[Solved]Create User at Run Time Through API or Program

pawankct91 · March 12, 2019, 4:55am

Since we will have the user information(Role,name and other information) in our HTTP request object once they will hit the neos/login page

Is there any way to create the user at run time through the program or API in Neos.
As user try to log in, first check if the given credentials is already there in neos, not to be created but if given credentials is new then it should create the user.

Please suggest.

sorenmalling · March 12, 2019, 7:55am

So no matter what submitted values (username + password) it will create a new user? That sounds a bit dangerous

But if you wan’t to, you have to replace the AuthenticationProvider and implement that “create on the fly” (which is possible)

pawankct91 · March 12, 2019, 8:01am

Big thanks for reply.

Would you please give an idea how we can create on fly as you said it is possible.

The Thing is there is third party authentication provider(SSO
) so user credentials is already checked through their backend and once successfully it redirect to our neos application.

So we would be getting the user information from request object with the role ,on the fly we need to create those user if user comes at very first.(We don’t want to show the neos/login page again to login)

Would you please guide.

sorenmalling · March 12, 2019, 8:43am

I guess you have your own Authentication Provider at the moment, if you already authenticate the information?

If yes, then you create the account inside the authenticate method for ex with the AccountFactory

pawankct91 · March 12, 2019, 9:25am

Thanks for reply.

I am afraid ,could not get it.

Would you please bit explain ,how it could be done " If yes, then you create the account inside the authenticate method for ex with the AccountFactory".

sorenmalling · March 12, 2019, 9:29am

Did you create your own Authentication Provider to authenticate users somewhere else than the Neos user table ?

If yes, that should contain a authenticate() method (defined in the AuthenticationProviderInterface. Have a look at PersistedUsernamePasswordProvider for an example) Inside that authenticate() method is where you want to create and persist your Neos User model.

Look at this Instagram authentication implementation

github.com

Weissheiten/Weissheiten.OAuth2.ClientInstagram/blob/master/Classes/Weissheiten/OAuth2/ClientInstagram/Provider/InstagramProvider.php#L111


$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);


/** @var $account \Neos\Flow\Security\Account */
$account = NULL;
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function() use ($userInfo, $providerName, $accountRepository, &$account) {
    $account = $accountRepository->findByAccountIdentifierAndAuthenticationProviderName($userInfo['id'], $providerName);
});


if ($account === NULL) {
    $account = new Account();
    $account->setAccountIdentifier($userInfo['id']);
    $account->setAuthenticationProviderName($providerName);
    $this->accountRepository->add($account);
}


$authenticationToken->setAccount($account);
// the access token is valid for an "undefined time" according to instagram (so we cannot know when the user needs to log in again)
$account->setCredentialsSource($credentials);
$this->accountRepository->update($account);

pawankct91 · March 13, 2019, 4:41pm

Thanks for the update.

“Did you create your own Authentication Provider to authenticate users somewhere else than the Neos user table ?” Yes we have third-party authentication provider where user are stored in their LDAP directory(User info like role, name…)

So if the user comes at very first, on fly user has to be created in Neos (after successfully get authenticated through authentication provider.)
Note: “At the very first time, In future since the user is already created, no need to create again and again.”

So I got a bit idea as you have mentioned above but how we would be able to call these above methods.
(how Could directly do and take the user Noes page(don’t want to show Neos login page)

sorenmalling · March 14, 2019, 2:29pm

What did you try so far? The Instagram authentication provider linked to does exactly the creation of a account on the fly

sorenmalling · March 21, 2019, 1:25pm

Did you work around this issue or found a different solution?

pawankct91 · March 25, 2019, 6:36am

Hi.
Still i need to do that configuration.
I am afraid ,how to do that.

sorenmalling · March 26, 2019, 6:30am

Can you paste your authenticationprovider here? That will help alot

sorenmalling · March 27, 2019, 5:44am

That’s not your authentication provider in Flow/Neos but some other configuration it seems.

You need to look at creating your AuthenticationProvider (did you read the Documentation security and authentication yet? https://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/Security.html#authentication) maybe by extending the one used for Neos and then set that in your Configuration.

And in that, you create a user, like in the Instagram Provider I shown above.

pawankct91 · March 27, 2019, 6:23am

Thanks for Reply.

yes,I have have gone through the document and knew that user account could be created on fly as mentioned in Instagram Provider.

But as per my understanding, the custom authentication provider will be called once we submit the user credentials from neos/login page.(Can we directly login without neos/login page)

And I want something to avoid neos/login page and on fly user get created and logged IN.

pawankct91 · March 27, 2019, 5:13pm

Any solution for that?@sorenmalling.

pawankct91 · April 8, 2019, 6:20pm

It got solved now.

Had to write the code in same PersistedUsernamePasswordProvider where i check first if user is not there ,create the user first and logged into neos
please find below code for same where i have few information in cookies (like first name and last name)

    if($account === null){
        $firstName = '';
        $lastName = '';
        $array= $this->securityContext->getRequest()->getHttpRequest()->getCookieParams();
        foreach ($array as $key => $value) {
            if($key === "fname"){
                $firstName= $value;
            }else if($key === "lname"){
                $lastName= $value;
            }
        }
        $accountIdentifier = $credentials['username'];
        $password = $credentials['password'];
        $user = new User();
        $user->setName(new PersonName('', $firstName, '', $lastName));
        $user->getPreferences()->set('context.workspace', 'user-' . $accountIdentifier);
        $this->partyRepository->add($user);

        $account = $this->accountFactory->createAccountWithPassword($accountIdentifier, $password, array('Neos.Neos:Administrator'), 'Neos.Neos:Backend');
        $this->partyService->assignAccountToParty($account, $user);
        $account->setExpirationDate(new \DateTime('+1 week'));
        $this->accountRepository->add($account);

    }