Plugin authentication: requestPattern does not match

Using Neos & Flow
1

Hallo,
in my own plugin I have a backend where I want the user to autenticate with his neos-backend-account-credentials (for example with an account of Role TYPO3.Neos Administrator).

Therefore my plugin /Configuration/Settings.yaml looks like that:

TYPO3:
  Flow:
    security:
      authentication:
        providers:
          Typo3BackendProvider:
            provider: 'PersistedUsernamePasswordProvider'
            requestPatterns:
              controllerObjectName: 'Vendor\Plugin\Controller\.*'
            entryPoint: 'WebRedirect'
            entryPointOptions:
              routeValues:
                '@package':    'Vendor.Plugin'
                '@controller': 'Authentication'
                '@action':     'index'
                '@format':     'html'
        authenticationStrategy: oneToken

If I try to login at the backend of my plugin with the credentials of the new user I get the flash-message “Authentication failed!”.

If I uncomment the line…

controllerObjectName: 'Vendor\Plugin\Controller\.*'

…in my plugin Settings.yaml the behavior is like expected :flushed:

So obviously the requestPattern doesn’t match - but I don’t know why. If I try…

controllerObjectName: 'TYPO3\Neos\Controller\.*|TYPO3\Neos\Service\.*|TYPO3\Media\Controller\.*|Vendor\Plugin\Controller\.*'

…the actual behavior isn’t like expected. Does anybody know why?
I use my own AuthenticationController.php which is stored in the filesystem at Vendor_Site/Packages/Plugins/Vendor.Plugin/Classes/Vendor/Plugin/Controller/.

I looked at the flow security docs and tried to match the requestPattern by only my ip, but this doesn’t work, too.

2

Hi Andre,

If uncommenting a line works for you, why don’t you just uncomment it then? :wink:
It would help if you wrote expected vs actual behavior instead of works vs doesn’t work

That the Neos Backend Login doesn’t work if you override the requestPattern is understandable I guess.
If you just add your pattern it should work usually, but usually theres yet another request pattern active, namely the Flowpack\Neos\FrontendLogin\Security\NeosRequestPattern.
You can check by executing:

./flow configuration:show --type Settings --path TYPO3.Flow.security.authentication.providers.Typo3BackendProvider

The NeosRequestPattern only matches if the current URL either starts with /neos and/or contains a @.

So you can either replace/override that RequestPattern too, or you add a route like /neos/your-plugin to make that work.

BTW: Shameless self-plug but this package might help you to debug these cases: wwwision/clockwork - Packagist

3

Hi Bastian,

If uncommenting a line works for you, why don’t you just uncomment it then?

:sweat_smile: I’m a person who likes to know why things behave like they do and who preferably likes to understand systems :wink:

It would help if you wrote expected vs actual behavior instead of works vs doesn’t work

Sorry for my expression - I updatet my post know. And thank you for the hint.

…theres yet another request pattern active, namely the Flowpack\Neos\FrontendLogin\Security\NeosRequestPattern.

Yes, that’s it.

So you can either replace/override that RequestPattern too, or you add a route like /neos/your-plugin to make that work.

It would help if you wrote expected vs actual behavior instead of make that work :joy:
Fine! Then the behavior is like expected :grin::ok_hand:

I’m not sure, if I fully understand:
Do I have to match the NeosRequestPattern of the plugin flowpack/neos-frontendlogin also, because the provider Typo3BackendProvider will only be active, if all patterns(of both plugins, if I use this provider in both plugins) match?

Thank you so much!

4

Haha, I didn’t mean that your post should be political correct. They key point is what was expected :wink:

…I thought you prefer to understand the system. But feel free to get in touch for a quote :wink:

But seriously:

Not sure whether I understand your question… All configured Request Patterns have to match for a given authentication provider to be active… If I execute

./flow configuration:show --type Settings --path TYPO3.Flow.security.authentication.providers.Typo3BackendProvider.requestPatterns

I get

controllerObjectName: 'TYPO3\Neos\Controller\.*|TYPO3\Neos\Service\.*|TYPO3\Media\Controller\.*'
Flowpack\Neos\FrontendLogin\Security\NeosRequestPattern: backend

=> Two Request Patterns are involved. One that matches the controller object name and one that checks whether the current URL refers to the Neos “Backend”…

So, if you want the Typo3BackendProvider to be active, you either have to change the NeosRequestPattern so that it matches your plugin request, too or - which I recommend - make sure your “plugin backend” sits on a URL that matches the NeosRequestPattern (i.e. ‘/neos/your-plugin’) by adding a corresponding route…

1 Like
5

=> Two Request Pattern are active. One that matches the controller
object name and one that checks whether the current URL refers to the
Neos “Backend”…

… All configured Request Patterns have to match for a given authentication provider to be active.

Yes, that’s what I’m happy to get confirmed :grin:

… - which I recommend - make sure your “plugin backend” sits on a URL that matches the NeosRequestPattern (i.e. ‘/neos/your-plugin’) by adding a corresponding route…

I did that. Excellent - thank you again very much.

1 Like