forAuthUser hook inconsistency according auth method
Concerned version
Version: %2.0.14
Summary
I have choice auth: LDAP or OIDC
I have a plugin with a function which is called at forAuthUser hook.
When authenticating with LDAP, after authentication function is called well.
When authenticating with OIDC, plugin is not.
Once authenticated, if I come back on portal, then plugin triggers well anyway the authentication method used.
Not sure what should be the expected behavior during authentication.
Logs
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Auth::Choice::_endAuth
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
Aug 4 05:32:03 ansible LLNG[8824]: [info] No notification found
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing _choice from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing keepPdata from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] [notice] alt.r7-etprxwl@exemple.com@superIDP connected
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling autoredirect
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Appslist
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_auth =~ /^(LDAP|DBI|Demo)$/ for module ChangePassword
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module LoginHistory
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_oidcConsents && $_oidcConsents =~ /\w+/ for module OidcConsents
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Logout
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Appslist has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if ChangePassword has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if LoginHistory has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if OidcConsents has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Logout has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Searching for "alt.r7-etprxwl@exemple.com@superIDP" accepted notification(s)
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Skin returned: menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling sendHtml with template menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Use fr.json to override messages
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CORS policy :
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Origin
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Credentials
Aug 4 05:32:03 ansible LLNG[8824]: [debug] true
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Methods
Aug 4 05:32:03 ansible LLNG[8824]: [debug] POST,GET
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Expose-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Max-Age
Aug 4 05:32:03 ansible LLNG[8824]: [debug] 86400
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline';form-action *;frame-ancestors 'none';
Possible fixes
workaround is to trigger plugin for "forAuthUser" and "endAuth" hook, but "forAuthUser" behavior remains inconsistent according auth method.