Dev: more comments on authentication process

LimeSurvey · Oct 18, 2016 · 34904b0 · 34904b0
1 parent 67d2943
commit 34904b0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/application/controllers/admin/authentication.php b/application/controllers/admin/authentication.php
@@ -125,9 +125,7 @@ public static function prepareLogin()
             App()->getPluginManager()->dispatchEvent($newLoginForm);            // inject the HTML of the form inside the private varibale "_content" of the plugin
             $aData['summary'] = self::getSummary('logout');
             $aData['pluginContent'] = $newLoginForm->getAllContent();           // Retreives the private varibale "_content" , and parse it to $aData['pluginContent'], which will be  rendered in application/views/admin/authentication/login.php
-        }
-        else
-        {
+        }else{
             // The form has been submited, or the plugin has been stoped (so normally, the value of login/password are available)
 
              // Handle getting the post and populating the identity there
@@ -143,10 +141,17 @@ public static function prepareLogin()
             $identity = $event->get('identity');
 
             // Now authenticate
-            if ($identity->authenticate())
-            {
+            // This call LSUserIdentity::authenticate() (application/core/LSUserIdentity.php))
+            // which will call the plugin function newUserSession() (eg: Authdb::newUserSession() )
+            // TODO: for sake of clarity, the plugin function should be renamed to authenticate().
+            if ($identity->authenticate()){
                 FailedLoginAttempt::model()->deleteAttempts();
                 App()->user->setState('plugin', $authMethod);
+
+                // This call to AdminController::_GetSessionUserRights() ;
+                // NB 1:calling another controller method from a controller method is a bad pratice
+                // NB 2: this function only check if logged in user is super admin to set in session USER_RIGHT_INITIALSUPERADMIN
+                // TODO: move this function to the user object
                 Yii::app()->getController()->_GetSessionUserRights(Yii::app()->session['loginID']);
                 Yii::app()->session['just_logged_in'] = true;
                 Yii::app()->session['loginsummary'] = self::getSummary();
@@ -155,9 +160,7 @@ public static function prepareLogin()
                 App()->getPluginManager()->dispatchEvent($event);
 
                 return array('success');
-            }
-            else
-            {
+            }else{
                 // Failed
                 $event = new PluginEvent('afterFailedLoginAttempt');
                 $event->set('identity', $identity);

diff --git a/application/core/LSUserIdentity.php b/application/core/LSUserIdentity.php
@@ -65,7 +65,7 @@ public function authenticate() {
                 $result->setError(self::ERROR_UNKNOWN_HANDLER);
             } else {
                 // Delegate actual authentication to plugin
-                $authEvent = new PluginEvent('newUserSession', $this);
+                $authEvent = new PluginEvent('newUserSession', $this);          // TODO: rename the plugin function authenticate()
                 $authEvent->set('identity', $this);
                 App()->getPluginManager()->dispatchEvent($authEvent);
                 $pluginResult = $authEvent->get('result');
@@ -172,4 +172,4 @@ public function setPlugin($name) {
     public function setConfig($config) {
         $this->config = $config;
     }
-}
+}