eZ Community » Forums » eZ Publish 5 Platform » eZPublish 5 - Custom user...
expandshrink

eZPublish 5 - Custom user authentication (multifactor)

eZPublish 5 - Custom user authentication (multifactor)

Sunday 12 March 2017 8:29:07 pm - 9 replies

We have eZPublish 5. The authentication is handled by User kernel module kernel/user/login.php. This PHP script is called when trying to access a siteaccess which requires authentication.

Example scenario:

When trying to access http://example.com/marketing

it redirects me (when not logged in) to http://example.com/marketing/user/login

Which is expected behaviour.

What I would like to achieve is to rewrite the kernel/user/login.php file and preferably keep the url the same (this is not mandatory).

I need to do this because I need to integrate Duo Security Multifactor Authentication, so I need to handle the logging in in a custom way.

So on the first page I need to display the login form, then when it is submitted I need to verify if credentials are correct (but not log in the user at this phase) then I need to return another view where an iframe is present for the second authentication, and when the second authentication is successful only after that I can login the user and redirect him/her to the desired page.

Is there any way how to do this? I tried to create an extension with a module user and view login.php but it doesn't worked - the User kernel login.php is executed always when http://example.com/marketing/user/login is hit.

I am trying to do this for several days now but no luck and I'm out of ideas.

Thanks in advance for any help.

Sunday 12 March 2017 11:36:04 pm

Hello Attila,

Welcome to the eZ Community!

What you want / need is both possible and quite simple to implement happy.gif Emoticon

First based on your description I recommend the following:

https://github.com/brookinsconsulting/bckernelmoduleoverride

* Note: We forgot to package and release this extension some time ago but have been using it as part of our open source ezpedia.org code base. We thank you for reminding us and prompting us to package the code for individual usage.

Concerning double authentication we did something similar but actually quite different with this solution:

https://github.com/brookinsconsulting/bcconfirmpassword

Now code sharing asside. You may want to first study the login handler system which provides for many forms of custom user authentication system. https://en.ezpedia.org/en/ez/login_handler

Yet from your description and some intuition on our part it truely sounds like without more information that you very well do need to both override the default user/login module view (what we call a kernel module view copy override; copy the default module and customize the code within an extension module). We have done this -a lot- for special customer use cases and it's not very hard.

Most of the time the hard part is getting all the module and module view identifiers to not conflict once within an module extension and we think that will be less of a problem for you if you simply use / leverage the bckernelmoduleoverride extension which provides for using default kernel modules and module views customized within a module view extension.

Please feel free to ask further questions or share more information about your custom authentication system your trying to integrate. Frames in this day and age sounds like a painful system to be required to implement for a secondary authentication system.

We hope this helps!

Cheers,
Heath

Modified on Sunday 12 March 2017 11:37:23 pm by // Heath

Sunday 12 March 2017 11:36:59 pm

This thread is also cross posted on stackoverflow.com:

http://stackoverflow.com/questions/42751959/ezpublish-5-custom-user-authentication-multifactor

Cheers,
Heath

Sunday 12 March 2017 11:48:31 pm

For further examples of how to create a module view (or a copy of a default module view) research the following extensions which provide module views (non-copies):

https://github.com/brookinsconsulting/bcposttoview

https://github.com/brookinsconsulting/bccie

From: https://github.com/brookinsconsulting?utf8=%E2%9C%93&tab=repositories&q=module&type=&language=

Also ezpedia.org overrides the default rss module view (in a less than perfect / clean way) which you can learn from the code:

https://github.com/brookinsconsulting/ezpedia/tree/master/ezpublish_legacy/extension/ezpedia/modules/rss

Again we hope this helps!

Cheers,
Heath

Monday 13 March 2017 6:58:09 pm

Hi,

thank you, your answers helped. Specifically the https://github.com/brookinsconsulting/bckernelmoduleoverride which helps to override other kernel modules.

 

Regards,

 

Attila.

Monday 13 March 2017 7:55:13 pm

Hello Attila,

Congratulations! Your very welcome.

Happy to help.

Would you take a minute and mark this thread as solved?

If you have already solved your problem please remember to mark your original post as solved by clicking the checkbox image at the top of the title of this thread and it will turn green indicating solved status. Thank you.

Cheers,
Heath

Tuesday 14 March 2017 8:14:20 pm

Hello Attila,

I was wondering if you would be willing to help contribute to a shared open source solution to the "Duo Multifactor Authentication" user/login need?

I would love to speak with you over email about being able to abstract your work into a clean publicly available example solution which might help others in the future.

What do you think? Would you be willing to contribute?

Cheers,
Heath

Wednesday 15 March 2017 8:01:23 am

Hi Heat,

sounds good! I'll be happy to contribute. Please contact me via email.

Can you please navigate me where can I mark the question as "answered"?

 

Regards,

 

Attila.

Wednesday 15 March 2017 3:59:35 pm

Hello Attila,

Thank you for your willingness to collaborate and contribute!

I have sent you a message via the share.ez.no user contact system.

Please check your email and reply back to me happy.gif Emoticon

As to the question 'how to mark thread as answered' you must login to share.ez.no, navigate to the original forum thread and at the top of the thread display near the start of the thread title you will find a image greyed out that looks like a checkbox, when you click it it might take a second but it will turn green which means the thread has been correctly marked as answered.

Look forward to speaking with you soon.

Cheers,
Heath

Wednesday 15 March 2017 8:26:31 pm

Hello Attila,

Thank you for marking this thread as solved.

Could you email us at info@brookinsconsulting.com

For some reason you seem to not be getting our share.ez.no contact system emails.

Respectfully,
Heath

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from