authentication-procs.tcl

Tcl API for authentication, account management, and account registration.

Location:
packages/acs-authentication/tcl/authentication-procs.tcl
Created:
2003-05-13
Author:
Lars Pind <lars@collaobraid.biz>
CVS Identification:
$Id: authentication-procs.tcl,v 1.114.2.32 2024/08/28 10:06:11 gustafn Exp $

Procedures in this file

Detailed information

auth::UseEmailForLoginP (public)

 auth::UseEmailForLoginP

Do we use email address for login?

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_registration_implementations auth_registration_implementations (test acs-authentication) auth::UseEmailForLoginP auth::UseEmailForLoginP test_auth_registration_implementations->auth::UseEmailForLoginP test_auth_use_email_for_login_p auth_use_email_for_login_p (test acs-authentication) test_auth_use_email_for_login_p->auth::UseEmailForLoginP test_password_recovery_page password_recovery_page (test acs-subsite) test_password_recovery_page->auth::UseEmailForLoginP ad_acs_kernel_id ad_acs_kernel_id (public) auth::UseEmailForLoginP->ad_acs_kernel_id parameter::get parameter::get (public) auth::UseEmailForLoginP->parameter::get auth::authenticate auth::authenticate (public) auth::authenticate->auth::UseEmailForLoginP auth::create_local_account auth::create_local_account (public) auth::create_local_account->auth::UseEmailForLoginP auth::local::password::ChangePassword auth::local::password::ChangePassword (private) auth::local::password::ChangePassword->auth::UseEmailForLoginP auth::local::registration::GetElements auth::local::registration::GetElements (private) auth::local::registration::GetElements->auth::UseEmailForLoginP auth::password::email_password auth::password::email_password (private) auth::password::email_password->auth::UseEmailForLoginP

Testcases:
auth_use_email_for_login_p, auth_registration_implementations, password_recovery_page

auth::authenticate (public)

 auth::authenticate [ -return_url return_url ] \
    [ -authority_id authority_id ] [ -username username ] \
    [ -email email ] -password password [ -persistent ] [ -no_cookie ] \
    [ -first_names first_names ] [ -last_name last_name ] \
    [ -host_node_id host_node_id ]

Try to authenticate and login the user forever by validating the username/password combination, and return authentication and account status codes.

Switches:
-return_url (optional)
If specified, this can be included in account status messages.
-authority_id (optional)
The ID of the authority to ask to verify the user. Defaults to local authority.
-username (optional)
Authority specific username of the user.
-email (optional)
User's email address. You must supply either username or email.
-password (required)
The password as the user entered it.
-persistent (optional, boolean)
Set this if you want a permanent login cookie
-no_cookie (optional, boolean)
Set this if you don't want to issue a login cookie
-first_names (optional)
-last_name (optional)
-host_node_id (optional)
Optional parameter used to determine the cookie domain from the host_node_map
Returns:
Array list with the following entries:
  • auth_status: Whether authentication succeeded. ok, no_account, bad_password, auth_error, failed_to_connect
  • auth_message: Human-readable message about what went wrong. Guaranteed to be set if auth_status is not ok. Should be ignored if auth_status is ok. May contain HTML.
  • account_status: Account status from authentication server. ok, closed.
  • account_url: A URL to redirect the user to. Could e.g. ask the user to update his password.
  • account_message: Human-readable message about account status. Guaranteed to be set if auth_status is not ok and account_url is empty. If nonempty, must be relayed to the user regardless of account_status. May contain HTML. This proc is responsible for concatenating any remote and/or local account messages into one single message which can be displayed to the user.
  • user_id: Set to local user_id if auth_status is ok.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_authenticate auth_authenticate (test acs-authentication) auth::authenticate auth::authenticate test_auth_authenticate->auth::authenticate test_auth_use_email_for_login_p auth_use_email_for_login_p (test acs-authentication) test_auth_use_email_for_login_p->auth::authenticate _ _ (public) auth::authenticate->_ acs_user::get_user_info acs_user::get_user_info (public) auth::authenticate->acs_user::get_user_info acs_user::registered_user_p acs_user::registered_user_p (public) auth::authenticate->acs_user::registered_user_p ad_conn ad_conn (public) auth::authenticate->ad_conn ad_log ad_log (public) auth::authenticate->ad_log http_auth::set_user_id http_auth::set_user_id (public) http_auth::set_user_id->auth::authenticate oacs_dav::set_user_id oacs_dav::set_user_id (public) oacs_dav::set_user_id->auth::authenticate packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->auth::authenticate packages/acs-subsite/www/register/auto-login.tcl packages/acs-subsite/ www/register/auto-login.tcl packages/acs-subsite/www/register/auto-login.tcl->auth::authenticate packages/acs-subsite/www/user/password-update.tcl packages/acs-subsite/ www/user/password-update.tcl packages/acs-subsite/www/user/password-update.tcl->auth::authenticate

Testcases:
auth_authenticate, auth_use_email_for_login_p

auth::authentication::authenticate (public)

 auth::authentication::authenticate -authority_id authority_id \
    -username username -password password

Invoke the Authenticate service contract operation for the given authority.

Switches:
-authority_id (required)
The ID of the authority to ask to verify the user.
-username (required)
Username of the user.
-password (required)
The password as the user entered it.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_password_reset auth_password_reset (test acs-authentication) auth::authentication::authenticate auth::authentication::authenticate test_auth_password_reset->auth::authentication::authenticate acs_sc::invoke acs_sc::invoke (public) auth::authentication::authenticate->acs_sc::invoke auth::authority::get_element auth::authority::get_element (public) auth::authentication::authenticate->auth::authority::get_element auth::driver::get_parameter_values auth::driver::get_parameter_values (public) auth::authentication::authenticate->auth::driver::get_parameter_values auth::authenticate auth::authenticate (public) auth::authenticate->auth::authentication::authenticate

Testcases:
auth_password_reset

auth::can_admin_system_without_authority_p (public)

 auth::can_admin_system_without_authority_p -authority_id authority_id

Before disabling or deleting an authority we need to check that there is at least one site-wide admin in a different authority that can administer the system.

Switches:
-authority_id (required)
Returns:
boolean
Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__can_admin_system_without_authority_p auth__can_admin_system_without_authority_p (test acs-authentication) auth::can_admin_system_without_authority_p auth::can_admin_system_without_authority_p test_auth__can_admin_system_without_authority_p->auth::can_admin_system_without_authority_p db_0or1row db_0or1row (public) auth::can_admin_system_without_authority_p->db_0or1row packages/acs-admin/www/auth/authority-delete.tcl packages/acs-admin/ www/auth/authority-delete.tcl packages/acs-admin/www/auth/authority-delete.tcl->auth::can_admin_system_without_authority_p packages/acs-admin/www/auth/authority-set-enabled-p.tcl packages/acs-admin/ www/auth/authority-set-enabled-p.tcl packages/acs-admin/www/auth/authority-set-enabled-p.tcl->auth::can_admin_system_without_authority_p

Testcases:
auth__can_admin_system_without_authority_p

auth::check_local_account_status (private)

 auth::check_local_account_status [ -return_url return_url ] \
    [ -no_dialogue ] -user_id user_id -authority_id authority_id \
    -member_state member_state -email email \
    -email_verified_p email_verified_p -screen_name screen_name \
    -password_age_days password_age_days

Check the account status of a user with the given parameters.

Switches:
-return_url (optional)
-no_dialogue (optional, boolean)
If specified, will not send out email or in other ways converse with the user
-user_id (required)
-authority_id (required)
-member_state (required)
-email (required)
-email_verified_p (required)
-screen_name (required)
-password_age_days (required)
Returns:
An array-list with account_status, account_url and account_message

Partial Call Graph (max 5 caller/called nodes):
%3 auth::get_local_account auth::get_local_account (private) auth::check_local_account_status auth::check_local_account_status auth::get_local_account->auth::check_local_account_status auth::get_local_account_status auth::get_local_account_status (public) auth::get_local_account_status->auth::check_local_account_status _ _ (public) auth::check_local_account_status->_ acs_user::ScreenName acs_user::ScreenName (public) auth::check_local_account_status->acs_user::ScreenName ad_acs_kernel_id ad_acs_kernel_id (public) auth::check_local_account_status->ad_acs_kernel_id ad_log ad_log (public) auth::check_local_account_status->ad_log ad_system_name ad_system_name (public) auth::check_local_account_status->ad_system_name

Testcases:
No testcase defined.

auth::create_local_account (public)

 auth::create_local_account [ -user_id user_id ] \
    -authority_id authority_id [ -username username ] -array array

Create the local account for a user.

Switches:
-user_id (optional)
-authority_id (required)
-username (optional)
-array (required)
Name of an array containing the registration elements to update. Fields are specified by auth::get_all_registration_elements
Returns:
Array list containing the following entries:
  • creation_status: ok, data_error, reg_error, failed_to_connect. Says whether user creation succeeded.
  • creation_message: Information about the problem, to be relayed to the user. If creation_status is not ok, then either creation_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. May contain HTML.
  • element_messages: list of (element_name, message, element_name, message, ...) of errors on the individual registration elements. to be relayed on to the user. If creation_status is not ok, then either creation_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. Cannot contain HTML.
  • account_status: ok, closed. Only set if creation_status was ok, this says whether the newly created account is ready for use or not. For example, we may require approval, in which case the account would be created but closed.
  • account_message: A human-readable explanation of why the account was closed. May include HTML, and thus shouldn't be quoted. Guaranteed to be nonempty if account_status is not ok.
All entries are guaranteed to always be set, but may be empty.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_use_email_for_login_p auth_use_email_for_login_p (test acs-authentication) auth::create_local_account auth::create_local_account test_auth_use_email_for_login_p->auth::create_local_account _ _ (public) auth::create_local_account->_ acs_user::get_by_username acs_user::get_by_username (public) auth::create_local_account->acs_user::get_by_username acs_user::get_user_info acs_user::get_user_info (public) auth::create_local_account->acs_user::get_user_info ad_conn ad_conn (public) auth::create_local_account->ad_conn ad_log ad_log (public) auth::create_local_account->ad_log auth::create_user auth::create_user (public) auth::create_user->auth::create_local_account auth::get_local_account auth::get_local_account (private) auth::get_local_account->auth::create_local_account auth::sync::job::action auth::sync::job::action (public) auth::sync::job::action->auth::create_local_account install::xml::action::create-user install::xml::action::create-user (public) install::xml::action::create-user->auth::create_local_account

Testcases:
auth_use_email_for_login_p

auth::create_local_account_helper (private)

 auth::create_local_account_helper email first_names last_name password \
    password_question password_answer [ url ] [ email_verified_p ] \
    [ member_state ] [ user_id ] [ username ] [ authority_id ] \
    [ screen_name ]

Creates a new user in the system. The user_id can be specified as an argument to enable double click protection. If this procedure succeeds, returns the new user_id. Otherwise, returns 0.

Parameters:
email (required)
first_names (required)
last_name (required)
password (required)
password_question (required)
password_answer (required)
url (optional)
email_verified_p (optional, defaults to "t")
member_state (optional, defaults to "approved")
user_id (optional)
username (optional)
authority_id (optional)
screen_name (optional)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 auth::create_local_account auth::create_local_account (public) auth::create_local_account_helper auth::create_local_account_helper auth::create_local_account->auth::create_local_account_helper acs_user_extension::user_new acs_user_extension::user_new (public) auth::create_local_account_helper->acs_user_extension::user_new ad_conn ad_conn (public) auth::create_local_account_helper->ad_conn ad_log ad_log (public) auth::create_local_account_helper->ad_log ad_try ad_try (public) auth::create_local_account_helper->ad_try db_dml db_dml (public) auth::create_local_account_helper->db_dml

Testcases:
No testcase defined.

auth::create_user (public)

 auth::create_user [ -verify_password_confirm ] [ -user_id user_id ] \
    [ -username username ] -email email [ -first_names first_names ] \
    [ -last_name last_name ] [ -screen_name screen_name ] \
    [ -password password ] [ -password_confirm password_confirm ] \
    [ -url url ] [ -secret_question secret_question ] \
    [ -secret_answer secret_answer ] \
    [ -email_verified_p email_verified_p ] [ -nologin ] \
    [ -authority_id authority_id ]

Create a user, and return creation status and account status.

Switches:
-verify_password_confirm (optional, boolean)
Set this flag if you want the proc to verify that password and password_confirm match for you.
-user_id (optional)
-username (optional)
-email (required)
-first_names (optional)
-last_name (optional)
-screen_name (optional)
-password (optional)
-password_confirm (optional)
-url (optional)
-secret_question (optional)
-secret_answer (optional)
-email_verified_p (optional)
Whether the local account considers the email to be verified or not.
-nologin (optional, boolean)
-authority_id (optional)
create user in the specified authority. Defaults to the register authority of the subsite.
Returns:
Array list containing the following entries:
  • creation_status: ok, data_error, reg_error, failed_to_connect. Says whether user creation succeeded.
  • creation_message: Information about the problem, to be relayed to the user. If creation_status is not ok, then either creation_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. May contain HTML.
  • element_messages: list of (element_name, message, element_name, message, ...) of errors on the individual registration elements. to be relayed on to the user. If creation_status is not ok, then either creation_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. Cannot contain HTML.
  • account_status: ok, closed. Only set if creation_status was ok, this says whether the newly created account is ready for use or not. For example, we may require approval, in which case the account would be created but closed.
  • account_message: A human-readable explanation of why the account was closed. May include HTML, and thus shouldn't be quoted. Guaranteed to be nonempty if account_status is not ok.
  • user_id: The user_id of the created user. Only when creation_status is ok.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_authenticate auth_authenticate (test acs-authentication) auth::create_user auth::create_user test_auth_authenticate->auth::create_user test_auth_create_user auth_create_user (test acs-authentication) test_auth_create_user->auth::create_user test_auth_email_on_password_change auth_email_on_password_change (test acs-authentication) test_auth_email_on_password_change->auth::create_user test_auth_password_change auth_password_change (test acs-authentication) test_auth_password_change->auth::create_user test_auth_password_reset auth_password_reset (test acs-authentication) test_auth_password_reset->auth::create_user _ _ (public) auth::create_user->_ ad_conn ad_conn (public) auth::create_user->ad_conn ad_log ad_log (public) auth::create_user->ad_log ad_system_name ad_system_name (public) auth::create_user->ad_system_name ad_user_login ad_user_login (public) auth::create_user->ad_user_login acs::test::user::create acs::test::user::create (public) acs::test::user::create->auth::create_user install::xml::action::create-user install::xml::action::create-user (public) install::xml::action::create-user->auth::create_user packages/acs-admin/www/users/user-batch-add-2.tcl packages/acs-admin/ www/users/user-batch-add-2.tcl packages/acs-admin/www/users/user-batch-add-2.tcl->auth::create_user packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->auth::create_user packages/acs-subsite/www/admin/users/new.tcl packages/acs-subsite/ www/admin/users/new.tcl packages/acs-subsite/www/admin/users/new.tcl->auth::create_user

Testcases:
auth_authenticate, auth_create_user, auth_password_change, auth_password_reset, auth_use_email_for_login_p, auth_email_on_password_change, person_procs_test, party_procs_test

auth::delete_local_account (public)

 auth::delete_local_account -authority_id authority_id \
    -username username

Delete the local account for a user.

Switches:
-authority_id (required)
-username (required)
Returns:
Array list containing the following entries:
  • delete_status: ok, delete_error, failed_to_connect. Says whether user deletion succeeded.
  • delete_message: Information about the problem, to be relayed to the user. If delete_status is not ok, then delete_message is guaranteed to be nonempty. May contain HTML.
All entries are guaranteed to always be set, but may be empty.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__delete_local_account auth__delete_local_account (test acs-authentication) auth::delete_local_account auth::delete_local_account test_auth__delete_local_account->auth::delete_local_account _ _ (public) auth::delete_local_account->_ acs_user::ban acs_user::ban (public) auth::delete_local_account->acs_user::ban acs_user::get_by_username acs_user::get_by_username (public) auth::delete_local_account->acs_user::get_by_username auth::sync::job::action auth::sync::job::action (public) auth::sync::job::action->auth::delete_local_account

Testcases:
auth__delete_local_account

auth::get_all_registration_elements (public)

 auth::get_all_registration_elements [ -include_password_confirm ]

Get the list of possible registration elements.

Switches:
-include_password_confirm (optional, boolean)

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__get_all_registration_elements auth__get_all_registration_elements (test acs-authentication) auth::get_all_registration_elements auth::get_all_registration_elements test_auth__get_all_registration_elements->auth::get_all_registration_elements auth::create_local_account auth::create_local_account (public) auth::create_local_account->auth::get_all_registration_elements auth::create_user auth::create_user (public) auth::create_user->auth::get_all_registration_elements auth::get_registration_form_elements auth::get_registration_form_elements (public) auth::get_registration_form_elements->auth::get_all_registration_elements install::xml::action::create-user install::xml::action::create-user (public) install::xml::action::create-user->auth::get_all_registration_elements

Testcases:
auth__get_all_registration_elements

auth::get_local_account (private)

 auth::get_local_account [ -return_url return_url ] -username username \
    [ -authority_id authority_id ] [ -email email ] \
    [ -first_names first_names ] [ -last_name last_name ]

Get the user_id of the local account for the given username and domain combination.

Switches:
-return_url (optional)
-username (required)
The username to find
-authority_id (optional)
The ID of the authority to ask to verify the user. Leave blank for local authority.
-email (optional)
-first_names (optional)
-last_name (optional)

Partial Call Graph (max 5 caller/called nodes):
%3 auth::authenticate auth::authenticate (public) auth::get_local_account auth::get_local_account auth::authenticate->auth::get_local_account _ _ (public) auth::get_local_account->_ acs_user::get acs_user::get (public) auth::get_local_account->acs_user::get acs_user::get_by_username acs_user::get_by_username (public) auth::get_local_account->acs_user::get_by_username acs_user::get_user_info acs_user::get_user_info (public) auth::get_local_account->acs_user::get_user_info ad_html_text_convert ad_html_text_convert (public) auth::get_local_account->ad_html_text_convert

Testcases:
No testcase defined.

auth::get_local_account_status (public)

 auth::get_local_account_status -user_id user_id

Return 'ok', 'closed', or 'no_account'

Switches:
-user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__delete_local_account auth__delete_local_account (test acs-authentication) auth::get_local_account_status auth::get_local_account_status test_auth__delete_local_account->auth::get_local_account_status acs_user::get_user_info acs_user::get_user_info (public) auth::get_local_account_status->acs_user::get_user_info ad_try ad_try (public) auth::get_local_account_status->ad_try auth::check_local_account_status auth::check_local_account_status (private) auth::get_local_account_status->auth::check_local_account_status party::get party::get (public) auth::get_local_account_status->party::get auth::local::user_info::GetUserInfo auth::local::user_info::GetUserInfo (private) auth::local::user_info::GetUserInfo->auth::get_local_account_status sec_login_handler sec_login_handler (public) sec_login_handler->auth::get_local_account_status

Testcases:
auth__delete_local_account

auth::get_register_authority (public)

 auth::get_register_authority

Get the ID of the authority in which accounts get created. Is based on the RegisterAuthority parameter but will default to the local authority if that parameter has an invalid value.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__get_register_authority auth__get_register_authority (test acs-authentication) auth::get_register_authority auth::get_register_authority test_auth__get_register_authority->auth::get_register_authority auth::authority::get auth::authority::get (public) auth::get_register_authority->auth::authority::get auth::authority::get_id auth::authority::get_id (public) auth::get_register_authority->auth::authority::get_id auth::authority::get_short_names auth::authority::get_short_names (public) auth::get_register_authority->auth::authority::get_short_names auth::authority::local auth::authority::local (public) auth::get_register_authority->auth::authority::local parameter::get_from_package_key parameter::get_from_package_key (public) auth::get_register_authority->parameter::get_from_package_key auth::create_user auth::create_user (public) auth::create_user->auth::get_register_authority auth::get_registration_elements auth::get_registration_elements (public) auth::get_registration_elements->auth::get_register_authority packages/acs-admin/www/auth/index.tcl packages/acs-admin/ www/auth/index.tcl packages/acs-admin/www/auth/index.tcl->auth::get_register_authority packages/acs-subsite/lib/login.tcl packages/acs-subsite/ lib/login.tcl packages/acs-subsite/lib/login.tcl->auth::get_register_authority xo::ProtocolHandler instproc set_user_id xo::ProtocolHandler instproc set_user_id (public) xo::ProtocolHandler instproc set_user_id->auth::get_register_authority

Testcases:
auth__get_register_authority

auth::get_registration_elements (public)

 auth::get_registration_elements

Get the list of required/optional elements for user registration.

Returns:
Array-list with two entries
  • required: a list of required elements
  • optional: a list of optional elements
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_get_registration_elements auth_get_registration_elements (test acs-authentication) auth::get_registration_elements auth::get_registration_elements test_auth_get_registration_elements->auth::get_registration_elements test_auth_use_email_for_login_p auth_use_email_for_login_p (test acs-authentication) test_auth_use_email_for_login_p->auth::get_registration_elements acs_user::ScreenName acs_user::ScreenName (public) auth::get_registration_elements->acs_user::ScreenName auth::get_register_authority auth::get_register_authority (public) auth::get_registration_elements->auth::get_register_authority auth::registration::GetElements auth::registration::GetElements (private) auth::get_registration_elements->auth::registration::GetElements auth::get_registration_form_elements auth::get_registration_form_elements (public) auth::get_registration_form_elements->auth::get_registration_elements packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->auth::get_registration_elements

Testcases:
auth_get_registration_elements, auth_use_email_for_login_p

auth::get_registration_form_elements (public)

 auth::get_registration_form_elements

Returns a list of elements to be included in the -form chunk of an ad_form form. All possible elements will always be present, but those that shouldn't be displayed will be hidden and have a hard-coded empty string value.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth_get_registration_form_elements auth_get_registration_form_elements (test acs-authentication) auth::get_registration_form_elements auth::get_registration_form_elements test_auth_get_registration_form_elements->auth::get_registration_form_elements _ _ (public) auth::get_registration_form_elements->_ auth::get_all_registration_elements auth::get_all_registration_elements (public) auth::get_registration_form_elements->auth::get_all_registration_elements auth::get_registration_elements auth::get_registration_elements (public) auth::get_registration_form_elements->auth::get_registration_elements packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->auth::get_registration_form_elements

Testcases:
auth_get_registration_form_elements

auth::get_user_id (public)

 auth::get_user_id [ -level level ] [ -account_status account_status ]

Get the current user_id with at least the level of security specified. If no user is logged in, or the user is not logged in at a sufficiently high security level, return 0.

Switches:
-level (optional, defaults to "ok")
-account_status (optional, defaults to "ok")
Returns:
user_id of user, if the user is logged in, 0 otherwise.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__get_user_id auth__get_user_id (test acs-authentication) auth::get_user_id auth::get_user_id test_auth__get_user_id->auth::get_user_id ad_conn ad_conn (public) auth::get_user_id->ad_conn security::https_available_p security::https_available_p (public) auth::get_user_id->security::https_available_p auth::require_login auth::require_login (public) auth::require_login->auth::get_user_id packages/acs-subsite/lib/user-info.tcl packages/acs-subsite/ lib/user-info.tcl packages/acs-subsite/lib/user-info.tcl->auth::get_user_id packages/acs-subsite/www/pvt/unsubscribe.tcl packages/acs-subsite/ www/pvt/unsubscribe.tcl packages/acs-subsite/www/pvt/unsubscribe.tcl->auth::get_user_id packages/acs-subsite/www/register/user-join.tcl packages/acs-subsite/ www/register/user-join.tcl packages/acs-subsite/www/register/user-join.tcl->auth::get_user_id

Testcases:
auth__get_user_id

auth::get_user_secret_token (public)

 auth::get_user_secret_token -user_id user_id

Get a secret token for the user. Can be used for email verification purposes.

Switches:
-user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_acs_subsite_test_email_confirmation acs_subsite_test_email_confirmation (test acs-subsite) auth::get_user_secret_token auth::get_user_secret_token test_acs_subsite_test_email_confirmation->auth::get_user_secret_token sec_get_token sec_get_token (public) auth::get_user_secret_token->sec_get_token acs::test::confirm_email acs::test::confirm_email (public) acs::test::confirm_email->auth::get_user_secret_token auth::send_email_verification_email auth::send_email_verification_email (private) auth::send_email_verification_email->auth::get_user_secret_token packages/acs-subsite/lib/email-confirm.tcl packages/acs-subsite/ lib/email-confirm.tcl packages/acs-subsite/lib/email-confirm.tcl->auth::get_user_secret_token

Testcases:
acs_subsite_test_email_confirmation

auth::issue_login (public, deprecated)

 auth::issue_login -user_id user_id [ -account_status account_status ] \
    [ -cookie_domain cookie_domain ] [ -persistent ]
Deprecated. Invoking this procedure generates a warning.

Issue the login cookie. DEPRECATED: just a trivial wrapper of ad_user_login

Switches:
-user_id (required)
-account_status (optional, defaults to "ok")
-cookie_domain (optional)
-persistent (optional, boolean)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) ad_user_login ad_user_login (public) auth::issue_login auth::issue_login auth::issue_login->ad_log_deprecated auth::issue_login->ad_user_login

Testcases:
No testcase defined.

auth::login_attempts::get_all (public)

 auth::login_attempts::get_all

Get all failed login attempts

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__login_attempts auth__login_attempts (test acs-authentication) auth::login_attempts::get_all auth::login_attempts::get_all test_auth__login_attempts->auth::login_attempts::get_all auth::login_attempts::all_entries auth::login_attempts::all_entries (private) auth::login_attempts::get_all->auth::login_attempts::all_entries packages/acs-admin/www/auth/login-attempts.tcl packages/acs-admin/ www/auth/login-attempts.tcl packages/acs-admin/www/auth/login-attempts.tcl->auth::login_attempts::get_all

Testcases:
auth__login_attempts

auth::login_attempts::record (private)

 auth::login_attempts::record [ -login_attempt_key login_attempt_key ]

Record a failed login attempt

Switches:
-login_attempt_key (optional, defaults to "[ad_conn peeraddr]-[ad_conn subsite_id]")
Identifier of this login attempt. Defaults to "[ad_conn peeraddr]-[ad_conn subsite]"

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__login_attempts auth__login_attempts (test acs-authentication) auth::login_attempts::record auth::login_attempts::record test_auth__login_attempts->auth::login_attempts::record auth::login_attempts::login_attempt_incr auth::login_attempts::login_attempt_incr (private) auth::login_attempts::record->auth::login_attempts::login_attempt_incr parameter::get_from_package_key parameter::get_from_package_key (public) auth::login_attempts::record->parameter::get_from_package_key auth::authenticate auth::authenticate (public) auth::authenticate->auth::login_attempts::record

Testcases:
auth__login_attempts

auth::login_attempts::reset (public)

 auth::login_attempts::reset [ -login_attempt_key login_attempt_key ]

Flush the recorded failed login attempt for the provided login_attempt_key

Switches:
-login_attempt_key (optional, defaults to "[ad_conn peeraddr]-[ad_conn subsite_id]")
Identifier of this login attempt. Defaults to "[ad_conn peeraddr]-[ad_conn subsite]"

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__login_attempts auth__login_attempts (test acs-authentication) auth::login_attempts::reset auth::login_attempts::reset test_auth__login_attempts->auth::login_attempts::reset auth::login_attempts::login_attempt_flush auth::login_attempts::login_attempt_flush (private) auth::login_attempts::reset->auth::login_attempts::login_attempt_flush auth::authenticate auth::authenticate (public) auth::authenticate->auth::login_attempts::reset packages/acs-admin/www/auth/login-attempts-reset.tcl packages/acs-admin/ www/auth/login-attempts-reset.tcl packages/acs-admin/www/auth/login-attempts-reset.tcl->auth::login_attempts::reset

Testcases:
auth__login_attempts

auth::login_attempts::reset_all (public)

 auth::login_attempts::reset_all

Flush all recorded failed login attempts

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__login_attempts auth__login_attempts (test acs-authentication) auth::login_attempts::reset_all auth::login_attempts::reset_all test_auth__login_attempts->auth::login_attempts::reset_all auth::login_attempts::flush_all auth::login_attempts::flush_all (private) auth::login_attempts::reset_all->auth::login_attempts::flush_all packages/acs-admin/www/auth/login-attempts-reset.tcl packages/acs-admin/ www/auth/login-attempts-reset.tcl packages/acs-admin/www/auth/login-attempts-reset.tcl->auth::login_attempts::reset_all

Testcases:
auth__login_attempts

auth::login_attempts::threshold_reached_p (private)

 auth::login_attempts::threshold_reached_p \
    [ -login_attempt_key login_attempt_key ]

Check if the maximum number of consecutive failed login attempts has been reached

Switches:
-login_attempt_key (optional, defaults to "[ad_conn peeraddr]-[ad_conn subsite_id]")
Identifier of this login attempt. Defaults to "[ad_conn peeraddr]-[ad_conn subsite]"
Returns:
1 if limit has been reached otherwise 0

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__login_attempts auth__login_attempts (test acs-authentication) auth::login_attempts::threshold_reached_p auth::login_attempts::threshold_reached_p test_auth__login_attempts->auth::login_attempts::threshold_reached_p auth::login_attempts::get auth::login_attempts::get (private) auth::login_attempts::threshold_reached_p->auth::login_attempts::get parameter::get_from_package_key parameter::get_from_package_key (public) auth::login_attempts::threshold_reached_p->parameter::get_from_package_key auth::authenticate auth::authenticate (public) auth::authenticate->auth::login_attempts::threshold_reached_p

Testcases:
auth__login_attempts

auth::refresh_login (public)

 auth::refresh_login

If there currently is a user associated with this session, but the user's authentication is expired, redirect the user to refresh his/her login. This allows for users to not be logged in, but if the user is logged in, then we require that the authentication is not expired.

Returns:
user_id of user, if the user is logged in and auth_status is not expired, or 0 if the user is not logged in. If user's auth_status is expired, this proc will issue a returnredirect and abort the current page.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__refresh_login auth__refresh_login (test acs-authentication) auth::refresh_login auth::refresh_login test_auth__refresh_login->auth::refresh_login ad_conn ad_conn (public) auth::refresh_login->ad_conn ad_get_login_url ad_get_login_url (public) auth::refresh_login->ad_get_login_url ad_returnredirect ad_returnredirect (public) auth::refresh_login->ad_returnredirect ad_script_abort ad_script_abort (public) auth::refresh_login->ad_script_abort sec_login_get_external_registry sec_login_get_external_registry (public) auth::refresh_login->sec_login_get_external_registry packages/forums/www/message-post.tcl packages/forums/ www/message-post.tcl packages/forums/www/message-post.tcl->auth::refresh_login

Testcases:
auth__refresh_login

auth::registration::GetElements (private)

 auth::registration::GetElements -authority_id authority_id
Switches:
-authority_id (required)
Author:
Peter Marklund

Partial Call Graph (max 5 caller/called nodes):
%3 auth::get_registration_elements auth::get_registration_elements (public) auth::registration::GetElements auth::registration::GetElements auth::get_registration_elements->auth::registration::GetElements auth::registration::create_contract auth::registration::create_contract (private) auth::registration::create_contract->auth::registration::GetElements acs_sc::invoke acs_sc::invoke (public) auth::registration::GetElements->acs_sc::invoke auth::authority::get_element auth::authority::get_element (public) auth::registration::GetElements->auth::authority::get_element auth::driver::get_parameter_values auth::driver::get_parameter_values (public) auth::registration::GetElements->auth::driver::get_parameter_values

Testcases:
No testcase defined.

auth::registration::Register (private)

 auth::registration::Register -authority_id authority_id \
    [ -username username ] [ -password password ] \
    [ -first_names first_names ] [ -last_name last_name ] \
    [ -screen_name screen_name ] [ -email email ] [ -url url ] \
    [ -secret_question secret_question ] \
    [ -secret_answer secret_answer ]

Invoke the Register service contract operation for the given authority.

Switches:
-authority_id (required)
Id of the authority.
-username (optional)
-password (optional)
-first_names (optional)
-last_name (optional)
-screen_name (optional)
-email (optional)
-url (optional)
-secret_question (optional)
-secret_answer (optional)

Partial Call Graph (max 5 caller/called nodes):
%3 auth::create_user auth::create_user (public) auth::registration::Register auth::registration::Register auth::create_user->auth::registration::Register auth::registration::create_contract auth::registration::create_contract (private) auth::registration::create_contract->auth::registration::Register acs_sc::invoke acs_sc::invoke (public) auth::registration::Register->acs_sc::invoke auth::authority::get_element auth::authority::get_element (public) auth::registration::Register->auth::authority::get_element auth::driver::get_parameter_values auth::driver::get_parameter_values (public) auth::registration::Register->auth::driver::get_parameter_values

Testcases:
No testcase defined.

auth::require_login (public)

 auth::require_login [ -level level ] \
    [ -account_status account_status ]

If the current session is not authenticated, redirect to the login page, and aborts the current page script. Otherwise, returns the user_id of the user logged in. Use this in a page script to ensure that only registered and authenticated users can execute the page, for example for posting to a forum.

Switches:
-level (optional, defaults to "ok")
-account_status (optional, defaults to "ok")
Returns:
user_id of user, if the user is logged in. Otherwise will issue a returnredirect and abort the current page.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_link_tests link_tests (test xowiki) auth::require_login auth::require_login test_link_tests->auth::require_login test_package_normalize_path package_normalize_path (test xowiki) test_package_normalize_path->auth::require_login test_path_resolve path_resolve (test xowiki) test_path_resolve->auth::require_login test_slot_interactions slot_interactions (test xowiki) test_slot_interactions->auth::require_login test_xowiki_test_cases xowiki_test_cases (test xowiki) test_xowiki_test_cases->auth::require_login _ _ (public) auth::require_login->_ ad_conn ad_conn (public) auth::require_login->ad_conn ad_get_login_url ad_get_login_url (public) auth::require_login->ad_get_login_url ad_returnredirect ad_returnredirect (public) auth::require_login->ad_returnredirect ad_script_abort ad_script_abort (public) auth::require_login->ad_script_abort Class ::Generic::Form Class ::Generic::Form (public) Class ::Generic::Form->auth::require_login ad_restrict_entire_server_to_registered_users ad_restrict_entire_server_to_registered_users (public) ad_restrict_entire_server_to_registered_users->auth::require_login auth::self_registration auth::self_registration (public) auth::self_registration->auth::require_login ds_require_permission ds_require_permission (private) ds_require_permission->auth::require_login notification::security::require_admin_request notification::security::require_admin_request (public) notification::security::require_admin_request->auth::require_login

Testcases:
package_normalize_path, xowiki_test_cases, link_tests, slot_interactions, path_resolve

auth::self_registration (public)

 auth::self_registration

Check AllowSelfRegister parameter and set user message if self registration not allowed.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__self_registration auth__self_registration (test acs-authentication) auth::self_registration auth::self_registration test_auth__self_registration->auth::self_registration ad_conn ad_conn (public) auth::self_registration->ad_conn auth::require_login auth::require_login (public) auth::self_registration->auth::require_login parameter::get_from_package_key parameter::get_from_package_key (public) auth::self_registration->parameter::get_from_package_key util_user_message util_user_message (public) auth::self_registration->util_user_message packages/acs-subsite/lib/user-new.tcl packages/acs-subsite/ lib/user-new.tcl packages/acs-subsite/lib/user-new.tcl->auth::self_registration

Testcases:
auth__self_registration

auth::send_email_verification_email (private)

 auth::send_email_verification_email -user_id user_id

Sends out an email to the user that lets them verify their email. Throws an error if we couldn't send out the email.

Switches:
-user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 auth::check_local_account_status auth::check_local_account_status (private) auth::send_email_verification_email auth::send_email_verification_email auth::check_local_account_status->auth::send_email_verification_email auth::create_local_account auth::create_local_account (public) auth::create_local_account->auth::send_email_verification_email _ _ (public) auth::send_email_verification_email->_ acs_mail_lite::send acs_mail_lite::send (public) auth::send_email_verification_email->acs_mail_lite::send ad_conn ad_conn (public) auth::send_email_verification_email->ad_conn ad_system_name ad_system_name (public) auth::send_email_verification_email->ad_system_name ad_system_owner ad_system_owner (public) auth::send_email_verification_email->ad_system_owner

Testcases:
No testcase defined.

auth::set_email_verified (public)

 auth::set_email_verified -user_id user_id

Update an OpenACS record with the fact that the email address on record was verified.

Switches:
-user_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_acs_subsite_expose_bug_1144 acs_subsite_expose_bug_1144 (test acs-subsite) auth::set_email_verified auth::set_email_verified test_acs_subsite_expose_bug_1144->auth::set_email_verified test_auth_confirm_email auth_confirm_email (test acs-authentication) test_auth_confirm_email->auth::set_email_verified acs_user::update acs_user::update (public) auth::set_email_verified->acs_user::update packages/acs-subsite/lib/email-confirm.tcl packages/acs-subsite/ lib/email-confirm.tcl packages/acs-subsite/lib/email-confirm.tcl->auth::set_email_verified

Testcases:
auth_confirm_email, acs_subsite_expose_bug_1144

auth::update_local_account (public)

 auth::update_local_account -authority_id authority_id \
    -username username -array array

Update the local account for a user.

Switches:
-authority_id (required)
-username (required)
-array (required)
Name of an array containing the registration elements to update.
Returns:
Array list containing the following entries:
  • update_status: ok, data_error, update_error, failed_to_connect. Says whether user update succeeded.
  • update_message: Information about the problem, to be relayed to the user. If update_status is not ok, then either update_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. May contain HTML.
  • element_messages: list of (element_name, message, element_name, message, ...) of errors on the individual registration elements. to be relayed on to the user. If update_status is not ok, then either update_message or element_messages is guaranteed to be nonempty, and both are guaranteed to be in the array list. Cannot contain HTML.
All entries are guaranteed to always be set, but may be empty.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__update_local_account auth__update_local_account (test acs-authentication) auth::update_local_account auth::update_local_account test_auth__update_local_account->auth::update_local_account _ _ (public) auth::update_local_account->_ acs_user::update acs_user::update (public) auth::update_local_account->acs_user::update ad_log ad_log (public) auth::update_local_account->ad_log ad_try ad_try (public) auth::update_local_account->ad_try auth::validate_account_info auth::validate_account_info (private) auth::update_local_account->auth::validate_account_info auth::sync::job::action auth::sync::job::action (public) auth::sync::job::action->auth::update_local_account packages/acs-subsite/lib/user-info.tcl packages/acs-subsite/ lib/user-info.tcl packages/acs-subsite/lib/user-info.tcl->auth::update_local_account

Testcases:
auth__update_local_account

auth::user_info::GetUserInfo (private)

 auth::user_info::GetUserInfo -authority_id authority_id \
    -username username

Invoke the Register service contract operation for the given authority.

Switches:
-authority_id (required)
Id of the authority.
-username (required)

Partial Call Graph (max 5 caller/called nodes):
%3 auth::get_local_account auth::get_local_account (private) auth::user_info::GetUserInfo auth::user_info::GetUserInfo auth::get_local_account->auth::user_info::GetUserInfo auth::user_info::create_contract auth::user_info::create_contract (private) auth::user_info::create_contract->auth::user_info::GetUserInfo acs_sc::invoke acs_sc::invoke (public) auth::user_info::GetUserInfo->acs_sc::invoke auth::authority::get_element auth::authority::get_element (public) auth::user_info::GetUserInfo->auth::authority::get_element auth::driver::get_parameter_values auth::driver::get_parameter_values (public) auth::user_info::GetUserInfo->auth::driver::get_parameter_values

Testcases:
No testcase defined.

auth::validate_account_info (private)

 auth::validate_account_info [ -update ] -authority_id authority_id \
    -username username -user_array user_array \
    -message_array message_array

Validates user info and returns errors, if any.

Switches:
-update (optional, boolean)
Set this flag if you're updating an existing record, meaning we shouldn't check for duplicates.
-authority_id (required)
-username (required)
-user_array (required)
Name of an array in the caller's namespace which contains the registration elements.
-message_array (required)
Name of an array where you want the validation errors stored, keyed by element name.

Partial Call Graph (max 5 caller/called nodes):
%3 auth::create_local_account auth::create_local_account (public) auth::validate_account_info auth::validate_account_info auth::create_local_account->auth::validate_account_info auth::update_local_account auth::update_local_account (public) auth::update_local_account->auth::validate_account_info _ _ (public) auth::validate_account_info->_ acs_object_type acs_object_type (public) auth::validate_account_info->acs_object_type acs_user::get_by_username acs_user::get_by_username (public) auth::validate_account_info->acs_user::get_by_username acs_user::get_user_id_by_screen_name acs_user::get_user_id_by_screen_name (public) auth::validate_account_info->acs_user::get_user_id_by_screen_name acs_user::get_user_info acs_user::get_user_info (public) auth::validate_account_info->acs_user::get_user_info

Testcases:
No testcase defined.

auth::verify_account_status (public)

 auth::verify_account_status

Verify the account status of the current user, and set [ad_conn account_status] appropriately.

Partial Call Graph (max 5 caller/called nodes):
%3 test_auth__verify_account_status auth__verify_account_status (test acs-authentication) auth::verify_account_status auth::verify_account_status test_auth__verify_account_status->auth::verify_account_status sec_login_handler sec_login_handler (public) auth::verify_account_status->sec_login_handler packages/acs-admin/lib/password-update.tcl packages/acs-admin/ lib/password-update.tcl packages/acs-admin/lib/password-update.tcl->auth::verify_account_status packages/acs-subsite/lib/user-info.tcl packages/acs-subsite/ lib/user-info.tcl packages/acs-subsite/lib/user-info.tcl->auth::verify_account_status packages/acs-subsite/www/pvt/unsubscribe-2.tcl packages/acs-subsite/ www/pvt/unsubscribe-2.tcl packages/acs-subsite/www/pvt/unsubscribe-2.tcl->auth::verify_account_status packages/acs-subsite/www/register/restore-user.tcl packages/acs-subsite/ www/register/restore-user.tcl packages/acs-subsite/www/register/restore-user.tcl->auth::verify_account_status packages/acs-subsite/www/user/password-update.tcl packages/acs-subsite/ www/user/password-update.tcl packages/acs-subsite/www/user/password-update.tcl->auth::verify_account_status

Testcases:
auth__verify_account_status
[ show source ]