auth_external

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
pcause
Bear Rating Master
Bear Rating Master
Posts: 144
Joined: 23 Aug 2013, 19:52

auth_external

Postby pcause » 10 Jul 2015, 15:50

I am running my tt-rss instance using nginx/php-ftp/postgresql on ubuntu. I am using a self-signed cert and basic authentication. When I use the auth_external plugin I can't login. I looked at the code and it seems to use REDIRECT_REMOTE_USER as the user name but this isn't set in my server and instead PHP_AUTH_USER (and PHP_AUTH_PW) are set . I've searched articles on the Internet and seems that there are a number on issues about authorization and what is set can depend on how you set up PHP and your web server and which web server. Can I suggest a change that uses the PHP_ variables if they are set and otherwise falls back to REDIRECT_REMOTE_USER? I think this would fix things for most cases.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: auth_external

Postby fox » 10 Jul 2015, 16:34

post a pull request

Symbiote
Bear Rating Trainee
Bear Rating Trainee
Posts: 1
Joined: 09 Apr 2017, 13:37

Re: auth_external

Postby Symbiote » 09 Apr 2017, 13:57

(NB I'm not requesting support; I'm replying to an old report to avoid a duplicate.)

My configuration has led to the same issue. (Apache 2.4 with mod_proxy, with backend running Nginx, PHP 5.6 and TT-RSS under Docker.)

It can be corrected like this:

Code: Select all

diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php
index 2ec2c87..7c7a00b 100644
--- a/plugins/auth_remote/init.php
+++ b/plugins/auth_remote/init.php
@@ -41,6 +41,8 @@ class Auth_Remote extends Plugin implements IAuthModule {
                // php-cgi
                if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]);

+               if (!$try_login) $try_login = db_escape_string($_SERVER["PHP_AUTH_USER"]);
+
                if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
 #              if (!$try_login) $try_login = "test_qqq";


but I won't put my name to a commit, since I don't know enough about PHP to know when the different AUTH variables are used. And also in case PHP 7 makes it irrelevant, since active support of v5 has ended.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: auth_external

Postby fox » 09 Apr 2017, 14:14

i think it's fine, my other http-auth based thing uses PHP_AUTH_USER i think. checking both should be ok.

e: https://tt-rss.org/gitlab/fox/tt-rss/co ... 98b76f81e3


Return to “Support”

Who is online

Users browsing this forum: No registered users and 11 guests