User Authorization through HTTPS

Jur_ · Post by **Jur_** » Wed Oct 22, 2014 9:52 am

Hello! I'm new to development in phpBB as we're about to start using a phpBB forum. In case I've missed any documentation or otherwise, please don't hesitate to tell me. (I've had some experience as a user though)

My purpose is to authorize users through an external website/userbase using HTTPS (SSL/TLS). We have a central webserver with CA certificates where the login credentials can be checked before the user logs in (or ideally is created automatically when he doesn't exist yet).

The feature highlights for 3.1 mentions OAuth and the alternative to create your own external checking mechanisms through extensions.
When looking for information I found the following (probably outdated?) description from phpBB itself: https://wiki.phpbb.com/Authentication_plugins

Some questions:
I was wondering if there is a similar explanation using the new extensions and the alternatives to the OAuth extension?
Do the same methods still apply as in the plugin description or in which way can I otherwise hook on to the login methods/replace the validation mechanism?

Thank you for your time

edit: for clarity: Authentication would be the first step for now, later possibly deriving special forum rights through authorization using a (our) REST service behind the HTTPS connection

Jur_ · Post by **Jur_** » Mon Oct 27, 2014 12:52 pm

a little bump and some more information: I've been able to authenticate from Mediawiki through this extension plugin. I had to adjust the code a little to get it to work, but it runs on both IIS and Apache servers.

I'm looking to do the same with our phpBB forum. Any idea where I can hook such an authentication method to the phpBB forum?

Khaos-Rage · Post by **Khaos-Rage** » Mon Oct 27, 2014 2:51 pm

Just some quick poking around the github repo and I think you would need to look here (auth directory) and here(auth.yml).

And then select the auth method used in the ACP under General -> Client Communications-> Authentication

I'm not sure if that is all that is needed but just a quick look.

Jur_ · Post by **Jur_** » Tue Oct 28, 2014 12:17 pm

Thanks for pointing in the right direction. I'll check it out straight away

Jur_ · Post by **Jur_** » Thu Oct 30, 2014 3:32 pm

Alright, I've found the files have tried adding my own plugin, but I'm not getting the changes in the YAML file (config/auth.yaml) to appear in the ACP (under Client Communications > Authentication)

I've also found an actual document on adding your own authentication providers:
https://wiki.phpbb.com/Authentication_providers

For simplicity I've tried to create a copy entry of the ldap option and simply rename it to see if I could get things to work (for the dependency injection):

Code: Select all

    [...]

    auth.provider.test:
        class: phpbb\auth\provider\test
        arguments:
            - @dbal.conn
            - @config
            - @passwords.manager
            - @user
        tags:
            - { name: auth.provider }

    auth.provider.ldap:
        class: phpbb\auth\provider\ldap
        arguments:
            - @dbal.conn
            - @config
            - @passwords.manager
            - @user
        tags:
            - { name: auth.provider }
            
        [...]

and simply copied and renamed the ldap.php to test.php and adjusted + simplified it. According to this article the yaml files are initialized lazy and read only when requested, which would make me expect to see them at least on a new login:
https://wiki.phpbb.com/Dependency_Injection_Container

Any ideas why I'm not seeing the option in the ACP menu?

imkingdavid · Post by **imkingdavid** » Sat Nov 01, 2014 1:39 am

Just a thought, make sure you've cleared the cache. I don't remember exactly how that dropdown is populated, but it might be pulling from the list of services, which gets cached.

Jur_ · Post by **Jur_** » Mon Nov 03, 2014 8:26 am

imkingdavid wrote:Just a thought, make sure you've cleared the cache. I don't remember exactly how that dropdown is populated, but it might be pulling from the list of services, which gets cached.

Awesome thanks, That did the trick!

I feel a bit silly for overlooking the option in the ACP, but at least I can continue with the auth plugin

imkingdavid · Post by **imkingdavid** » Tue Nov 04, 2014 6:26 pm

No problem, glad to help!

Jur_ · Post by **Jur_** » Tue Jan 13, 2015 11:03 am

I've extended the wiki with some of the things I've learned. Including purging the cache and adding forms for configuring the auth provider from the ACP:

https://wiki.phpbb.com/Authentication_providers

advertisements