Page 1 of 1

Example of custom authentication provider with SampleAuth

Posted: Apr 29, 2019 6:20 am
by tasso85
Hi everyone,

I wanted to ask if there is a "working example" of how to implement a custom authentication flow in mantis.

I have checked the SampleAuth plugin on github, but found it hasn't a complete example.

What I would like to implement in mantis is the following flow:
- check username against another database (that is, not mantis own database)
- if user exists, check password against that other database
- if check ok, and user not already in local mantis database, create it with no password and assign role derived from user role on other database
- finally, set the needed session values and let user proceed

Is there any example of a similar flow, or more generically of a custom one not involving LDAP or OpenID/OAuth, just a different (maybe remote) database?

Re: Example of custom authentication provider with SampleAuth

Posted: May 17, 2019 3:08 pm
by Starbuck
The approach I would take with this is to look into the Mantis code to see how it determines whether a user is logged in, and what it does when a user is not. Then: Is there a hook there for alternative behavior?
If so, look to see what a hooked event handler needs to accept and return.
If not, see what the hard-coded login routine does to return a value that then leads the user back to the original page. Look to see how to fire an event at that point. Insert an event handler that will avoid other default code when your code has provided all required data.
Submit your event hook as a Github PR for addition into the core.
Then when a future version of Mantis is published, it will automatically call your code to do exactly what you want.

Any help as a high-level guide?

Re: Example of custom authentication provider with SampleAuth

Posted: Jul 01, 2019 11:38 pm
by MrMaker
I had a go at making a custom authentication provider using Server provided auth (REMOTE_USER) - the concept is similar to what you are asking for from the mantis point of view, except I skip the login page (which you will not want to do), and check server environment variables instead of an external database (this bit is probably useful for you to study, as the mantis side of what I'm doing will be the same).

You can check it here: https://github.com/make-all/ServerAuth

It is forked from the SampleAuth app, so you should be able to check diffs for some idea of what might need changing for your case compared with the original SampleAuth code.

Re: Example of custom authentication provider with SampleAuth

Posted: Jul 02, 2019 12:02 am
by MrMaker
I think all the logic for your authentication needs to go into auth_user_flags() in SampleAuth.php.

You can take the user creation from my ServerAuth.php auto_login() function, but move it to where the TODO comment is in auth_user_flags():

Code: Select all

    	$t_user_id = empty($t_username) ? false : user_get_id_by_name( $t_username );
	if ( !$t_user_id ) {
		if (!empty(t_username) && plugin_config_get('autocreate_users')) {
			$t_email = /* READ YOUR EMAIL FROM THE DATABASE HERE, OR OTHERWISE GENERATE THE EMAILS FROM THE USERNAME IF THERE IS A STANDARD FORMAT WITHIN YOUR ORG */;
			$t_realname = /* READ YOUR REALNAME FROM YOUR DATABASE HERE, OR USE USERNAME IF YOU DON'T HAVE ONE */;
			user_create($t_username, auth_generate_random_password(), $t_email, auth_signup_access_level(), false, true, $t_realname);
		}
		return;
	}	

Re: Example of custom authentication provider with SampleAuth

Posted: Oct 13, 2019 7:31 am
by mylinuxguy
Has anyone ever figured out an answer to the original post:

What I would like to implement in mantis is the following flow:
- check username against another database (that is, not mantis own database)
- if user exists, check password against that other database
- if check ok, and user not already in local mantis database, create it with no password and assign role derived from user role on other database
- finally, set the needed session values and let user proceed


I need the exact things setup... I've looked at a few different SampleAuth packages but nothing fits the bill. I can get accounts to automatically be created with: user_create() but I can't get the auto-login stuff to work and I still end up using the password assigned when user_create() is called and not pull from an external db. Once the account is created... I just don't want to test against the password in the mantis db but a password in an external db.


- jack