1 / 16

Enhancing Authentication in Joomla! 1.5 by Jason Kendall

Explore the advancements in authentication for Joomla! 1.5 presented by Jason Kendall of the Joomla! Development Workgroup. This session covers significant changes from previous versions, including the introduction of a customizable plugin system, the handling of user authentication requests, and the integration of external login methods such as LDAP and GMail. Understand the inner workings of the codebase and how plugins communicate within Joomla! to facilitate secure authentication processes. Join us for a comprehensive overview and Q&A on Joomla! authentication enhancements.

lynton
Download Presentation

Enhancing Authentication in Joomla! 1.5 by Jason Kendall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication in Joomla! 1.5 Presented By: Jason Kendall Joomla! Development Workgroup

  2. About Me • Born in Feb 1979, started in the computing industry with Pong. • In the late ‘80s moved into the Commodore 64 where I developed utilities in Basic (Yes, before I was 10). • Moved into a Tandy PC shortly there after when even more Basic programming was completed including a full blown login system. • I ran a BBS (‘The BBS Enterprise’) for 4 years and became a regular poster on the Fido Network. • First introduction to the Internet was via my high school to the time where we accessed gopher and telnet via a shared modem line. • I started with Slackware Linux in the early ‘90s and ever since then I’ve been working with new technologies including VoIP, and IPv6. • Started PHP development in Feb 2000 with my own concept of what is now known as MVC, although you wouldn’t know it. • I’m currently working as an Information Security Analyst and hold a number of certifications on computer networking and technologies. DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  3. Overview • Changes from 1.x • Structure/How it works • Code base details • Hello World Example • GMail Example • OpenID & our pit falls • Other schemes to implement • Questions DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  4. What has changed since 1.x? • Added Plug-in system using JDispatch • Ability to completely customize the authentication system from end to end • Ability for end plug-ins to overwrite user details for user auto-creation. ie: One can login with LDAP email address, and rewrite the UserID to just the login • Enabled the creation of temp users from external plugins. DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  5. Structure • The Joomla! application sends the authentication request to all enabled plug-ins. • The order is based on the plug-in rank in the manager. • Each plug-in processes the request and sends back a status to the handler. • The handler checks for a success and passes it off to the application. • In the case of a failure, it logs the errors to JLog for analysis by the admin. DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  6. Code Base • function onAuthenticate( $username, $password ) • Process an Authentication request • Gets a username and password • Returns a JAuthenticateResponse object • status • JAUTHENTICATE_STATUS_SUCCESS • JAUTHENTICATE_STATUS_FAILURE • error_message • Can be any text • Text should identify the error that occurred • Gets sent to JLog system to be logged • On failure end user will only see invalid credentials response • Can also return: username, fullname, password etc. DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  7. Code Base cont. • function onAuthenticateFailure( $username, $password ) • Fires when only a failure is detected. • Can be used to clear details from J! or cookies on failure. DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  8. Code Base cont. • function onLoginUser( $response, $remember ) • Processed on a successful login by a plugin • $response is the JAuthenticateResponse from the accepted plugin • $remember is set when the user wants to be remembered DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  9. Code Base cont. • function onLogoutUser( $parameters ) • Processed on a logout request from user • $parameters is an array: • Username: The username being logged out • ID: The users ID DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  10. Code Base cont. • Extra events for syncing users include: • onBeforeStoreUser • onAfterStoreUser • onBeforeDeleteUser • onAfterDeleteUser DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  11. Hello World of Authentication function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('example'); if ($username == “Hello” && $password == “World”) $return->type = JAUTHENTICATE_STATUS_SUCCESS; else $return->type = JAUTHENTICATE_STATUS_FAILURE; return $return; } DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  12. function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('gmail'); $curl = curl_init("https://mail.google.com/gmail/feed/atom"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERPWD, "$username:$password"); $result = curl_exec($curl); $code = curl_getinfo ($curl, CURLINFO_HTTP_CODE); $message = ''; $success = 0; switch($code) { case 200: $message = 'Access Granted'; $success = 1; break; case 401: $message = 'Access Denied'; break; default: $message = 'Result unknown, access denied.'; break; } if ($success) { $return->status = JAUTHENTICATE_STATUS_SUCCESS; $return->email = $username; $return->fullname = $username; } else { $return->status = JAUTHENTICATE_STATUS_FAILURE; $return->error_message= 'Failed to authenticate: ' . $message; } return $return; } GMail Example DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  13. OpenID & Our Pit Falls • Issues • Cookie data needs to be sent to client • It must redirect to external site • It should return to the authentication plug-in • Limited Support in PHP4 DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  14. OpenID & Our Pit Falls cont. • Used JSession to store cookies • Built URIs with JURI and redirected via $mainframe • Returned mimicking a login form response • Checked for cookie/session state to complete the request • Used SimpleXML to mimic OpenID requests DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  15. Other schemes • Radius • RSA SecurID • WiKID • Extendable External Databases (EED) • Google Account Authentication • Kerberos • IMap/POP3 DRAFT Presented By Jason Kendall Joomla! Development Workgroup

  16. Questions?

More Related