Skip to Content Skip to Menu

🌲 Merry Christmas! Great savings on Professional and Developer Memberships! Get 25% off now with code XMAS-2024!

[SOLVED] Joomla authentication plugins get triggered twice when logging in through CB

  • softforge
  • softforge
  • OFFLINE
  • Posts: 129
  • Thanks: 21
  • Karma: 12
9 years 9 months ago - 9 years 9 months ago #260456 by softforge
I am building an integration into a system that produces one time passwords for login. I have built an authentication plugin based on this code:

github.com/softforge/JoomlaPluginsBook/blob/master/chapter07/plg_authentication_ch07test01/plugins/authentication/ch07test01/ch07test01.php

When this plugin is zipped up, installed and enabled, it gets called twice when logging in through CB which is shown by the username appearing twice in the messages. Interestingly, it get called twice regardless of the "Login Method" setting in the CB configuration. It only gets called once when logging in through Joomla.

I guess for most sites, getting called twice doesn't really matter but for the service I'm using, it matters a lot as once the password has been used, it cannot to be used again so being called twice prevents the users from logging on using this service as it is the result of the second call that checked.

Any idea how to stop the plugin getting called twice?

Many thanks.

If you like our plugins, please consider writing a review on the Joomla Extension Directory or the Community Builder Directory ...
Last edit: 9 years 9 months ago by krileon.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
9 years 9 months ago #260459 by krileon
Writing the plugin to act on CBs login triggers instead of being a Joomla authentication plugin will go a long way to get it working properly with CB. It shouldn't be called twice. The below is how authentication plugin support works.

1. Check if the user exists by username
2. If not check if the user exists by email
3. If not check if the user exists by authentication plugin

What step 3 does is call the Joomla login function on the credentials supplied by the user. This returns basically a true/false if login is successful. If it is we generate a CB user object for them and store it then mark $loggedIn as true and don't bother attempting to login again. The only way for login to fire twice is if the authentication plugin login attempt failed and $loggedIn was never set true.

Maybe you're using CB Auto Actions or something to login a user or could be an issue with the authentication plugin it self. I recommend checking Joomlas GMail authentication plugin as it's the only one we've tested.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • softforge
  • softforge
  • OFFLINE
  • Posts: 129
  • Thanks: 21
  • Karma: 12
9 years 9 months ago - 8 years 10 months ago #260579 by softforge
Thanks for your response. I've tried may things but with no success so far. I tried disabling auto actions but that didn't make any difference. I tried disabling and reordering the authentication plugins but that also makes no difference.

It only gets called twice if the first call returns true so something else is happening after a successful login which is causing login to get called again. I set-up a breakpoint within the doAuthenticate function and here is a screenshot of the stack-trace each time it is called:




As you can see, login() is being called more then once. Does this provide any clues? I currently have CB set to only login using username (not using authentication plugins).

This authentication plugin works great with the Joomla login so it would be really nice if it were compatible with the CB login as well.

Thanks for your help on this! :)

If you like our plugins, please consider writing a review on the Joomla Extension Directory or the Community Builder Directory ...
Last edit: 8 years 10 months ago by softforge.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
9 years 9 months ago #260603 by krileon
Ah, I see what's going on. On line 65 it's testing that the user is loaded by Username OR if the password they supplied is valid. When it's testing the password via verifyPassword it does a call to Joomlas authentication API. If that fails it repeats by Email on line 70 then finally handles the authentication plugin on line 78. That call to Joomla authentication is what is triggering your authentication plugin.

I think you'll just need to alter your authentication plugin to handle this scenario. We can't remove that without breaking functionality as it's needed to validate the password. Your alternative is to develop a CB authentication plugin, which is a CB field that acts on onLoginAuthentication.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • softforge
  • softforge
  • OFFLINE
  • Posts: 129
  • Thanks: 21
  • Karma: 12
9 years 9 months ago #260647 by softforge
Thanks Kyle.

Any idea what is different between each call that I can check so I don't make the API call twice?

Many thnaks

If you like our plugins, please consider writing a review on the Joomla Extension Directory or the Community Builder Directory ...

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48616
  • Thanks: 8302
  • Karma: 1446
9 years 9 months ago #260650 by krileon
Cache the authentication in a static variable should work fine. Example as follows.

Code:
static $cache = array(); if ( ! isset( $cache[$username][$password] ) ) { // Do validation here; set $cache[$username][$password] to true/false depending on response } return $cache[$username][$password];

This will mean the username and password is only checked once and its response is cached when called multiple times in the same process. As it's a static variable the next page load (e.g. next login attempt) will do a new authentication as you're wanting.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum