Home General support

Use http authenticated user for login

TheLexus Member
in General support
Hello,

is there any way to use a http authenticated user for zenphoto.

Here is the scenario:

I have a home nas running apache2 and want to add a web gallery. Apache2 does always a http authentication. Can zenphoto use this information to automatically login the user with the same login name?

Bye
TL

Comments

  • sbillard Member
    There is no means at present. Extensions to the Zenphoto credentials are possible (see the federated logon plugin) but none has (to my knowledge) been done for http authorization.
  • sbillard Member
    Here is something you can try. Note that I have not done any testing. In fact I do not know if the HTTP authorization password is in cleartext. If not this will not work.

    You will have to setup a Zenphoto user with the same ID and password as for the HTTP login. Then put this script into your plugins folder and enable it.

    Let us know how it works out.

    `
    <?php
    /* Tries to authorize user based on HTTP credentials
    *
    * @package plugins
    */
    $plugin_is_filter = 5|CLASS_PLUGIN;
    $plugin_description = gettext('Checks for HTTP authoized user');
    $plugin_author = "Stephen Billard (sbillard)";
    $plugin_version = '1.4.2';

    zp_register_filter('authorization_cookie', 'http_auth_check');

    function http_auth_check($authorized) {
    global $_zp_authority;
    if (!$authorized) {
    $userobj = $_zp_authority->getAnAdmin(array('user=' => $PHP_AUTH_USER, 'pass=' => $PHP_AUTH_PW, 'valid=' => 1));
    if ($userobj) {
    $authorized = $userobj->getRights();
    }
    }
    return $authorized;
    }

    ?>
    `
  • sbillard Member
    The above requires a PHP setting that may not be present. I have done some more research and implemented a plugin for this feature in the 1.4.2 BETA build. It will be in tonight's build. For the documentation read the comments of the http_auth.php script in the zp-extensions folder.
  • TheLexus Member
    Wow... that was fast!

    Many thanks. I will try it asap and report back!
  • sbillard Member
    Well, it was a pretty simple thing to add. Just no one ever mentioned it before. I did have to figure out how to configure apache to provide the logins to actually test the plugin.
  • TheLexus Member
    Hi,

    i'm happy. It works very well. Thank you!

    On a quick test i found only one little drawback:

    You can't log off! :) But, this is not a real show stopper, i would say it works like designed.

    And, to prevent false bug reports, you should mention that this only works if the auth method used by the web server does send a cleartext password. I have configured a auth using radius and that sends the password as cleartext (using https, of course).

    But, if i'm not wrong, kerberos or ntlm for example will not work.

    To make that auths (and every auth else) working: If there is a remote_user available, the authentication always was successful. Can the http_auth plugin modified (maybe using a non config switch that is disabled by default) to make zp happy if only the user is set, without doing any password checks?
  • sbillard Member
    If you do a search on http authentication you will see a discussion on this. Short answer is since Zenphoto did not log you in, it does not log you off. Also as I read these discussions, logging off is problematical anyway as it is browser dependent.

    The documentation does say that the password must be cleartext. Currently that is only in the script header but will appear in the documentation link when the plugin makes it into a full release where we have re-generated the documents. I was not able to determine if the password is kept in cleartext for the encrypted versions or not.

    The plugin can be modified fairly easily to just use the user ID. I will make that change as an option.

    [edit] The option is included in the changes for tonight's build.
  • TheLexus Member
    Thanks again! Great work!
Sign In or Register to comment.