coldbox-modules / cbauth Goto Github PK
View Code? Open in Web Editor NEWAuthentication wrapper for ColdBox
License: MIT License
Authentication wrapper for ColdBox
License: MIT License
"name " is not a valid property for interfaces. It should be "displayName"
I discovered this by running cfcompile on my project
isloggedin() sets to false after several minutes. It happens regardless of activity or inactivity. The session continues to live on and sessionID remains the same. Tested and confirmed with a simple login app with only Coldbox and cbauth installed through the latest Commandbox running on Lucee 5.2.9.31 as well as the latest Lucee 5.3. No default settings were changed in either Coldbox or Lucee.
Should also handle J2EE sessions which are not handled by the built-in functions.
I'm trying to figure out if this is a bug, intentional behavior, or just user error on my part.
I have a Coldbox app that only needs to use cbauth (via cbsecurity) in a module. I have defined my cbsecurity settings in the module's ModuleConfig.cfc like this:
settings = {
cbsecurity = {
// Module Relocation when an invalid access is detected, instead of each rule declaring one.
"invalidAuthenticationEvent" : "admin:errors.onAuthenticationFailure",
// Default Auhtentication Action: override or redirect when a user has not logged in
"defaultAuthenticationAction" : "override",
// Module override event when an invalid access is detected, instead of each rule declaring one.
"invalidAuthorizationEvent" : "admin:errors.onAuthorizationFailure",
// Default Authorization Action: override or redirect when a user does not have enough permissions to access something
"defaultAuthorizationAction" : "override",
// cbauth
"userService" : "AuthenticationService@admin",
// You can define your security rules here
"rules" : [
{
"secureList" : "admin:*",
"whitelist" : "admin:login"
}
]
}
However, when I try to access the submodule I get the following error:
No [userServiceClass] provided. Please set in config/ColdBox.cfc
under moduleSettings.cbauth.userServiceClass
.
I can make the error go away if I put the following in my root app's Coldbox.cfc config file:
moduleSettings = {
cbauth = {
userServiceClass = "AuthenticationService@cms"
}
};
However, it smells funny to me to have to specify the cbauth settings in the app root if cbauth is only needed at the module level. Is this intentional behavior of cbauth? Or perhaps I am missing something?
AuthenticationService's getUser()
method should be able to handle a null
response from the user service.
https://github.com/coldbox-modules/cbauth/blob/main/models/AuthenticationService.cfc#L152-L163 - it seems getUser()
expects getUserService().retrieveUserById(...)
to throw an error if the user cannot be found.
Instead, I'd prefer to handle null
's as a missing user, and logout or clear the session val.
The context of this is that a logged-in user was deleted. (don't ask!)
I would be happy to PR something like this toAuthenticationService.cfc
's getUser()
method:
if ( isNull( userBean ) ){
variables.sessionStorage.delete( variables.USER_ID_KEY );
throw( "User not found" );
}
I am getting an error when trying to use the interceptor postAuthentication
. I'd like to reference my User entity and place it in sessionStorage
.
However, when I test the following interceptor code, I get an error that reads "Element USER is undefined in ARGUMENTS":
// After a user authenticates, store the user entity in the session (does not work)
function postAuthentication( user, sessionStorage, requestStorage ) {
arguments.sessionStorage.user = arguments.user;
}
I am authenticating in my handler with the following code:
auth().authenticate( rc.emailAddress, rc.userPassword );
Ultimately what I'm trying to do is store some frequently accessed data (like the logged in user's first name and avatar) in the session scope so I don't have to go to the database on every page request. Finally, I'd like to be able to update the session data in case the user ever changes their name or something. I also asked a new StackOverflow question on the subject.
Thanks for all your contributions on Forgebox by the way!
My coldbox install is pulling the latest cbauth 4.1.1 from https://s3.amazonaws.com/ortus-forgebox-private/elpete/cbauth/4.1.1.zip, but the zip file contains the helper and models folders but no files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.