Drupal 6 外部身份验证

发布于 2024-11-18 18:17:07 字数 775 浏览 1 评论 0原文

我有一个非 Drupal 站点,它使用简单的 MySQL 用户数据库进行身份验证。我想与我的 Drupal 站点共享该用户信息。所以我猜想:

  • 有一些系统可以自动/定期地将外部用户数据库复制到Drupal用户数据库中,这样做的优点是不会干扰Drupal的登录系统;或者
  • 更改 Drupal 的登录系统,以便它根据此外部数据库检查用户名和密码,然后(知道 Drupal 喜欢将内容保留在本地)创建本地帐户(如果尚未创建)。

但这里的问题是,有两个用户数据库,如果其中一个数据库的密码等信息发生更改,则不会反映在另一个数据库上。 Drupal 需要根据外部数据库检查用户名和密码,而不保留自己的密码记录。但我还想从外部数据库获取一些配置文件信息,这会遇到重复记录的问题。

所以我想第一个解决方案是首选,但是如果脚本仅设置为每小时运行一次,那么用户在注册外部站点后一小时内无法登录到 Drupal 站点。而且它似乎是一种非常“非 Drupal”的做事方式。

另一个问题是用户必须登录两次,但 Drupal 站点是外部站点的无缝扩展,因此登录两次不是首选。但是,这是最低优先级,因为可能会出现一条消息,告诉用户“出于安全原因”再次登录。

有什么建议吗?

编辑:我确实有一定的范围来编辑外部网站。也许更简单的方法是让外部站点通过 Drupal 的用户数据库进行身份验证?最好的方法似乎是 Drupal 数据库替换外部数据库,这样外部站点的用户数据库就是 Drupal 的。或者用户只需通过 Drupal 登录,外部站点就会以某种方式知道他已经这样做了。这些听起来更简单吗?

I have a non-Drupal site which authenticates with a simple MySQL user database. I want to share that user information with my Drupal site. So I guess either:

  • have some system whereby the external user database is automatically / regularly copied into the Drupal user database, which has the advantage of not messing with Drupal's login system; or
  • change Drupal's login system so it checks the username and password against this external database and then presumably (knowing that Drupal likes to keep things local) creating a local account if it hasn't already.

The problem here though is that there are two user databases and if information such as passwords gets changed on one, this is not reflected on the other. Drupal would need to check the username and the password against the external db, and not keep its own password record. But I also want to take some profile information from the external db, and this would run into the problem of duplicate records.

So I guess the first solution is preferred, but then if the script is only set to run, say, once per hour, then the user cannot login to the Drupal site within an hour of signing up with the external site. Also it seems to be a very "non-Drupal" way of doing things.

A further problem is that the user will have to log in twice, but the Drupal site is meant to be a seamless extension of the external site so logging in twice isn't preferred. However, this is the least priority as there could be a message telling users to log in again "for security reasons".

Any suggestions??

EDIT: I do have some scope to edit the external site. Perhaps a simpler way would be to have the external site authenticate through Drupal's user db? The best way seems to be if the Drupal db replaces the external db so the external site's user db IS Drupal's. Or the user simply logs in via Drupal and the external site knows somehow that he has done so. Either of those sound simpler?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

感情洁癖 2024-11-25 18:17:08

我目前的做法是让 Drupal 针对外部数据库进行身份验证,并忽略存储在 Drupal 数据库中的密码。如果外部数据库中不存在用户名,那么它只会恢复为针对 Drupal 数据库进行正常身份验证。

在 hook_form_user_login_alter 中,您可以搜索 $form['#validate'] 数组,并将 user_login_authenticate_validate 替换为您自己的检查外部数据库的函数。

例如:

function MYMODULE_form_user_login_alter(&$form, $form_state) {
    $array_key = array_search('user_login_authenticate_validate', $form['#validate']);
    if ($array_key === FALSE) {
        $final_validator = array_pop($form['#validate']);
            $form['#validate'][] = 'mymodule_validate';
            $form['#validate'][] = $final_validator;
    }
    else {
        $form['#validate'][$array_key] = 'mymodule_validate';
    }
}

function mymodule_validate($form, &$form_state) {
    if (mymodule_user_exists($form_state['values']['name'])) {
        if (mymodule_check_password($form_state['values']['name'], $form_state['values']['pass'])) {
            user_external_login_register($form_state['values']['name'], 'mymodule');
            user_authenticate_finalize($form_state['values']);
            // maybe sync some data here
        }
    }
    else {
        user_login_authenticate_validate($form, $form_state);
    }
}

当用户注册或尝试更新其帐户时,您还可以使用 hook_user 来同步一些数据(或防止编辑)。

The way I'm currently doing it is to have Drupal authenticate against the external DB and just ignore the password stored in the Drupal DB. If the username doesn't exist in the external DB, then it just reverts to authenticating normally against the Drupal DB.

In hook_form_user_login_alter, you can search through the $form['#validate'] array and replace user_login_authenticate_validate with your own function that checks the external DB.

Something like:

function MYMODULE_form_user_login_alter(&$form, $form_state) {
    $array_key = array_search('user_login_authenticate_validate', $form['#validate']);
    if ($array_key === FALSE) {
        $final_validator = array_pop($form['#validate']);
            $form['#validate'][] = 'mymodule_validate';
            $form['#validate'][] = $final_validator;
    }
    else {
        $form['#validate'][$array_key] = 'mymodule_validate';
    }
}

function mymodule_validate($form, &$form_state) {
    if (mymodule_user_exists($form_state['values']['name'])) {
        if (mymodule_check_password($form_state['values']['name'], $form_state['values']['pass'])) {
            user_external_login_register($form_state['values']['name'], 'mymodule');
            user_authenticate_finalize($form_state['values']);
            // maybe sync some data here
        }
    }
    else {
        user_login_authenticate_validate($form, $form_state);
    }
}

You can also make use of hook_user to sync some data (or prevent editing) when the user registers or tries to update their account.

在我工作的地方,我们做的事情与你所描述的类似。我们有一个基于Java的后端“平台”,作为帐户信息的主要来源。平台团队编写了一个用于帐户创建、身份验证和更新的 REST API。我们编写了一系列自定义 Drupal 模块,分别在注册、登录和帐户编辑期间与平台 API 进行交互。但我要警告您,事实证明需要编写、测试和维护大量自定义代码。

Where I work, we do something similar to what you're describing. We have a Java-based backend "platform" that acts as the main source of account information. The platform team wrote a REST API for account creation, authentication, and updates. We wrote a series of custom Drupal modules to interface with the platform API during registration, login, and account editing respectively. I'll warn you though, it turns out to be a lot of custom code to write, test, and maintain.

提笔落墨 2024-11-25 18:17:07

这正是我将一切交给 OpenID/OAuth 的原因。 Drupal 可以是一个 OpenID 提供商,像这样的站点 (StackOverflow) 允许许多提供商。 OpenID 提供程序

Drupal 有一个很棒的 OpenID 选择器实现:OpenID 选择器
这与您在 StackOverflow 上看到的相同。

当然,这也需要您的非 Drupal 站点转换到 OpenID/OAuth,这可能并不那么容易。

This is exactly why I handed everything over to OpenID/OAuth. Drupal can be an OpenID provider, sites like this (StackOverflow) allow many providers. OpenID Provider

Drupal has a great OpenID selector implementation: OpenID Selector
it's the same one you see on StackOverflow.

This would of course require your non-drupal site to transition to OpenID/OAuth as well, which might not be quite as easy.

舂唻埖巳落 2024-11-25 18:17:07

如果您有编辑外部站点的范围,那么您可以使用 Drupal 的 services 模块并编写用户登录服务并调用来自外部站点的服务。如果成功,您可以从用户登录服务返回会话 ID。希望这会对您有所帮助。

If you have scope to edit external site then You can use Drupal's services module and write your user login service and call that service from external site. You can return session id from user login service if success. Hope this will help you.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文