Details
-
Type:
New Feature
-
Status:
Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2.0
-
Fix Version/s: DEV backlog
-
Component/s: Authentication
-
Labels:None
-
Affected Branches:MOODLE_20_STABLE
Description
Background discussion here: http://moodle.org/mod/forum/discuss.php?d=136675
I've attached a first attempt at a patch for actually using the AUTH_* definitions already in lib/authlib.php. This code respects AUTH_DENIED so that it will be possible to create stackable blacklist authentication modules in addition to the stackable whitelist modules we already have.
I wrote this with the idea of keeping the patch as small as possible, but I think it would be better if we made it possible to provide more information back to the user. For example, it would be useful if, while configuring your authentication modules stack, you could turn on some more verbosity and be told "login denied for XYZ reason by ABC module" instead of simply "Login denied".
Is there any interest in considering this for inclusion in 2.0?
Cheers,
Matt
Attachments
Activity
- All
- Comments
- History
- Activity
- Source
- Test Sessions
Matt,
while your last change makes certain sense, I'd explicitly code a check for AUTH_FAIL or 'false' in the last hunk of the patch. This would make the code more obvious to anyone having a look at it, which is a good thing when dealing with security related code 
Other than that, it looks good to me.
Saludos
Iñaki.
Other than that, it looks good to me.
Saludos
Iñaki. 
Matt - Looks good. My only suggestion for improvement has to do with communication with the user. Might it be helpful to indicate a reason(s) why the access is being denied. For example, Login access denied: Blacklisted IP. I realize that the more information you give the easier it allows some folks to get back in; however, looking at it from the perspective of most good users it may be helpful to specify a more exact cause for the denial. In any case, just something to consider. Peace - Anthony