There may be an easier way to do this but my company has our wiki and other web apps (including TestLink) on an Apache server that has its own authentication (I think its basic authentication but changing soon to LDAP). So we don't want to have another login to TestLink or have to manage another password if we don't have to. We do still need to use the TestLink user management to assign roles for authorization. I originally did this hack on TL 1.7.4 but now did it on 1.8.5. It would be nice if this were a built in option. I'll submit an enhancement request for it.
With these changes in place our TestLink opens up already logged in as the user login that matches the one I already authenticated with our Apache server as.
In /lib/functions/user.class.php I made this change to just always return OK so it doesn't matter what passwords in are in the TestLink DB;
public function comparePassword($pwd)
{
// Lee - hack to ignore local passwords and just use Apache authentication
return tl::OK;
And then changed index.php to "require_once('doAuthorize.php');" , "$login = $_SERVER['PHP_AUTH_USER'];", "doDBConnect($db);", and "doAuthorize($db,$login,$pwd,$msg);"
The key is setting "$login = $_SERVER['PHP_AUTH_USER']"
WARNING: I make no guarantees that this is a "secure" change to make. I also renamed the logout.php file so that a user couldn't logout and then log back in with another user's login (and any password). It might be better (maybe easier) to change login.php to use the apache session username to do this?
{{ The whole index.php file }}
<?php
/**
* TestLink Open Source Project - http://testlink.sourceforge.net/
* This script is distributed under the GNU General Public License 2 or later.
*
* Filename $RCSfile: index.php,v $
*
* @version $Revision: 1.19 $
* @modified $Date: 2008/10/12 08:11:56 $ by $Author: schlundus $
*
* @author Martin Havlat
*
* This file is main window. Include authorization of user and define frames (navBar and main).
**/
require_once('lib/functions/configCheck.php');
checkConfiguration();
require_once('config.inc.php');
require_once('common.php');
require_once('doAuthorize.php');
doSessionStart();
unset($_SESSION['basehref']);
setPaths();
$reqURI = isset($_GET['reqURI']) ? $_GET['reqURI'] : 'lib/general/mainPage.php';
// Lee 2008-07-21 Use Apache BASIC Authentication instead of prompting user for username and password
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Use same username and pwd as Wiki';
exit;
} else {
//echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
//echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
$_POST = strings_stripSlashes($_POST);
// Lee 2008-07-21 Use Apache BASIC Authentication instead of prompting user for username and password
// $_SESSION['user'] = $_SERVER['PHP_AUTH_USER'];
$login = $_SERVER['PHP_AUTH_USER'];
$pwd = ''; // We don't use this
$op = doDBConnect($db);
if ($op['status'])
{
doAuthorize($db,$login,$pwd,$msg);
}
//verify the session during a work
if (!isset($_SESSION['currentUser']))
{
redirect(TL_BASE_HREF ."login.php?note=expired");
exit;
}
$smarty = new TLSmarty();
$smarty->assign('title', lang_get('main_page_title'));
$smarty->assign('titleframe', 'lib/general/navBar.php');
$smarty->assign('mainframe', $reqURI);
$smarty->display('main.tpl');
?>
Hack to use Apache authentication
Moderators: Amaradana, TurboPT, TL Developers
-
LeeRenewData
- Advanced user
- Posts: 15
- Joined: Fri Feb 09, 2007 11:34 pm
- Location: Austin, TX
Re: Hack to use Apache authentication
Hi Lee,
I am in the same situation as you, but instead of Apache my company is using Oracle and wishes to authenticate through an Oracle database. We didn't want to have another log in at Testlink or manage another set of credentials.
Can i implement your changes to suit my oracle databse? Are there any areas i need to take note of to make it work? Sorry, but i'm new to php and testlink. i did a couple of googling and searching and yours was the closest to what i'm doing.
Just a note, we're using the same oracle Data Base for JIRA as well.
Thanks in advance!
I am in the same situation as you, but instead of Apache my company is using Oracle and wishes to authenticate through an Oracle database. We didn't want to have another log in at Testlink or manage another set of credentials.
Can i implement your changes to suit my oracle databse? Are there any areas i need to take note of to make it work? Sorry, but i'm new to php and testlink. i did a couple of googling and searching and yours was the closest to what i'm doing.
Just a note, we're using the same oracle Data Base for JIRA as well.
Thanks in advance!
Re: Hack to use Apache authentication
Thanks Lee for important hack!
This should be get as feature for testlink (I have solving one installation, and this could be a good solution)
http://www.teamst.org/forum/viewtopic.p ... 54&start=0
This should be get as feature for testlink (I have solving one installation, and this could be a good solution)
http://www.teamst.org/forum/viewtopic.p ... 54&start=0
Re: Hack to use Apache authentication
We have taken the above hack, and created a hopefully more durable solution, which I have also suggested for inclusion into testlink proper. The issue is at http://mantis.testlink.org/view.php?id=4443.
(The most important change is that the authentication is managed by a configuration variable, so that the rest of the code behaves as normal *unless* you set "$tlCfg->authentication['method'] = 'PHP_AUTH_USER';" in custom_config.php. This does of course depend on the code being included into testlink proper, which hasn't happened yet)
(The most important change is that the authentication is managed by a configuration variable, so that the rest of the code behaves as normal *unless* you set "$tlCfg->authentication['method'] = 'PHP_AUTH_USER';" in custom_config.php. This does of course depend on the code being included into testlink proper, which hasn't happened yet)