From: Robert M. <rob...@gm...> - 2013-06-30 20:07:46
|
Hi, I'm looking at an enhancement request + patch 15869: API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed http://www.mantisbt.org/bugs/view.php?id=15869 The proposed patch starts to make auth_attempt_script_login look more like auth_attempt_login. However, I started wondering why we have two versions of the function call. The are many differences between the two, but the only ones that I think should remain are: 1. Do not increment login count with the script variant 2. The cookie settings must be different Notably, user auto-creation and incrementing failed login counts should work for both functions IMO. As such, I'm considering unifying the two functions, making them call a utility function which takes the parameters needed to change it behaviour ( e.g. $p_is_script ); Thoughts? Robert -- http://robert.muntea.nu/ |
From: Paul R. <pa...@ma...> - 2013-06-30 21:27:14
|
If I recall correctly, in 2.x i've removed this function completely - there's no reason a script can't have an additional account an just send a password. Might be worth applying the same behaviour to 1.3 rather then confusing things later on. Paul On Sun, Jun 30, 2013 at 9:07 PM, Robert Munteanu <rob...@gm...>wrote: > Hi, > > I'm looking at an enhancement request + patch > > 15869: API call mc_login with valid LDAP user which is not in mantis > DB -> result: login failed > http://www.mantisbt.org/bugs/view.php?id=15869 > > The proposed patch starts to make auth_attempt_script_login look more > like auth_attempt_login. However, I started wondering why we have two > versions of the function call. > > The are many differences between the two, but the only ones that I > think should remain are: > > 1. Do not increment login count with the script variant > 2. The cookie settings must be different > > Notably, user auto-creation and incrementing failed login counts > should work for both functions IMO. > > As such, I'm considering unifying the two functions, making them call > a utility function which takes the parameters needed to change it > behaviour ( e.g. $p_is_script ); > > Thoughts? > > Robert > > -- > http://robert.muntea.nu/ > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Robert M. <rob...@gm...> - 2013-07-01 15:10:58
|
On Mon, Jul 1, 2013 at 12:19 AM, Paul Richards <pa...@ma...> wrote: > If I recall correctly, in 2.x i've removed this function completely - > there's no reason a script can't have an additional account an just send a > password. > > Might be worth applying the same behaviour to 1.3 rather then confusing > things later on. Actually the function calls both take passwords, contrast [1] and [2]. I'm just asking how similar do we want them to heahave. Robert [1]: https://github.com/mantisbt/mantisbt/blob/master-1.2.x/core/authentication_api.php#L179 [2]: https://github.com/mantisbt/mantisbt/blob/master-1.2.x/core/authentication_api.php#L256 > > Paul > > > On Sun, Jun 30, 2013 at 9:07 PM, Robert Munteanu <rob...@gm...> > wrote: >> >> Hi, >> >> I'm looking at an enhancement request + patch >> >> 15869: API call mc_login with valid LDAP user which is not in mantis >> DB -> result: login failed >> http://www.mantisbt.org/bugs/view.php?id=15869 >> >> The proposed patch starts to make auth_attempt_script_login look more >> like auth_attempt_login. However, I started wondering why we have two >> versions of the function call. >> >> The are many differences between the two, but the only ones that I >> think should remain are: >> >> 1. Do not increment login count with the script variant >> 2. The cookie settings must be different >> >> Notably, user auto-creation and incrementing failed login counts >> should work for both functions IMO. >> >> As such, I'm considering unifying the two functions, making them call >> a utility function which takes the parameters needed to change it >> behaviour ( e.g. $p_is_script ); >> >> Thoughts? >> >> Robert >> >> -- >> http://robert.muntea.nu/ >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev >> _______________________________________________ >> mantisbt-dev mailing list >> man...@li... >> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > -- http://robert.muntea.nu/ |
From: Damien R. <dr...@ma...> - 2013-07-01 16:14:07
|
Robert Munteanu <robert.munteanu-Re5JQEeQqe8Avxt iu...@pu...> Wrote in message: > The are many differences between the two, but the only ones that I > think should remain are: > > 1. Do not increment login count with the script variant > 2. The cookie settings must be different > > Notably, user auto-creation and incrementing failed login counts > should work for both functions IMO. I tend to agree with paul here - i dont really see the point of having 2 distinct functions. Maybe bumping login count is meaningless but it doesn't hurt so why bother. Not sure what's you're thinking re: cookies. ----Android NewsGroup Reader---- http://www.piaohong.tk/newsgroup |
From: Robert M. <rob...@gm...> - 2013-07-01 16:24:48
|
On Mon, Jul 1, 2013 at 7:10 PM, Damien Regad <dr...@ma...> wrote: > Robert Munteanu <robert.munteanu-Re5JQEeQqe8Avxt > iu...@pu...> Wrote in message: >> The are many differences between the two, but the only ones that I >> think should remain are: >> >> 1. Do not increment login count with the script variant >> 2. The cookie settings must be different >> >> Notably, user auto-creation and incrementing failed login counts >> should work for both functions IMO. > > I tend to agree with paul here - i dont really see the point of > having 2 distinct functions. > Maybe bumping login count is meaningless but it doesn't hurt so > why bother. > Not sure what's you're thinking re: cookies. auth_attempt_login creates a $t_cookie_string when creating the user, which is then thrown away and only checked to see if the user create call succeeded [1] auth_attempt_script_login updates the global $g_script_login_cookie ( [2] ) and also $g_cache_current_user_id . The usage of globals needs more review, but probably need to be kept for backwards compatibility reasons. Robert [1]: https://github.com/mantisbt/mantisbt/blob/master-1.2.x/core/authentication_api.php#L195 [2]: https://github.com/mantisbt/mantisbt/blob/master-1.2.x/core/authentication_api.php#L285 > > > > ----Android NewsGroup Reader---- > http://www.piaohong.tk/newsgroup > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev -- http://robert.muntea.nu/ |