Developers of Sympa

[John-Paul Robinson <address@concealed>]

Hi,

Hope you've had a good summer.

I noticed an issue I hadn't addressed in my earlier patch.  In the Auth.pm 
file's authenticate() function, the password is only verified for 
user_table and ldap auth_types.  This makes sense based on the original 
intent but doesn't cover my modification to support end-user verification 
of email addresses when using generic_sso.

I plan to add an ifelse to the list of user_table and ldap in this
function to include generic_sso so that the provided password will get
checked in this case if the force_email_verify flag is set for that
provider.  I don't think this will cause any problems. 

What I'm not clear on, though, is the action in these conditionals.  
Currently they return:

    return {'user' => $user,
            'auth' => 'classic',
            'alt_emails' => {$email => 'classic'}
            };

In the case of user_table.  I'm nopt sure what the "alt_emails" value is 
for.  Is it safe to also use "classic" in the case of generic_sso, or 
would this break things elsewhere?   

Note, the "user_table" code is currently being triggered in my install 
because I have a "user_table" auth_type in my auth.conf.  I'd like to 
remove this auth_type though.  My motivation for removing it is mainly to 
prevent any attempt allow login's with a "local to sympa" account.  (I'm 
planning on just allowing generic_sso based logins.)

I have some more questions on this theme, but I'll post them as distinct 
emails.

~jpr