Issue status update for http://drupal.org/node/29147 Post a follow up: http://drupal.org/project/comments/add/29147 Project: Drupal Version: cvs Component: user.module Category: feature requests Priority: normal Assigned to: Anonymous Reported by: naudefj Updated by: naudefj Status: patch (code needs work)
Why?
Without it, it would be impossible to have a single userid/password for your entire site. It would be silly to ask users to log in to Drupal using their forumid@local. Surely there must be a way to authenticate them without having to type the "@local" part?
So, when drupal.module is enabled, there is a third user login field, "site" or "domain", that would include "local" and any registered associates.
Not sure I understand - I'm not using drupal.module, but are trying to implement my own authentication module without the need to hack into user.module (or any other module for that sake). naudefj Previous comments: ------------------------------------------------------------------------ Thu, 18 Aug 2005 20:46:57 +0000 : naudefj Please implement a hook to authenticate local users - similar to what hook_auth does for remote users. Alternatively, extend hook_auth to authenticate both local and remote users. Current behaviour: - If a user logs in with "user@domain", hook_auth gets activated; - If a user logs in with "user", hook_auth is bypassed. More details: http://drupal.org/node/27959 ------------------------------------------------------------------------ Sat, 20 Aug 2005 20:11:29 +0000 : killes@www.drop.org use hook_user(login) ------------------------------------------------------------------------ Sat, 20 Aug 2005 20:38:53 +0000 : naudefj I just tried hook_user(login), but it only fires when a valid drupal userid/password is entered. ------------------------------------------------------------------------ Sat, 20 Aug 2005 21:03:38 +0000 : naudefj I found the reason why hook_auth only works for remote users. Look at this code from users.module: // Try each external authentication source in series. Register user if // successful. else if (!$user->uid && $server) { Is this something that should be fixed, or should I just comment out the the "&& $server" part myself? ------------------------------------------------------------------------ Sun, 28 Aug 2005 19:03:24 +0000 : naudefj Attachment: http://drupal.org/files/issues/user_31.patch (1.7 KB) Here is a patch that will allow HOOK_AUTH to work for both local and remote users. If would be great if it can be reviewed and applied to HEAD. ------------------------------------------------------------------------ Sun, 11 Sep 2005 05:32:55 +0000 : moshe weitzman hook_auth deliberately is ineffective for local logins. if you enable it for all logins, you will slow down the experience for many people who guess their passwords wrong on login page. in that case, code would call all remote auth modules an dthey in turn would contact their home base. thats too slow. we want to return a 'sorry try again' message very quickly. what are you trying to accomplish here? ------------------------------------------------------------------------ Sun, 11 Sep 2005 06:59:52 +0000 : naudefj Hi,
hook_auth deliberately is ineffective for local logins.
Not true. HOOK_AUTH cannot be used for local logins. Look at this line in user.module: else if (!$user->uid && $server) {
what are you trying to accomplish here?
I would like my users to use their existing forum userids and passwords to login to Drupal. However, I quickly discovered that external authentication only works if you append a domain/servername to your userid. For example, if a username like "user*@domain*" is entered, HOOK_AUTH gets activated. Problem is that if a userid like "user" is used, HOOK_AUTH will be bypassed. This fix allows local users (i.e. just "user") to be authenticated against an external source. Any other solutions/ suggestions would be greatly appreciated! Best regards. Frank ------------------------------------------------------------------------ Sun, 11 Sep 2005 14:49:15 +0000 : nedjo "The fix allows local users (i.e. just "user") to be authenticated against an external source. " Why? I assume authentication should be either local or external--not both. Therefore, we need a way to distinguish between the two. Currently, the username@domain convention is used. Removing the @domain part of the DrupalID would remove this disctinction. Is the issue just that this convention is confusing for new users? In this case, I'd suggest pulling the domain part out into a different field. So, when drupal.module is enabled, there is a third user login field, "site" or "domain", that would include "local" and any registered associates.