Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Can you use cbauth (via cbsecurity) in a submodule? #21

Open
homestar9 opened this issue May 21, 2021 · 2 comments
Open

Question: Can you use cbauth (via cbsecurity) in a submodule? #21

homestar9 opened this issue May 21, 2021 · 2 comments

Comments

@homestar9
Copy link
Contributor

I'm trying to figure out if this is a bug, intentional behavior, or just user error on my part.

I have a Coldbox app that only needs to use cbauth (via cbsecurity) in a module. I have defined my cbsecurity settings in the module's ModuleConfig.cfc like this:

settings = {
      cbsecurity = {
                // Module Relocation when an invalid access is detected, instead of each rule declaring one.
                "invalidAuthenticationEvent" 	: "admin:errors.onAuthenticationFailure",
                // Default Auhtentication Action: override or redirect when a user has not logged in
                "defaultAuthenticationAction"	: "override",
                // Module override event when an invalid access is detected, instead of each rule declaring one.
                "invalidAuthorizationEvent"		: "admin:errors.onAuthorizationFailure",
                // Default Authorization Action: override or redirect when a user does not have enough permissions to access something
                "defaultAuthorizationAction"	: "override",
                // cbauth
                "userService"                   : "AuthenticationService@admin",
                // You can define your security rules here
                "rules"							: [
                    {
                        "secureList" 	: "admin:*",
                        "whitelist" 	: "admin:login"
                    }
                ]
            }

However, when I try to access the submodule I get the following error:
No [userServiceClass] provided. Please set in config/ColdBox.cfc under moduleSettings.cbauth.userServiceClass.

I can make the error go away if I put the following in my root app's Coldbox.cfc config file:

moduleSettings = {
            cbauth = {
                userServiceClass = "AuthenticationService@cms"
            }
        };

However, it smells funny to me to have to specify the cbauth settings in the app root if cbauth is only needed at the module level. Is this intentional behavior of cbauth? Or perhaps I am missing something?
@homestar9
Copy link
Contributor Author

@elpete checking in on this issue to make sure you received it.
I believe the issue can be fixed by modifying AuthenticationService so that it gets the property userServiceClass from moduleSettings instead of Coldbox settings, right?

In other words, a module should be able to set up cbauth instead of relying on the root app to do it.

@elpete
Copy link
Collaborator

elpete commented Jan 17, 2023

I believe when we set this up it was intended to set both manually in the config/ColdBox.cfc. That may have changed with cbSecurity 3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elpete @homestar9