Yes, before I was 10). Moved into a Tandy PC shortly there after when even more Basic Moved into a Tandy PC shortly there after when even more Basic
programming was completed including a full blown login system. programming was completed including a full blown login system. I ran a BBS (‘The BBS Enterprise’) for 4 years and became a I ran a BBS (‘The BBS Enterprise’) for 4 years and became a
regular poster on the Fido Network. regular poster on the Fido Network. First introduction to the Internet was via my high school to the time First introduction to the Internet was via my high school to the time
where we accessed gopher and telnet via a shared modem line. where we accessed gopher and telnet via a shared modem line. I started with Slackware Linux in the early ‘90s and ever since then I started with Slackware Linux in the early ‘90s and ever since then
I’ve been working with new technologies including VoIP, and IPv6.I’ve been working with new technologies including VoIP, and IPv6. Started PHP development in Feb 2000 with my own concept of what Started PHP development in Feb 2000 with my own concept of what
is now known as MVC, although you wouldn’t know it. is now known as MVC, although you wouldn’t know it. I’m currently working as an Information Security Analyst and hold a I’m currently working as an Information Security Analyst and hold a
number of certifications on computer networking and technologies. number of certifications on computer networking and technologies.
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
33
OverviewOverview
Changes from 1.xChanges from 1.x Structure/How it worksStructure/How it works Code base detailsCode base details Hello World ExampleHello World Example GMail ExampleGMail Example OpenID & our pit fallsOpenID & our pit falls Other schemes to implementOther schemes to implement QuestionsQuestions
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
44
What has changed since 1.x?What has changed since 1.x?
Added Plug-in system using JDispatchAdded Plug-in system using JDispatch Ability to completely customize the Ability to completely customize the
authentication system from end to endauthentication system from end to end Ability for end plug-ins to overwrite user Ability for end plug-ins to overwrite user
details for user auto-creation. ie: One can details for user auto-creation. ie: One can login with LDAP email address, and login with LDAP email address, and rewrite the UserID to just the loginrewrite the UserID to just the login
Enabled the creation of temp users from Enabled the creation of temp users from external plugins.external plugins.
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
55
StructureStructure
LDAPAuth
OtherAuth
Plugins
OpenIDAuth
JoomlaAuth
Joomla!Application
• The Joomla! application sends the authentication request to all enabled plug-ins.
• The order is based on the plug-in rank in the manager.
• Each plug-in processes the request and sends back a status to the handler.
• The handler checks for a success and passes it off to the application.
• In the case of a failure, it logs the errors to JLog for analysis by the admin.
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
66
Code BaseCode Base
function onAuthenticate( $username, $password )function onAuthenticate( $username, $password ) Process an Authentication requestProcess an Authentication request Gets a username and passwordGets a username and password Returns a JAuthenticateResponse objectReturns a JAuthenticateResponse object
statusstatus JAUTHENTICATE_STATUS_SUCCESSJAUTHENTICATE_STATUS_SUCCESS JAUTHENTICATE_STATUS_FAILUREJAUTHENTICATE_STATUS_FAILURE
error_messageerror_message Can be any text Can be any text
Text should identify the error that occurredText should identify the error that occurred Gets sent to JLog system to be loggedGets sent to JLog system to be logged
On failure end user will only see invalid credentials responseOn failure end user will only see invalid credentials response Can also return: username, fullname, password etc.Can also return: username, fullname, password etc.
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
77
Code Base cont.Code Base cont.
function onAuthenticateFailure( $username, $password )function onAuthenticateFailure( $username, $password )
Fires when only a failure is detected. Fires when only a failure is detected. Can be used to clear details from J! or Can be used to clear details from J! or
cookies on failure.cookies on failure.
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
88
Code Base cont.Code Base cont.
function onLoginUser( $response, $remember )function onLoginUser( $response, $remember ) Processed on a successful login by a pluginProcessed on a successful login by a plugin $response is the JAuthenticateResponse from the $response is the JAuthenticateResponse from the
accepted pluginaccepted plugin $remember is set when the user wants to be $remember is set when the user wants to be
rememberedremembered
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
99
Code Base cont.Code Base cont.
function onLogoutUser( $parameters )function onLogoutUser( $parameters ) Processed on a logout request from userProcessed on a logout request from user $parameters is an array:$parameters is an array:
Username: The username being logged outUsername: The username being logged out ID: The users IDID: The users ID
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1010
Code Base cont.Code Base cont.
Extra events for syncing users include:Extra events for syncing users include: onBeforeStoreUseronBeforeStoreUser onAfterStoreUseronAfterStoreUser onBeforeDeleteUseronBeforeDeleteUser onAfterDeleteUseronAfterDeleteUser
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1111
Hello World of AuthenticationHello World of Authentication
function onAuthenticate( $username, $password )function onAuthenticate( $username, $password ){{
$return = new JAuthenticateResponse('example');$return = new JAuthenticateResponse('example');if ($username == “Hello” && $password == “World”)if ($username == “Hello” && $password == “World”)
$return->type = $return->type = JAUTHENTICATE_STATUS_SUCCESSJAUTHENTICATE_STATUS_SUCCESS;;elseelse
$return->type = $return->type = JAUTHENTICATE_STATUS_FAILUREJAUTHENTICATE_STATUS_FAILURE;;return $return;return $return;
}}
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1212
GMail ExampleGMail Examplefunctionfunction onAuthenticate( $username, $password ) { onAuthenticate( $username, $password ) {
$return = $return = newnew JAuthenticateResponse( JAuthenticateResponse('gmail''gmail'););$curl = $curl = curl_init("https://mail.google.com/gmail/feed/atom");curl_init("https://mail.google.com/gmail/feed/atom");curl_setopt($curl, curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);CURLOPT_RETURNTRANSFER, 1);curl_setopt($curl, CURLOPT_FOLLOWLOCATION, curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);1);curl_setopt($curl, CURLOPT_USERPWD, curl_setopt($curl, CURLOPT_USERPWD, "$username:$password");"$username:$password");
$result = curl_exec($curl);$result = curl_exec($curl);$code = curl_getinfo ($curl, $code = curl_getinfo ($curl, CURLINFO_HTTP_CODE);CURLINFO_HTTP_CODE);$message = $message = '''';;$success = 0;$success = 0;
switchswitch($code) {($code) {casecase 200: 200:
$message = $message = 'Access Granted''Access Granted';;$success = 1;$success = 1;breakbreak;;
casecase 401: 401:$message = $message = 'Access Denied''Access Denied';;breakbreak;;
defaultdefault::$message = $message = 'Result unknown, 'Result unknown,
access denied.'access denied.';;breakbreak;;
}}
ifif ($success) { ($success) {$return->status = $return->status =
JAUTHENTICATE_STATUS_SUCCESS;JAUTHENTICATE_STATUS_SUCCESS;$return->email = $username;$return->email = $username;$return->fullname = $username;$return->fullname = $username;
} } else else {{$return->status = $return->status =
JAUTHENTICATE_STATUS_FAILURE;JAUTHENTICATE_STATUS_FAILURE;$return->error_message= $return->error_message= 'Failed to 'Failed to authenticate: 'authenticate: ' . $message; . $message;
}}returnreturn $return; $return;
}}
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1313
OpenID & Our Pit FallsOpenID & Our Pit Falls
IssuesIssues Cookie data needs to be sent to clientCookie data needs to be sent to client It must redirect to external siteIt must redirect to external site It should return to the authentication plug-inIt should return to the authentication plug-in Limited Support in PHP4Limited Support in PHP4
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1414
OpenID & Our Pit Falls OpenID & Our Pit Falls cont.cont.
Used JSession to store cookiesUsed JSession to store cookies Built URIs with JURI and redirected via Built URIs with JURI and redirected via
$mainframe$mainframe Returned mimicking a login form responseReturned mimicking a login form response Checked for cookie/session state to Checked for cookie/session state to
complete the requestcomplete the request Used SimpleXML to mimic OpenID Used SimpleXML to mimic OpenID
requestsrequests
March 23rd 10:15 AMMarch 23rd 10:15 AM DRAFTDRAFTPresented By Jason KendallPresented By Jason Kendall
Joomla! Development WorkgroupJoomla! Development Workgroup
1515
Other schemesOther schemes
RadiusRadius RSA SecurIDRSA SecurID WiKID WiKID Extendable External Databases (EED)Extendable External Databases (EED) Google Account AuthenticationGoogle Account Authentication KerberosKerberos IMap/POP3IMap/POP3
Questions?Questions?