coldbox-modules / cbauth Goto Github PK

"name " is not a valid property for interfaces. It should be "displayName"
I discovered this by running cfcompile on my project

isloggedin() sets to false after several minutes. It happens regardless of activity or inactivity. The session continues to live on and sessionID remains the same. Tested and confirmed with a simple login app with only Coldbox and cbauth installed through the latest Commandbox running on Lucee 5.2.9.31 as well as the latest Lucee 5.3. No default settings were changed in either Coldbox or Lucee.

Should also handle J2EE sessions which are not handled by the built-in functions.

I'm trying to figure out if this is a bug, intentional behavior, or just user error on my part.

I have a Coldbox app that only needs to use cbauth (via cbsecurity) in a module. I have defined my cbsecurity settings in the module's ModuleConfig.cfc like this:

settings = {
      cbsecurity = {
                // Module Relocation when an invalid access is detected, instead of each rule declaring one.
                "invalidAuthenticationEvent" 	: "admin:errors.onAuthenticationFailure",
                // Default Auhtentication Action: override or redirect when a user has not logged in
                "defaultAuthenticationAction"	: "override",
                // Module override event when an invalid access is detected, instead of each rule declaring one.
                "invalidAuthorizationEvent"		: "admin:errors.onAuthorizationFailure",
                // Default Authorization Action: override or redirect when a user does not have enough permissions to access something
                "defaultAuthorizationAction"	: "override",
                // cbauth
                "userService"                   : "AuthenticationService@admin",
                // You can define your security rules here
                "rules"							: [
                    {
                        "secureList" 	: "admin:*",
                        "whitelist" 	: "admin:login"
                    }
                ]
            }

However, when I try to access the submodule I get the following error:
No [userServiceClass] provided. Please set in config/ColdBox.cfc under moduleSettings.cbauth.userServiceClass.

I can make the error go away if I put the following in my root app's Coldbox.cfc config file:

moduleSettings = {
            cbauth = {
                userServiceClass = "AuthenticationService@cms"
            }
        };

However, it smells funny to me to have to specify the cbauth settings in the app root if cbauth is only needed at the module level. Is this intentional behavior of cbauth? Or perhaps I am missing something?

AuthenticationService's getUser() method should be able to handle a null response from the user service.

https://github.com/coldbox-modules/cbauth/blob/main/models/AuthenticationService.cfc#L152-L163 - it seems getUser() expects getUserService().retrieveUserById(...) to throw an error if the user cannot be found.

Instead, I'd prefer to handle null's as a missing user, and logout or clear the session val.

The context of this is that a logged-in user was deleted. (don't ask!)

I would be happy to PR something like this toAuthenticationService.cfc's getUser() method:

if ( isNull( userBean ) ){
    variables.sessionStorage.delete( variables.USER_ID_KEY );
    throw( "User not found" );
}

I am getting an error when trying to use the interceptor postAuthentication. I'd like to reference my User entity and place it in sessionStorage.

However, when I test the following interceptor code, I get an error that reads "Element USER is undefined in ARGUMENTS":

// After a user authenticates, store the user entity in the session (does not work)
function postAuthentication( user, sessionStorage, requestStorage ) {
    arguments.sessionStorage.user = arguments.user;
}

I am authenticating in my handler with the following code:

auth().authenticate( rc.emailAddress, rc.userPassword );

Ultimately what I'm trying to do is store some frequently accessed data (like the logged in user's first name and avatar) in the session scope so I don't have to go to the database on every page request. Finally, I'd like to be able to update the session data in case the user ever changes their name or something. I also asked a new StackOverflow question on the subject.

Thanks for all your contributions on Forgebox by the way!

My coldbox install is pulling the latest cbauth 4.1.1 from https://s3.amazonaws.com/ortus-forgebox-private/elpete/cbauth/4.1.1.zip, but the zip file contains the helper and models folders but no files.