Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22045

As a developer, I want user login to be fully handled by Symfony stack

    Details

    • Sprint:
      Ventoux Sprint 1, Ventoux Sprint 2
    • Story Points:
      4

      Description

      Currently user login is still handled by user/login legacy module. This prevents extensibility provided by Symfony security component to be properly exposed.

      The following points should be considered:

      • Once logged in Symfony stack, user must also be logged in legacy
      • If logged in legacy (e.g. legacy_mode: true), authenticated user must be injected in the repository as well.

      The following should be made possible as a follow up story:

      • Login handlers (e.g. LDAP)
      • SSO

        Issue Links

          Activity

          Hide
          Pedro Resende (Inactive) added a comment -

          Tested and approved by Q.A.

          Show
          Pedro Resende (Inactive) added a comment - Tested and approved by Q.A.
          Hide
          Gaetano Giunta (Inactive) added a comment -

          I'm not sure I totally understand how the is_logged_in cookies is supposed to work now:

          • as long as you use Sf stack to login, it will never be set, correct? Even if you go to a legacy module/view after being logged in?
          • if otoh you use legacy stack to log in, it will be set? Even if you do that through the Sf frontend controller?
          • is there any chance of mishandling of the cookie on current sites?

          and, last but not least:

          • should we explain to developers how to reimplement is_logged_in cookie on top of the Sf stack? I think it was a useful feature of eZ4. Or can it be fully+easily be replaced with userhash (or something else)?
          Show
          Gaetano Giunta (Inactive) added a comment - I'm not sure I totally understand how the is_logged_in cookies is supposed to work now: as long as you use Sf stack to login, it will never be set, correct? Even if you go to a legacy module/view after being logged in? if otoh you use legacy stack to log in, it will be set? Even if you do that through the Sf frontend controller? is there any chance of mishandling of the cookie on current sites? and, last but not least: should we explain to developers how to reimplement is_logged_in cookie on top of the Sf stack? I think it was a useful feature of eZ4. Or can it be fully+easily be replaced with userhash (or something else)?
          Hide
          Jérôme Vieilledent (Inactive) added a comment -

          For now on, is_logged_in cookie is completely ignored by Symfony stack. It's still used in legacy of course (for BC) and will be used if the legacy kernel is used with run() method (e.g. legacy module, admin interface, pure legacy mode...). But, authentication being made by Symfony, is_logged_in will be completely ignored by Symfony stack.

          Why would you reimplement this feature when it adds more problems than it solves ? UserHash is now to manage users footprint, authentication status being checked differently.

          Show
          Jérôme Vieilledent (Inactive) added a comment - For now on, is_logged_in cookie is completely ignored by Symfony stack. It's still used in legacy of course (for BC) and will be used if the legacy kernel is used with run() method (e.g. legacy module, admin interface, pure legacy mode...). But, authentication being made by Symfony, is_logged_in will be completely ignored by Symfony stack . Why would you reimplement this feature when it adds more problems than it solves ? UserHash is now to manage users footprint, authentication status being checked differently.
          Hide
          Gaetano Giunta (Inactive) added a comment -

          ABout usage of this feature: it's not to be used within ez, it is all about making it easy for external proxies

          Show
          Gaetano Giunta (Inactive) added a comment - ABout usage of this feature: it's not to be used within ez, it is all about making it easy for external proxies
          Show
          Jérôme Vieilledent (Inactive) added a comment - Documentation: https://confluence.ez.no/display/EZP/Authentication

            People

            • Assignee:
              Unassigned
              Reporter:
              Jérôme Vieilledent (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 week Original Estimate - 1 week
                1w
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 week, 2 days, 7 hours, 30 minutes
                1w 2d 7h 30m

                  Agile