Anatomy of a Horde login - Flow chart
I promised to look into generating a chart of the Horde login processes, and out came an activity diagram. I'm not perfectly happy with it yet, but it's being rendered automatically thanks to PlantUML and Graphwiz.
So here it is. I'm not sure if it really helps with understanding the process, but anyway.
Created with PlantUML.
And for reference, this is the source:
@startuml authentication.png
title Authentication in Horde
scale 0.7
skinparam activityArrowFontSize 10
partition login.php {
"Start of login.php" --> "$registry->isAuthenticated()"
--> if "$logout_reason?" then
-left-> [true] "Log out"
--> [false] ===RENDER_LOGIN===
else
--> [false] if "Login form submitted?" then
--> [true] "$auth->authenticate()?"
else
--> [false] ===RENDER_LOGIN===
endif
endif
"$auth->authenticate()?" --> if "" then
-right-> [true] "Redirect to URL\nor initial page"
else
--> [false] "Display error message"
--> ===RENDER_LOGIN===
endif
===RENDER_LOGIN=== --> "Render login form"
--> "End of login.php"
}
partition any.php {
"Start of any.php" --> "Horde_Registry::appInit($app)"
--> "End of any.php"
}
partition Horde_Registry {
"$registry->isAuthenticated()" --> [$app = 'horde'] "isAuthenticated()"
--> if "getAuth()?" then
--> [true] if "$app == 'horde'?" then
--> [true] "checkExistingAuth()"
else
--> [false] if "$app is authenticated?" then
--> [true] "checkExistingAuth()"
else
--> [false] "Transparent authentication?"
endif
endif
else
--> [false] "Transparent authentication?"
endif
"Transparent authentication?" --> [true] "$auth->transparent()"
"checkExistingAuth()" --> "Check IP"
--> "Check browser"
"Horde_Registry::appInit($app)" --> "pushApp()"
--> if "$checkPerms?" then
--> ===CHECKPERMS===
--> [true] if "getAuth()?" then
--> [true] "checkExistingAuth()"
endif
endif
===CHECKPERMS=== --> "hasPermission()"
--> "isAuthenticated()"
}
partition Horde_Core_Auth_Application {
"Check browser" --> "validateAuth()"
--> if "$app == 'horde'?" then
--> [true] "$base->validateAuth()"
endif
"$auth->transparent()" --> "transparent()"
--> if "$userId = getCredential('userId')?" then
--> [false] "$userId = $registry->getAuth()"
endif
--> if "$credentials = getCredential('credentials')?" then
--> [false] "$credentials = $registry->getAuthCredential()"
endif
--> "list($userId, $credentials) =\n[preauthenticate/transparent hook]"
--> "setCredential('userId', $userId)" as CRED1_CORE
--> "setCredential('credentials', $credentials)" as CRED2_CORE
--> if "$app == 'horde'?" then
--> [true] "$result = $base->transparent()"
--> ===RESULT===
else
--> [false] if "hasCapability('transparent')?" then
--> [true] "$result = Application's authTransparent()"
--> ===RESULT===
else
--> [false] "$result = Authenticated at Horde and\nno authentication for $app"
--> ===RESULT===
endif
endif
===RESULT=== --> if "$result?" then
--> [true] "_setAuth()"
if "$registry->isAuthenticated()?" then
--> [false] if "$registry->getAuth()?" then
--> [false] "$registry->getCleanSession()"
--> "$userId = $this->getCredential('userId')"
endif
--> "$credentials = $this->getCredential('credentials')"
--> "list(,$credentials) =\n[postauthenticate hook]"
--> "$registry->setAuth($userId, $credentials)"
endif
"$auth->authenticate()?" --> "authenticate()"
--> "list($userId, $credentials) =\n[preauthenticate/authenticate hook]"
--> "$base->authenticate()?"
--> [true] "_setAuth()"
"_authenticate()" as _AUTH_CORE --> "Application's authAuthenticate()"
}
partition Horde_Auth_Base {
"$base->authenticate()?" --> "authenticate()" as AUTH_BASE
--> "_credentials['userId'] = $userId"
--> if "$app == 'horde'?" then
--> [true] "_authenticate()" as _AUTH_BASE
--> "Check authentication backend"
--> "setCredential('userId', _credentials['userId'])" as CRED1_BASE
else
--> [false] _AUTH_CORE
--> CRED1_BASE
endif
CRED1_BASE --> "setCredential('credentials', $credentials)" as CRED2_BASE
"$base->validateAuth()" --> "validateAuth()" as VALIDATE_BASE
"$result = $base->transparent()" --> "transparent()" as TRANSP_BASE
}
partition Horde_Registry {
"$registry->setAuth($userId, $credentials)" --> "setAuth()"
--> "authusername hook -> userId"
--> "store credentials"
--> "load preferences"
--> "etc."
}
@enduml
