Project:Webserver authentication
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:needs review

Issue Summary

I've noticed that there's never any "login" event marked in the log when using webserver_auth, only logout in case the user pushed that link. This also means trouble if you're using a module utilising hook_user('login'), since the 'login' event never occurs.

(I'm using a patched version for Drupal 5: http://drupal.org/node/109576 )

Comments

#1

Version:master» 5.x-0.0

still doesn't work.
is there a reason for that?
i'd need to use that. would you accept a patch?

#2

ok. probably we dont want to do this because it would run on every users click, right.

#3

@xamanu: I'm not sure. The 6.x version checks if the user has an ongoing session; if so they are not logged in again. Thus a first page load could be a "login" event; and the remainder would NOT. Also, the fact that webserver_auth 5.x doesn't log the event doesn't mean that the hook isn't fired. An easy way to check this would be to write your own very basic module with an implementation of hook_user('login') that prints some junk via drupal_set_message().

Some background: I wrote the 6.x-1.x branch, which is a substantial rewrite of the module, so I'm not too familiar with the 5.x code.

So, some questions:

  • Can you upgrade to 6.x? If you're lazy, little sympathy. If you're waiting for a port of a crucial module, lots of sympathy.
  • Is this actually against 5.x-0.0? Have you tested with 5.x-1.x-dev?
  • What are you trying to do via hook_user('login')?

#4

Status:active» closed (fixed)

thanks for your help. this was solved a long time ago. sorry for not closing this. doing it now.

#5

Version:5.x-0.0» 6.x-1.x-dev
Status:closed (fixed)» active

I am reopening this issue because I can confirm that the login operation never occurs in the current 6.x stable version of the module. See the attached screenshots where I dsm()'ed the $op variable in a hook_user implementation when logging in via HTTP authentication. Looking through webserver_auth_init(), the two functions that are used in authentication, user_external_load() and user_external_login_register(), never invoke the login operation for hook_user().

Thanks,
Chris

AttachmentSize
webserver-auth-login-1.png 99.81 KB
webserver-auth-login-2.png 30.94 KB

#6

Status:active» needs review

The attached patch attempts the solve the issue, and the login operation is invoked correctly in most cases. The theory of the patch is that if a user is logging in, they won't have a valid session stored in the sessions table. The edge case is if the user logs out via whatever SSO system is being used then logs in again shortly thereafter before the Drupal session expires, the hook won't be invoked when the user revisits the Drupal site. Since it is likely that the user will log out without Drupal knowing it, this is a definitely possibility and probably unavoidable.

Thanks,
Chris

AttachmentSize
webserver_auth-137919-6.patch 1.5 KB

#7

Same patch, but fixed a typo in a comment.

AttachmentSize
webserver_auth-137919-7.patch 1.5 KB
nobody click here