Improvement: Pluggable Login System

[miqrogroove]

One of the custom code hacks I need to merge with each new version is compatibility with HTTP basic auth over TLS. It's a simple implementation, but requires changes to LoginAction.php and ModuleThemeTrait.php and WebRoutes.php. Plus I've disabled self-servicing of usernames and passwords.

Would it be possible to make this more pluggable in the future?

[fisharebest]

The hard part, of course, is defining the interface to such a "plugin"...

I guess that to do this, one would need several working login modules.

requires changes to LoginAction.php and ModuleThemeTrait.php and WebRoutes.php.

Not sure what changes you make, but I would have thought that a module would do this?

[miqrogroove]

If it's possible, maybe I can figure it out. Is there any reference on how the modules work?

[fisharebest]

Perhaps tell me what changes you make, and I can point you in the right direction...

[miqrogroove]

I guess I can start with the "example" modules. If I get stuck I'll check back here.

[miqrogroove]

Perhaps tell me what changes you make, and I can point you in the right direction...

AccountUpdate and LoginAction, if it's possible to reroute these to a custom classes then I know how to do it now.

LoginPage gets rerouted to LoginAction.

ModuleThemeTrait::menuLogout() provides some kind of Javascript mechanism that I was never able to trace. I hacked the file so that the sign out links all point to a standalone PHP file. How could we make this pluggable?

administration.phtml same problem as menuLogout().

edit-account-page.phtml requires changes. Is there an easy way to switch it to a custom view file?

[fisharebest]

AccountUpdate and LoginAction, if it's possible to reroute these to a custom classes

Use app()->bind(...), as discussed earlier.

ModuleThemeTrait::menuLogout() provides some kind of Javascript mechanism that I was never able to trace.

If you click on an element with a data attribute data-post-url="https:...", webtrees will make a POST request to that URL. After making the request, webtrees will either reload the page, or will redirect to a URL specified in another data attribute data-reload-url="https:...".

How could we make this pluggable?

Replace LogoutAction, as above.

administration.phtml same problem as menuLogout().

Same solution?

edit-account-page.phtml requires changes. Is there an easy way to switch it to a custom view file?

You can replace the view. Or you can write code to read the existing view, and use preg_replace() on it. There is an example of this in the example theme module. (Note, you can use this feature on any module, not just themes).

Alternatively, add some CSS/JS to hide the fields, or add a readonly attribute to them?

Does this give you enough to work with?

[miqrogroove]

AccountUpdate and LoginAction, if it's possible to reroute these to a custom classes

Use app()->bind(...), as discussed earlier.

I toyed with bind for a couple hours during the earlier thread and never saw any effect.

Does this give you enough to work with?

Unsure. I will have to experiment and find out.