Web login via NFC tag

kudykam · March 3, 2023, 12:49pm

user extended field with name KEY

halftrainedharry · March 3, 2023, 1:40pm

So in the plugin you get a variable $user which is already the correct MODX user.

Then with

$profile = $user->getOne('Profile');

you can access the user profile and with

$extended = $profile->get('extended');

the extended field.

$extended['KEY']

should then give you the “key ID” that you can compare with the variable $password.

kudykam · March 6, 2023, 2:07pm

Ok I got php code that obtains user username or id. How can I log this user to web context?

halftrainedharry · March 6, 2023, 2:37pm

For frontend login usually the extra Login is used.

kudykam · March 6, 2023, 7:02pm

I mean using php code.

camicase82 · March 7, 2023, 2:23am

Here is a simple code I use on a rest endpoint to login from a Vue page:

public function post() {
    $properties = $this->getProperties();

    $properties = array(
      'login_context' => 'web',
      'username'      => $properties['username'],
      'password'      => $properties['password'],
      'returnUrl'     => "/",
      'rememberme'    => 0,
    );

    $rawResponse = $this->modx->runProcessor('security/login', $properties);
    $response = $rawResponse->getResponse();
    if (!$rawResponse->response["success"]) {
      return $this->failed('Failed login', $response->getResponse(), 401);
    } 


    return $this->success('Login executed',$response->getResponse());
  }

halftrainedharry · March 7, 2023, 8:14am

Create a new plugin that runs on the event OnWebAuthentication, like decribed in the article that is linked in the first answer.

kudykam · March 7, 2023, 8:26am

I read the article several times but still dont know how to pass specified user to login. So far I only have snippet that return user object.

halftrainedharry · March 7, 2023, 8:29am

You don’t have to do that.

You use the Login extra. The Login extra executes the security/login processor. The processor invokes the event OnWebAuthentication and gives you the user object as a parameter.

kudykam · March 7, 2023, 8:46am

But I dont use username or password to login, but custom field in user profile ( Bobs ClassExtender ). So if I pass custom key parameter to Login extra is it also passed to plugin with event OnwebAuthentication?

halftrainedharry · March 7, 2023, 9:03am

The security/login processor takes the username from the login form and searches for a matching user in the database. If there is such a user, it calls OnwebAuthentication with this user and the value of the password from the login form (parameter $password).

github.com

modxcms/revolution/blob/31ad6114a61155fba9a28264ea464a30dcce7fb8/core/src/Revolution/Processors/Security/Login.php#L267-L279


      
          public function fireOnAuthenticationEvent()
          {
              $loginParams = [
                  'user' => & $this->user,
                  'password' => $this->givenPassword,
                  'rememberme' => $this->rememberme,
                  'lifetime' => $this->lifetime,
                  'loginContext' => & $this->loginContext,
                  'addContexts' => & $this->addContexts,
              ];
          
          
    return $this->modx->invokeEvent($this->isMgr ? 'OnManagerAuthentication' : 'OnWebAuthentication', $loginParams);
          }

If you don’t use the username from the modUser table as well, then you probably have to extend the class \MODX\Revolution\Processors\Security\Login (particularly the function getUser()) like it is done in the Login extra (to allow login via email-address):

github.com

modxcms/Login/blob/ba5a8c7d06668b15e418827832586a481f456631/core/components/login/processors/customlogin.class.php

<?php
/**
 * Login
 *
 * Copyright 2010 by Jason Coward <jason@modx.com> and Shaun McCormick <shaun+login@modx.com>
 *
 * Login is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option) any
 * later version.
 *
 * Login is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * Login; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA 02111-1307 USA
 *
 * @package login

This file has been truncated. show original

kudykam · March 16, 2023, 11:07am

Ok modify Login snippet to use different field instead of email seems like way to go. How do I create this extension without modify login snippet?

kudykam · March 17, 2023, 12:36pm

I found this article about magic links, which is similar to what I am trying to acomplish.
Logging users in to MODX with magic links | Nathanael McMillan
But there is problem in the code, maybe not working in modx 3?

in modx log:

[2023-03-17 13:30:11] (ERROR @ C:\xampp\htdocs\core\vendor\xpdo\xpdo\src\xPDO\xPDO.php : 666) Could not load class: MagicToken from mysql.magictoken

kudykam · March 17, 2023, 1:27pm

I always got stuck on
$modx->getObject(‘MagicToken’ or
$modx->newObject(‘MagicToken’
It always return null

halftrainedharry · March 17, 2023, 1:38pm

Did you create this class “MagicToken”? Did you create it in MODX 3?
In MODX 3, all classes need a namespace. So you have to change the schema from the article you linked.

kudykam · March 17, 2023, 1:50pm

I changed the schema like this:

<?xml version="1.0" encoding="UTF-8"?>

<model package="Magiclink\Model\" baseClass="xPDO\Om\xPDOObject" platform="mysql" defaultEngine="InnoDB" phpdoc-package="" phpdoc-subpackage="" version="3.0">

      <object class="MagicToken" table="magiclink_tokens" extends="xPDOSimpleObject">
        <field key="token" dbtype="varchar" phptype="string" precision="50" null="false" default="" />
        <field key="userid" dbtype="int" phptype="int" precision="20" null="false" default="" />        
    	<field key="expires" dbtype="datetime" phptype="datetime" null="true" />
    </object>

</model>

I also noticed that path to model is magiclink/src/Model , but in php code it is only magiclink/model

halftrainedharry · March 17, 2023, 1:55pm

So in the code you should now use

$modx->getObject('Magiclink\\Model\\MagicToken', ...);

or

use Magiclink\Model\MagicToken;

$modx->getObject(MagicToken::class, ...);

Yes, this has changed as well from MODX 2.x to MODX 3.

kudykam · March 17, 2023, 2:10pm

   $Token = $modx->getObject('Magiclink\\Model\\MagicToken', [
                    'token' => urldecode($request['token'])
                ]);

Token is still null…
do I have to modify the path somewhere else ( /src/) except first line?


// Load in our magiclink package 
$path = $modx->getOption('magiclink.core_path', null, $modx->getOption('core_path')) . 'components/magiclink/src/Model/';
$magiclink = $modx->addPackage('magiclink', $path);

halftrainedharry · March 17, 2023, 2:20pm

I believe this should work:

$path = $modx->getOption('magiclink.core_path', null, $modx->getOption('core_path')) . 'components/magiclink/src/';
$modx->addPackage('Magiclink\Model', $path, null, 'Magiclink\\');

kudykam · March 17, 2023, 2:33pm

thanks,
but no change…