Joomla google authentication plugin saves new user record

Question

I've copied the Google authentication plugin for another API, but for some reason it's not saving records in Joomla. If I manually add the username and some random password, then my plugin does authenticate against the API correctly - but otherwise when trying to login I get the error message: "You cannot access the private section of this site."

I'm not looking for coding help necessarily, I just want to know how the Google authentication plugin is saving the record. I've got through the plugin several times looking for it, but I don't see it. I have to assume it has to do with the $response, but I'm setting each of the values that the google auth is. What's being called to save the record?

EDIT:

Ok, clearly I have no idea how a user is logged on to Joomla. Why doesn't this work??

public function onUserAuthenticate($credentials, $options, &$response) {
    // Load plugin language
    $this->loadLanguage();

    if (empty($credentials['password'])) {
        $response->status = JAuthentication::STATUS_FAILURE;
        $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');

        return false;
    } else {

        $response->status = JAuthentication::STATUS_SUCCESS;
        $response->error_message = '';
        $response->type = 'Mysite';
        $response->email = $credentials['username'];
        $response->username = $credentials['username'];
        $response->fullname = $credentials['username'];
    }
}

ericheimburg ericheimburg · Accepted Answer · 2014-10-22T07:53:30

For people googling this and finding nothing, let me elaborate on what's happening. If your non-stock Joomla authorization module ends up seeming to work, but no account is created on the back end and the user is immediately shown the message "You cannot access the private section of this site.", there are a couple of possible causes.

First (and least likely, since you'd have to go out of your way to do this), there is an option in the stock "User - Joomla" plugin labeled "Auto-create users". It is enabled by default. If you disable it, then users who sign in via your custom authorization module will not get accounts made for them locally, and thus they will be Guests. This is why the "you cannot access" message is being displayed -- by default, guests can't see stuff. To fix this, you can either turn that autocreate option back on (but then, I presume you had a reason to turn it off?), or you can change the permissions site-wide to allow guests to access stuff like Registered users can. Or your custom auth plugin can save the user manually itself.

The more likely cause (in my experience) is that an exception is being thrown while trying to save the new user. Unlike most places in Joomla!, any exception here is intercepted and hidden. This is because the auth module succeeded, so the log in can proceed despite any exceptions that occur. However, since the account couldn't be saved, the user is logged in as a Guest account. And since guest accounts can't access anything (by default), they're shown that message and then effectively logged out.

To find more information about what exception is being thrown, I temporarily altered the Joomla core library's JUser class. (In Joomla 3 this is in libraries/joomla/user/user.php.) Look for the save() function, and find where it is doing the try {} catch block, and in the catch, add something like

die($e->getMessage());

This will show any errors that occur during the saving process, rather than silently sweeping them under the rug.

If you need more info about where the exception is happening, you can get a stack trace by printing out the exception's getTraceAsString() method:

die("<pre>".$e->getMessage()."\n\n".$e->getTraceAsString()."</pre>");

Joomla google authentication plugin saves new user record

2 Answers