Logging in via API by Snippet not working.

32 Posts

glcreations Reply #1, 11 years, 8 months ago

I have started working on a CAS SSO module for MODX, and I have run into a bit of a wierd problem.

I am making my own login snippet which runs through an if clause (are you logged into cas - yes then do x).

When we get into that if statement, I run the following code. (Please presume for the purposes of this question that the user and password supplied match a created user in the MODX users area)

    // Are we logged in?
    $userId = $modx->user->get('username');

    if ($userId == '(anonymous)') { // No we are not... So Login

        $response = $modx->runProcessor(array(
            'action' => 'login',
            'location' => 'security',
            'username' => $casAttributes['user_id'],
            'password' => $casAttributes['password'],  
            'login_context' => 'web'
        ));

    }
    else { // Yes we are!
        echo 'Logged in, user already was here, user ID is ' . $userId;
    }

I then do a quick check, and the username is still 'anonymous'.

If however, I run the same bit of code in another snippet on another resource, it logs in fine. Then, if I go back to that resource, (on another browser tab) the correct user name shows up fine.

Any help or suggestions greatly appreciated!

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]

70 Posts

jentree Reply #2, 11 years, 8 months ago

Not sure if this is much help, but I was using the Login snippet from a hybrid mobile app. Users were created & managed via MODx.

Before I could run any snippet calls (API) I had to set the following:

    require_once 'full-path-to-your/config.core.php';

    require_once MODX_CORE_PATH . 'model/modx/modx.class.php';

    $modx = new modX();
    $modx->initialize( 'web' );
    $modx->getService( 'error','error.modError' );

Then my actual php file that executes the login snippet:

    $output  = $modx->runSnippet('Login');
    $errors  = $modx->getPlaceholder('errors');
	
    if ( $errors )
    {
        echo $errors;
    }
    else
    {
        echo 'success';
    }

Hope this helps!

32 Posts

glcreations Reply #3, 11 years, 8 months ago

Thanks for the post jentree. It did however not work.

I am pretty sure that all of this is already loaded prior to me going off..

The flow is as follows.

User visits MODX resource that has the snippet to login to CAS on it.
User is re-directed off to CAS Server to become authenticated.
On succesful authentication, the user comes back to the same MODX resource they left from, then rendering the page.

What I need is for when they come back to this page, to be authenticated into MODX, so i can then use MODx's ACL, user groups e.t.c.

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]

70 Posts

jentree Reply #4, 11 years, 8 months ago

I apologize, I don't know what CAS is.

But...
What is CAS returning? Anything?
If you can have some sort of middle-man file in there that listens for the response from CAS, then turns around and authenticates the Login snippet from modx...

THEN, based on that result - display/redirect whatever you need to do - because at that point, you should have access to the user groups and other info for any given user.

Unfortunately for me, I did have to directly modify the Login logic. This severely hinders my ability to make easy updates if there is an update to the Login extra.

I only needed Login extra to return a true/false right after the actual user query was executed.
I attached it so you can see what I did...

This file goes in: (rename to .php)
/core/components/login/controllers/web/

Again, not the most ideal situation, but it's what I needed.

32 Posts

glcreations Reply #5, 11 years, 8 months ago

I cannot do it that way, as the page that includes the CAS module, also deals with the redirection to the CAS Server...

CAS is a single sign on module.

It is returning correctly, and the variables are being populated into the login code above correctly, its just, not, logging in :S

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]

☆ A M B ☆
3,112 Posts

goldsky Reply #6, 11 years, 8 months ago

I wrote something about this a while ago: http://virtudraft.com/blog/redirect-specified-usergroups-after-logged-in.html

perhaps that helps.

Rico
Genius is one percent inspiration and ninety-nine percent perspiration. Thomas A. Edison
MODx is great, but knowing how to use it well makes it perfect!

www.virtudraft.com

Security, security, security! | Indonesian MODx Forum | MODx Revo's cheatsheets | MODx Evo's cheatsheets

Author of Easy 2 Gallery 1.4.x, PHPTidy, spieFeed, FileDownload R, Upload To Users CMP, Inherit Template TV, LexRating, ExerPlan, Lingua, virtuNewsletter, Grid Class Key, SmartTag, prevNext

Maintainter/contributor of Babel

Because it's hard to follow all topics on the forum, PING ME ON TWITTER @_goldsky if you need my help.

32 Posts

glcreations Reply #7, 11 years, 8 months ago

Thanks for the reply goldSky, however this is not even getting up to that point. The user is not authenticating at all, hence the reply of 'anonymous'

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]

32 Posts

glcreations Reply #8, 11 years, 8 months ago

After a bit more debugging, and setting up simple error_log msgs on certain events. I can confirm that the only event that runs is beforeWebLogin,

onWebLogin, and onWebAuth do not even run!

Any suggestions?

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]

☆ A M B ☆
24,524 Posts

sottwell Reply #9, 11 years, 8 months ago

Looks like someting wrong with your plugin, aborting the login process.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

32 Posts

glcreations Reply #10, 11 years, 8 months ago

The code here isn't all that untoward.

// Handles the login of CAS
require_once $modx->getOption('login.core_path',null,$modx->getOption('core_path').'components/PHPCas/').'init.php';

//Default Password
$password = 'atestpassword';

$casAttributes = phpCas::getAttributes();

//Fetch the user from MODx/
$user = $modx->getObject('modUser', array('username'=>$casAttributes['user_id']));

if ($user) { //Have we grabbed the user? (Do they exist in MODx);
    // Yes this user already exists in MODx, lets now log them in...

    // Are we logged in?
    $userId = $modx->user->get('username');

    if ($userId == '(anonymous)') { // No we are not... So lets login

        $_POST['username'] = $casAttributes['user_id'];
        $_POST['password'] = $password; 
        $_POST['service'] = 'login';
        $_REQUEST['service'] = 'login';
        $scriptProperties['loginResourceId'] = 16;

        // All handled by the login snippet
        $modx->runSnippet('Login', $scriptProperties);

        //returns anonymous
        error_log ("USER NAME LOGGED IS : " . $modx->user->get('username'));

    }
    else { // Yes we are!
        echo 'Logged in, user already was here, user ID is ' . $userId;
    }

}

[img width=500 height=56.666666666667]http://i3.photobucket.com/albums/y81/GraemeLeighfield/Forum/glcsig.png[/img]