Indefero Commit Details

Date:

2011-08-25 08:28:02 (13 years 7 months ago)

Author:

Patrick Georgi

Branch:

feature.webrepos

Commit:

39f77886db253a3260a017a5b8de9db818c5f3c0

Parents:

f7470e4a7afb0f4674e9c18511b831ebd8fef5fc

Message:

Make HTTP auth cover all popular FastCGI workarounds

Changes:

File differences

-29
30 30
31 31
32 
32
33
33 34
35
34 36
35 37
36 38
+  analogous mechanisms might need to be setup for other http daemons), which␊
  passes through the Authorization HTTP Header of a request.␊
␊
  In case of mod_rewrite, the necessary line is:␊
  In case of mod_rewrite, the necessary line is␊
  one of (depending on server configuration):␊
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]␊
      RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]␊
␊
- The FastCGI adaptor must allow large requests to be handled by PHP,␊
  otherwise push might fail.␊
   analogous mechanisms might need to be setup for other http daemons), which␊
   passes through the Authorization HTTP Header of a request.␊
 ␊
-  In case of mod_rewrite, the necessary line is:␊
+  In case of mod_rewrite, the necessary line is␊
+  one of (depending on server configuration):␊
       RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]␊
+      RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]␊
 ␊
 - The FastCGI adaptor must allow large requests to be handled by PHP,␊
   otherwise push might fail.␊

-927
928 928
929 929
930 
931 
930
931
932
933
932 934
935
936
933 937
938
934 939
935 940
936 941
+␊
    public function repository($request, $match)␊
    {␊
        // authenticate: authenticate connection through "extra" password␊
        if (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))␊
        // handle a couple of workarounds for authenticating with FastCGI/PHP␊
        if (!empty($_SERVER['HTTP_AUTHORIZATION']))␊
            list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));␊
        elseif (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))␊
            list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));␊
        elseif (!empty($_SERVER['REDIRECT_REMOTE_USER']))␊
            list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));␊
␊
        // authenticate: authenticate connection through "extra" password␊
        if (!empty($_SERVER['PHP_AUTH_USER'])) {␊
            $sql = new Pluf_SQL('login=%s', array($_SERVER['PHP_AUTH_USER']));␊
            $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));␊
 ␊
     public function repository($request, $match)␊
     {␊
-        // authenticate: authenticate connection through "extra" password␊
-        if (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))␊
+        // handle a couple of workarounds for authenticating with FastCGI/PHP␊
+        if (!empty($_SERVER['HTTP_AUTHORIZATION']))␊
+            list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));␊
+        elseif (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))␊
             list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));␊
+        elseif (!empty($_SERVER['REDIRECT_REMOTE_USER']))␊
+            list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));␊
 ␊
+        // authenticate: authenticate connection through "extra" password␊
         if (!empty($_SERVER['PHP_AUTH_USER'])) {␊
             $sql = new Pluf_SQL('login=%s', array($_SERVER['PHP_AUTH_USER']));␊
             $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));␊

Download the corresponding diff file

Indefero

File differences

Branches

Tags