Log in Register
× Requests and support related to jBackend.

Persistent authentication - how to?

More
9 years 8 months ago - 9 years 8 months ago #3748 by larpo
Persistent authentication - how to? was created by larpo
Hi - I am building an ionic cordova mobile app using ngResource to consume data from a number of custom joomla components using custom jbackend plucgins. So far jbackend is working really well and I love it. I have a question about how to manage user authentication from an app where the expectation is that authentication happens once on the mobile device and is then persistent until the user logs out. Is this achievable using the user plugin/at all, or are we limited to joomla defined session length. What is the sensible workaround - passing username and password with every request would presumably work but seems quite insecure to me. Would you agree? What would you advise?

Thanks for your excellent work on this plugin. You have probably already saved me hundreds of hours of effort.

Lastly - do you have any examples of (or plans to write) a really good quality plugin that enables the full set of authenticated CRUD operations on a custom component? That would take you from awesome to hero status for lots of people I would imagine.
Last edit: 9 years 8 months ago by larpo.

Please Log in or Create an account to join the conversation.

More
9 years 8 months ago - 9 years 8 months ago #3751 by admin
Replied by admin on topic Persistent authentication - how to?
Hi,
about the session let me spend two words. Initially I planned to support both session cookie and auth token, but after a lot of Joomla core debug I discovered that - unfortunately - Joomla only works with the session cookie, so this is the current limit to consider. You must use the user module to login and save the cookie to pass on each subsequent request.

About the security on login, I have added a little note on docs to explain this missing part (I forget to write it down but, as system integrator, security is ALWAYS my first concern). I quote here for your convenience:

To avoid to pass credentials in clear it is recommended to expose the endpoint over HTTPS, and to pass username and password as POST variables (it is supported out-of-the-box).


About the last point, I would ask you if you have any suggestion about an existing component to support with a set of CRUD operations. I would like to build just the jBackend module on an existing component, not first create the (useless) component too. :)

Kind regards,
Luigi
Last edit: 9 years 8 months ago by admin.
The following user(s) said Thank You: larpo

Please Log in or Create an account to join the conversation.

More
9 years 8 months ago #3753 by larpo
Replied by larpo on topic Persistent authentication - how to?
Hi - we tend to build custom component in the joomla component creator so i don't have any specific community component in mind.

The thought was that since jbackend is mostly going to be used by developers who know what to do with restful endpoints, it would probably make sense to flesh out the developer documentation/helloworld plugin to demonstrate some recommended function for crud operations on some generic hypothetical table of items - doesn't have to be a real component to show how you would do it.

For example:
- would you write a separate function for each of the operations or have a single function that returns a list, takes an id for read, update, delete etc. on a specific row?
- how would you recommend we handle pagination of results
-

I made a start on one here, but would love some advice from a pro before I go off coding something daft (php not being my forte!)
public function actionGetItems(&$response, &$status = null)
  {
    $app = JFactory::getApplication();

    // Get additional request parameters
    $id = $app->input->getInt('id');
    if (!is_null($id))
    {
      // Example of how to generate and return an error inside an action function
      if ($id == '101')
      {
        $response = plgJBackendHelloWorld::generateError('HWD_GEN'); // Generic hello world error
        return false;
      }
    }

    // Get the data
        $db = JFactory::getDbo();
         
        // Create a new query object.
        $query = $db->getQuery(true);
         
        // Structure a query joomla stylee
        $query->select($db->quoteName(array('id', 'itemtitle', 'deliverydestination', 'updated', 'status', 'item_image')));
        $query->from($db->quoteName('#__items'));
        $query->where($db->quoteName('status') . ' LIKE '. $db->quote('Collecting Bids'));
        $query->order('updated DESC');
         
        // Reset the query using our newly populated query object.
        $db->setQuery($query);
         
        // Load the results as a list of stdClass objects (see later for more options on retrieving data).
        $requests = $db->loadObjectList();

        if (empty($requests))
      {
        return 'HWD_DAT'; // Article not found
      }

    // Get plugin params - what could we do with this?
    // $option_name = $this->params->get('option_name', 0);


    
      $response['status'] = 'ok';
      $response['total'] = count($requests);

// Do we do pagination in the response or return everything?
      // $response['limit'] = $pagination->limit;
      // $response['offset'] = $pagination->limitstart;
      // $response['pages_current'] = $pagination->pagesCurrent;
      // $response['pages_total'] = $pagination->pagesTotal;
      //$response['items'] = array();

      foreach ($requests as $request)
      {
        $request = array();
        $item['id'] = $request->id;
        $item['title'] = $request->itemtitle;
        $item['alias'] = $request->alias;
        $item['status'] = $request->status;
        $item['created_by'] = $request->created_by;
        $response['requests'][] = $item;
      }

    if ($option_name)
    {
      $response['option'] = 'true';
    }
    return true;
  }

and then add a case to the onRequestHelloWorld function...

Any advice on how to do this right?

Please Log in or Create an account to join the conversation.

More
9 years 8 months ago #3761 by admin
Replied by admin on topic Persistent authentication - how to?
Ok, I got it.
I will check your code and add it to the HelloWorld plugin with additional comments, so to build a good boilerplate for CRUD operations.

Thanks for your advices, I will advise you when ready.
The following user(s) said Thank You: larpo

Please Log in or Create an account to join the conversation.

More
9 years 8 months ago #3768 by larpo
Replied by larpo on topic Persistent authentication - how to?
Thanks - that's great. I think lots of people will appreciate that. What's your expected timeframe out of interest? I'm not trying to hurry you, just need to decide whether we wait for your advice or I push ahead myself for now. Cheers

Please Log in or Create an account to join the conversation.

More
9 years 8 months ago #3771 by admin
Replied by admin on topic Persistent authentication - how to?
In this moment I have some works in progress so I will be really (really) busy until the end of the week. But I wrote down this task and I plan to work on it the next weekend.
The following user(s) said Thank You: larpo

Please Log in or Create an account to join the conversation.

Time to create page: 0.148 seconds