Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Programmatic authentication not working after update #14278

Closed
meteohr opened this issue Mar 28, 2019 · 3 comments
Closed

Programmatic authentication not working after update #14278

meteohr opened this issue Mar 28, 2019 · 3 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@meteohr
Copy link

meteohr commented Mar 28, 2019
edited

Hi,
I'm trying to update from matomo 3.0.2 to 3.9.1

We have a custom plugin in place for authentication. Matomo is running on windows server 2012 (php 5.6) and we use windows authentication with NTLM on IIS to provide a SSO method for our matomo users.
With the old version, everything works fine.

The custom plugin is pretty simple and does something like that:

namespace Piwik\Plugins\LoginWindowsSSO;

use Piwik\Plugins\UsersManager\Model;
use Piwik\Plugins\Login\Auth;
use Piwik\Plugins\Logging\Logger;
use Piwik\Plugins\Login\Controller;
use Piwik\Piwik;

class LoginWindowsSSO extends \Piwik\Plugin {
	
	private $log;
	
	public function __construct($pluginName = false) {
		$this->log = new Logger($this, "sso");
		parent::__construct($pluginName);
	}
	
	function getListHooksRegistered() {
		return array(
			'Request.initAuthenticationObject' => 'initAuthenticationObject'
		);
	}

	function initAuthenticationObject($activateCookieAuth = false) {
		$this->log->debug("=> #initAuthenticationObject");
		$login = $this->getWinUser(); // this method extract the login name from request headers
		if (!empty($login)) {
			$auth = new Auth();
			$model = new Model();
			$user = $model->getUser($login);
			if (!empty($user)) {
				$this->log->info("===> logon success for user $login");
				$auth->setLogin($login);
				$auth->setTokenAuth($user['token_auth']);
			} else {
				$this->log->warn("===> User $login was not found in the Piwik database; logon won't work.");
			}
			\Piwik\Registry::set('auth', $auth);
		} else {
			$this->log->warn("==> logon user could not be retrieved from request; logon won't work.");
		}
	}
}

After the update to 3.9.1 it is not working anymore.
I checked the official docs and I noticed that we are missing the $auth->authenticate() method, but adding this doesn't work either.
I also debugged the authenticate method when in place, and it seems like it is executed twice, once with the correct auth object and after that once more with 'anonymous'. I don't know why, though (in the old version, it's only called once, without calling authenticate explicitly).
In the docs it also says Registry::set('auth', $auth) should be replaced with StaticContainer::getContainer()->set('Piwik\Auth', $auth), but this doesn't work, as well.

At this point I'm out of ideas.
Thanks for your help.
@tsteur
Copy link
Member

tsteur commented Mar 28, 2019

You probably want to create an auth class that extends our Piwik\Auth class and enrich authentication there (from what I would guess).

And then you create config/config.php and put something like this in there:

<?php
return array(
    'Piwik\Auth' => DI\object('Piwik\Plugins\YourPlugin\Auth'),
);

That's just a guess though. Not sure from which version you updated but this shouldn't have worked in quite a while in the recent versions if I had to guess without investigating too much. From which version did you update?

@meteohr
Copy link
Author

meteohr commented Mar 28, 2019

From version 3.0.2 as mentioned above ;)

@tsteur
Copy link
Member

tsteur commented Mar 28, 2019

As mentioned I recommend you look into overwriting the auth class as any token you set would be overwritten.
See an example here: https://github.com/matomo-org/plugin-LoginHttpAuth/blob/master/Auth.php

@tsteur tsteur closed this as completed Mar 28, 2019
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Mar 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsteur @meteohr