Add Horde_Auth_Application callback feature.

Using application auth, especially if using application auth as horde
auth, there was previously a severe limitation in that the application
only had a limited environment when doing the auth.  This makes sense
because, since no user was yet logged in, there was no way to init
things such as prefs.  Best (only?) solution is to understand that
application auth only has limited environment and should be used to do
the minimum necessary to verify authentication only.  Login tasks and
the like need a full environment, so add a authentication callback hook
that will re-call the application after a full environment can be setup.

diff --git a/framework/Auth/lib/Horde/Auth/Application.php b/framework/Auth/lib/Horde/Auth/Application.php
index d155503..6df6e19 100644 (file)
--- a/framework/Auth/lib/Horde/Auth/Application.php
+++ b/framework/Auth/lib/Horde/Auth/Application.php
@@ -34,6 +34,7 @@ class Horde_Auth_Application extends Horde_Auth_Base
     protected $_apiMethods = array(
         'add' => 'authAddUser',
         'authenticate' => 'authAuthenticate',
+        'authenticatecallback' => 'authAuthenticateCallback',
         'exists' => 'authUserExists',
         'list' => 'authUserList',
         'loginparams' => 'authLoginParams',
@@ -77,6 +78,29 @@ class Horde_Auth_Application extends Horde_Auth_Base
     }
 
     /**
+     * Finds out if a set of login credentials are valid, and if requested,
+     * mark the user as logged in in the current session.
+     *
+     * @param string $userId      The userId to check.
+     * @param array $credentials  The credentials to check.
+     * @param boolean $login      Whether to log the user in. If false, we'll
+     *                            only test the credentials and won't modify
+     *                            the current session. Defaults to true.
+     *
+     * @return boolean  Whether or not the credentials are valid.
+     */
+    public function authenticate($userId, $credentials, $login = true)
+    {
+        if (!parent::authenticate($userId, $credentials, $login)) {
+            return false;
+        }
+
+        $this->_authCallback();
+
+        return true;
+    }
+
+    /**
      * Find out if a set of login credentials are valid.
      *
      * @param string $userId      The userId to check.
@@ -192,6 +216,23 @@ class Horde_Auth_Application extends Horde_Auth_Base
     }
 
     /**
+     * Automatic authentication.
+     *
+     * @return boolean  Whether or not the client is allowed.
+     * @throws Horde_Auth_Exception
+     */
+    public function transparent()
+    {
+        if (!parent::transparent()) {
+            return false;
+        }
+
+        $this->_authCallback();
+
+        return true;
+    }
+
+    /**
      * Attempt transparent authentication.
      *
      * @return boolean  Whether transparent login is supported.
@@ -256,4 +297,18 @@ class Horde_Auth_Application extends Horde_Auth_Base
         }
     }
 
+    /**
+     * Provide way to finish authentication tasks in an application and ensure
+     * that the full application environment is loaded.
+     *
+     * @throws Horde_Auth_Exception
+     */
+    protected function _authCallback()
+    {
+        if ($this->hasCapability('authenticatecallback')) {
+            $registry = Horde_Registry::singleton();
+            $registry->callByPackage($this->_params['app'], $this->_apiMethods['authenticatecallback']);
+        }
+    }
+
 }