phpBB 3.2 EVE SSO / ESI extension [beta]

esi

(Snitch Ashor) #1

Hi all,

This is a beta version of a phpBB extension that enables Single sign on for registration and login to the phpBB forum software: https://bitbucket.org/snitchashor/php-ext-authevesso/downloads/

Current version: 1.2.2b (18/01/08)

Current features:

phpBB auth provider (replaces regular login completely)
Login / Registration using EVE accounts
Group management based on corp / alliance (using ESI to fetch)
Teamspeak serverGroup management based on corp / alliance
Display users corp / alliance below the user name

Requirements:

phpBB 3.2 or above
php5.5 or above with php-curl installed
A valid EVE Online subscription (you need one to register a developer app.)

Installation and setup:

This extension is under development, if you install it on anything but a fresh and empty board, backup your database and files now.

  • Upload the contents of the zip to your forum root (the zip should already contain the directory structure /ext/snitch/authevesso)
  • Go to the ACP
  • Enable the extension under ‘Customise’, if it doesnt show up check the directory structure.
  • Go to developers.eveonline.com and create an App, select API access and the scope esi-corporations.read_corporation_membership.v1 or wahtever other scopes you want to request, set the callback url to server/forumurl/authevesso/login
  • Go to you forum ACP: General - Client communication - Authentication
    Enter your app id and secret you got in the above step, as well as the Admin character name (Important: This has to be an eve character you will use from now on to log in as admin. If this char already exists as a board user, make him a founder and grant all permissions now.)
  • Save Settings (LEAVE THE METHOD AT ‘Db’ FOR NOW)
  • Click the Test SSO Button and log in e.g. you admin char, afterwards the logged in user should be displayed right next to the test button. If so, go on.
  • Change authentication method to Evesso and save.
  • Log in with the admin EVE char and purge the forum cache in the ACP.
  • Start adding Groups / Teamspeak groups under ‘Extensions -> EVE SSO Auth -> Settings’
  • Customize the requested scopes under ‘Extensions -> EVE SSO Auth -> Scopes’, make sure to add all of these to your eve developers app.

if something goes wrong and you locked yourself out, access your database and find the key auth_method in your phpbb_config table and change it from ‘evesso’ to ‘db’.

Updating:

  • Go to the ACP
  • Under ‘Customize’ disable the extension (do NOT clear the data)
  • Replace the mod folder with the updated one.
  • Under ‘Customize’ enable the extension
  • Purge the Cache on the ACP main page

A few notes how its working:

This extension automatically creates a forum user account for evey user that logs in with his eve account.
It only handles the groups configured in the extensions ACP menu, it will not add OR REMOVE from any of the groups / teamspeak groups not entered there.
phpBB3.1+ has a new cron system. if you wish to run the cron jobs manually, the command to do so is: php install_dir/bin/phpbbcli.php cron:run (set to run e.g. once in 15 minutes, dont worry, the actual jobs run at different intervals) In that case, go to your boards server settings and set ‘run periodic tasks from system…’ to ‘yes’.

Credits:

Inspired by EVE API for phpBB 3.0 by Cyerus and phpBB 3.1 Authentication Provider for Shibboleth
Using the Teamspeak PHP framework
ESI client generated using swagger codegen

Translations:

English
Russian (right now not complete)

Special thanks:

Jintaro Keo for a lot of testing and the russian translation

Happy testing,

Report any bugs you encounter here or to admin(at)brgf(dot)de
If you wanna support this project, feel free to throw some ISK at Snitch Ashor
Heres the original thread:

o7, Snitch


SMF Corp website
(Snitch Ashor) #2

Btw. heres the link to the previous thread:

https://forums-archive.eveonline.com/default.aspx?g=posts&t=513835


(Roksana Kolesnikova) #3

phpBB with ESI, must test it ^^


(Roksana Kolesnikova) #4

Hm, i did everything as you writed but when i try to login i get this error message:

Error: Invalid auth state.


(Snitch Ashor) #5

Hmmm had seen that before but whenever I tried to debug it, it was working suddenly so I assume its a caching issue. Do you have access to your database? If so could you check the columns in the _sessions table? I dont need the content, just the headers.

EDIT: Just remembered, in one case this was a browser caching issue before. Any chance you can try a different browser or clear the browser cache for the forum?


(Roksana Kolesnikova) #6

Works with diferent browser but not with prged browser cache, the system is fast and really stable (compared to my beta apps :slight_smile: ). I wonder if its possible tocreate a ESI auditing page (accesible only by directors), like APIjackknife?


(Snitch Ashor) #7

If it works with a different browser can you log in your admin account with that one and purge all sessions in the ACP?
ESI auditing page could be done, did something like that for a recruitement system but its not really easy to integrate… guess its easier to wait for jacknive to be upgraded to esi if not yet done. In one of the next versions of the phpbb mod, making the requested scopes a config option is on the todo list.


(Roksana Kolesnikova) #8

Same error after i purged the sessions. Also the “purge the cache” now gives an AJAX error.

Something went wrong with the request and the server returned an invalid reply.


(Snitch Ashor) #9

That sounds more like a phpbb issue… The mod does not use any hooks related to session purging. I will try to look into this. Can you pm me your board url?


(Roksana Kolesnikova) #10

Yea it is. I’ve reinstalled the whole system and tried to purge the cache with the fresh install and it gives the same error. Well i cant found th private message here so here is the url: dev.minokawa.info


(Veritas Totient) #11

Hi, I have added more scopes in my forums.
And I found that the cron task only checks the membership from ESIAPI which does not use the refresh token.
Is that a good idea remove the member from the group as long as someone revokes his refresh token?Or at least give a option to enforce the refresh token?

I have read the groups_check code. If the answer is yes, I might try to work it out and make a pull request.


(Yanina Usaro) #12

Issues with the Callback

Could there be a check-function, where you test the callback settings BEFORE you switch to evesso and you lock yourself out of your phpBB. The cache purge approach is more than anoying and could be avoided easily with a few lines of code, right ?


(Yanina Usaro) #13

second feedback. To me it seems the introduction of a new authentication method is opening up so many cans of worms its not really worth doing it.

Could the follwoing be an easier approach? stay with login db. but enforce registry via EVE SSO for getting a proper Username and a refresh token.


(Snitch Ashor) #14

That would be an option, however this would require core file modifications as not all the hooks required to change an existing auth method are there yet, which would potentially break with every phpbb update. I agree, the extension system introduced with phpbb3.2 is not the easiest thing to deal with. Maybe the right thing to do for now is to add a test for the sso login before switching the auth method. Will have a look, thanks for the feedback.


(Snitch Ashor) #15

Sure do so. Adding a list of scopes that can be ticked is still on the todo list. The groups_check needs to be reworked anyway. The beauty of checking just affiliations is that it could be done in batches very fast, checking refresh tokens and affiliation will be like .5 to 1 second per char.

Edit: One issue with that. CCP recently introduced error rate limiting, one would need to check if verifying a revoked refresh token counts toward it. If so it’s a bad idea as someone registering lots of chars and revoking their tokens might get you a temp esi ban.


(Lord Kaho) #16

ignore that----


(princess abbie) #17

Ok so is their a way to refresh a users corp/alliance information that is displayed on their profile and also obivously for it refresh to check if they are in a corp/alliance listed within the plugin settings for auto assigning groups.

I am having the issue of people applying to join on forums after joining a corp in the alliance and the api not being updated when they register and then i have to delete their user account and they have to signup again for it to then refresh and change the corp information.

It would be nice if we can set a cron job to check all users corp/alliance placement every 28 days for example and also manually have it check specific users when a button is pressed to allow it to update to another corp without deleitng the users.

As if some one switches corps within the alliance after they have been registered and made lots of posts it means deleting their account for them to be able to signup again with the same toon.

Also is their any progress on adding extra scopes and them being stored into the database via toggle buttons as you previously mentioned?

Thanks in advance for your time.


(Snitch Ashor) #18

The cron job to do exactly this is included. However, phpbbs internal system to run cron jobs is not very reliable. If you wish to run the cron jobs manually, the command to do so is: php <install_dir>/bin/phpbbcli.php cron:run (set to run e.g. once in 15 minutes, dont worry, the actual jobs run at different intervals) In that case, go to your boards server settings and set ‘run periodic tasks from system…’ to ‘yes’.


(princess abbie) #20

I am not tech savvy enough to understand where to put the cron job php for phpbb as im quite new with the forum suite, thanks for your prompt reply though I will get my cousin to have a look at it as he understand much more in terms of code.

In terms of the other questions I asked regarding the extra scopes do you have any timescale or progress on making the scopes on a toggle mechanic for database storage?


(Lord Kaho) #21

So @Snitch_Ashor i have installed the new phpBB Version with the SSO login plugin. Works fine.
The only problem is:

After Login the Stylesheet dont get loaded

Anyone got the same problem?

http://braindead-zombies.org/forum/