Distributed authentication doesn't work

By mousse-man on 22 Jun 2004 at 23:40 UTC

I'm trying to get distributed authentication to work on snoop.alphanet.ch, but for some reason it doesn't work with drupal.org user ID. Drupal module is enabled and in stock configuration, I'm running 4.4.1.

I entered "mousse-man@www.drupal.org" and the password (else I wouldn't be here...), but nada. Do I need to open a special port on the firewall so that Drupal can get out (besides port 80?)? Or do I have to customize something the drupal.org module?

Comments

The funky thing...

mussi-at-snoop.alphanet.ch commented 22 June 2004 at 23:48

it works the other way around, so if you see this followup, Drupal was able to authenticate back to my site....

Can you use feeds?

Steven commented 23 June 2004 at 00:26

It's possible your server is configured not to allow outgoing connections from PHP script. Try out newsfeeds and see if that works to check.

Newsfeeds work

mousse-man commented 23 June 2004 at 18:59

Newsfeeds seem to work just dandy.

I have quickly put up the Drupal Newsfeed, and I got the things I wanted.

Where do we go looking now?

one-way distrib authen

teradome commented 11 July 2004 at 15:32

(keep alive post)

Yeah, I'm having the same problem with the same clues. Users on my system can login here, but I can't login with my drupal.org ID on my own system as a test. Feeds run fine too, so I'm kind of in the same boat here. This should still be able to work with "Visitors can create accounts but administrator approval is required" set in user.module, right?

no one?

teradome commented 25 July 2004 at 13:17

What, so no one knows?

Admin approval and distrib. auth.

Steven commented 25 July 2004 at 16:26

This probably the problem: when someone logs in via DA for the first time, they are essentially creating a new account on your site.

tested

teradome commented 26 July 2004 at 04:13

Yes, you are correct, this indeed was the problem.

However, I was getting this error before I changed my account creation settings:
"Sorry. Unrecognized username or password. Have you forgotten your password?"
Seems like that's a terribly wrong error message to be sending in this case.

Quite honestly, this is not quite how I expected DA to work, but I guess I read it wrong. I wanted to use DA in a trusted way... I want to approve everyone, but if they've been allowed in and kept alive on another Drupal site, let them skip the approval process. As it is, it's all or nothing -- let everyone in without approval, or force approval (and also, in this case, block Drupal IDs). So I think it's fair to say that DA is sort of broken right now.

(checking issues)

Ah, yes... what do you know...

One line is stopping it

jaza@www.greenash.net.au commented 25 January 2005 at 08:46

I've been having this problem too: I am able to log in to Drupal with IDs from my own site, but cannot log in to my site with a Drupal ID. After extensively staring at the code of user.module, I managed to work out what's causing the problem. I too have it set up so that admin approval is required for new user accounts. The following single line of code in user_authenticate() is breaking the DA system:

if (variable_get('user_register', 1) == 1) {

If you have a look at user_configure_settings() (also in user.module), you'll see that user_register can have three different values (the numbers aren't explicitly in the code, but since all arrays are zero-based in PHP, you can work it out by counting):

0: only site admins can create new accounts.
1: visitors can create accounts without approval.
2: visitors can create accounts, but need admin approval.

So the problem line of code is basically saying: unless your site's user_register variable is set to 1, I refuse to work. Well, bugger that! All you have to do to fix the problem is comment out that line - and the end brace for the if statement further down - as follows:

  // Try each external authentication source in series. Register user if
  // successful.
  else if (!$user->uid && $server) {
    foreach (module_list() as $module) {
      if (module_hook($module, 'auth')) {
        if (module_invoke($module, 'auth', $name, $pass, $server)) {
          //if (variable_get('user_register', 1) == 1) {
            $account = user_load(array('name' => "$name@$server"));
            if (!$account->uid) { // Register this new user.
              $user = user_save('', array('name' => "$name@$server", 'pass' => user_password(), 'init' => "$name@$server", 'status' => 1, "authname_$module" => "$name@$server", 'roles' => array(_user_authenticated_id())));
              watchdog('user', t('New external user: %user using module %module.', array('%user' => "<em>$name@$server</em>", '%module' => "<em>$module</em>")), l(t('edit'), 'user/'. $user->uid .'/edit'));
              break;
            }
          //}
        }
      }
    }
  }

Or just delete those lines if you want (better to leave some record of your hacks though, IMO - makes life slightly easier when the time comes to upgrade). I've tested this hack, and it fixes the problem beautifully - no side effects that I've noticed either, as yet.

Hope this helps!

Jeremy Epstein - GreenAsh