Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004443TestLinkContribution Maintained BY USERpublic2011-04-26 16:482013-05-30 19:45
Reporterelygre 
Assigned Tofman 
PrioritynormalSeverityfeature requestReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.2 (2011 Q2 - bug fixing) 
Fixed in Version 
Summary0004443: Add support for apache-controlled user authentication
DescriptionWe, as many others, have a setup where Apache is configured with user authentication, and we would like to use testlink like that.

The request is to add an authentication method called "PHP_AUTH_USER", to use the login provided by apache to PHP.

A sample mechanism is provided below, but this may not suit the architecture and authorization strategy chosen by the developers. It would be good, though, if we in the next version would only have to set $tlCfg->authentication['method'] = 'PHP_AUTH_USER' in custom_config.inc.php.
Steps To ReproduceConfigure apache, including "Require valid-user" on the <Location /testlink>
Additional Information1) In custom_config.inc.php, set authentication to ‘PHP_AUTH_USER’:

$tlCfg->authentication['method'] = 'PHP_AUTH_USER';

2) In login.php, use authentication method -- insert between check for op[status] and initialization of args:

...

if (!$op['status'])
{
   ...
}

// ELY: Autologin begin
$authCfg = config_get('authentication');
if ($authCfg['method'] == 'PHP_AUTH_USER') {
    doSessionStart();
    unset($_SESSION['basehref']);
    setPaths();
    $login = $_SERVER['PHP_AUTH_USER'];
    if(doAuthorize($db,$login,$login,$msg) >= tl::OK)
    {
        logAuditEvent(TLS("audit_login_succeeded",$login,
                          $_SERVER['REMOTE_ADDR']),"LOGIN",$_SESSION['currentUser']->dbID,"users");
        redirect($_SESSION['basehref']."index.php".($args->preqURI ? "?reqURI=".urlencode($args->preqURI) :""));
        exit;
    }
}
// ELY: Autologin end

$args = init_args();
$gui = init_gui($db,$args);

...

3) In lib\functions\tlUser.class.php, accept any password:

public function comparePassword($pwd)
{
   $authCfg = config_get('authentication');
   if ($authCfg['method'] == 'PHP_AUTH_USER')
      return tl::OK;
   ...
TagsNo tags attached.
Database (MySQL,Postgres,etc)AnyBase
Browser
PHP Version
TestCaseID
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
(0015600)
elygre (reporter)
2011-08-05 14:33

The above solutions does not work with the ajaxlogin and ajaxcheck methods. In login.php, ignore the suggestion above, and insert this code into the function init_args():

    ...
    $args->destination = urldecode($pParams['destination']);

    // ELY: Autologin begin
    $authCfg = config_get('authentication');
    if ($authCfg['method'] == 'PHP_AUTH_USER') {
        $args->login = $_SERVER['PHP_AUTH_USER'];
        $args->pwd = $_SERVER['PHP_AUTH_USER'];
        $args->note = ''; // "Expired" breaks session mgmt
    }
    // ELY: Autologin end

    if ($pParams['action'] == 'ajaxcheck' || $pParams['action'] == 'ajaxlogin') {
    ...
(0015601)
fman (administrator)
2011-08-05 17:27

Please provide FULL files changed in ZIP format and not excerpts to add of diff or patch files.
(0015602)
Julian (reporter)
2011-08-06 11:00

I will take care of this issue.
Therefore i need some more details:

1. Please give a proper example of how to configure apache (use sample data that can be used)
2. Is this method secure?
3. Attach testlink code (as fman already asked for): full files in zip format - no diffs or patches

Please make sure your code works with latest release.
(0015938)
Julian (reporter)
2011-11-01 09:25

Unassigned because of missing feedback
(0016137)
fman (administrator)
2011-12-10 08:17

no user feedback

- Issue History
Date Modified Username Field Change
2011-04-26 16:48 elygre New Issue
2011-08-05 14:33 elygre Note Added: 0015600
2011-08-05 17:27 fman Note Added: 0015601
2011-08-06 11:00 Julian Note Added: 0015602
2011-08-08 18:17 Julian Assigned To => Julian
2011-08-08 18:17 Julian Status new => feedback
2011-11-01 09:25 Julian Assigned To Julian =>
2011-11-01 09:25 Julian Note Added: 0015938
2011-12-10 08:17 fman Category Security => Contribution Maintained BY USER
2011-12-10 08:17 fman Note Added: 0016137
2011-12-10 08:17 fman Status feedback => resolved
2011-12-10 08:17 fman Resolution open => fixed
2011-12-10 08:17 fman Assigned To => fman
2013-05-30 19:45 fman Status resolved => closed



Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker