Coder Social home page Coder Social logo

libphremoteuser's Introduction

libphremoteuser

This extension to Phabricator performs basic authentication via a web server's REMOTE_USER variable. It should be able to work with a variety of major servers such as Apache and Nginx, but I have only tested it with Apache.

Installation

To install this library, simply clone this repository alongside your phabricator installation:

cd /path/to/install
git clone https://github.com/psigen/libphremoteuser.git

Then, simply add the path to this library to your phabricator configuration:

cd /path/to/install/phabricator
./bin/config set load-libraries '["libphremoteuser/src/"]'

When you next log into Phabricator as an Administrator, go to Auth > Add Authentication Provider.
In the list, you should now see an entry called Web Server. Enabling this provider should add a new button to your login screen.

In order to actually log in, your web server needs to populate the $REMOTE_USER variable when the login button is pressed. You can do this by forcing the login URI that Phabricator uses to be restricted, by adding a directive like the following to your web server configuration (this is Apache2):

<Location "/auth/login/RemoteUser:self/">
  Authtype Basic
  AuthName "Phabricator at My Server"
  Require valid-user
  
  Options None
  Order allow,deny
  Allow from all
</Location>

Security

I make no guarantees about this library being totally secure. It's not obviously insecure.
However, please make sure to at least REDIRECT THE LOGIN URI TO SSL, OTHERWISE YOU ARE SENDING PLAIN TEXT PASSWORDS.

If you care about security consider:

  • Hosting Phabricator entirely on https/SSL
  • Restricting access to the whole Phabricator installation directory, also using SSL.

libphremoteuser's People

Contributors

psigen avatar

Stargazers

Alexey Kachalov avatar Greg avatar Dennis Schridde avatar

Watchers

James Cloos avatar avatar

Forkers

make-all uhd-urz billtt anonfriese nyantec gm3197

libphremoteuser's Issues

Fetch real name via posix_getpwnam

It would be great if libphremoteuser could optionally fetch the real name from the system, via posix_getpwnam(string $username) (field gecos).

The administrator would have to choose how to interpret that string, since it is not well defined. But you could interpret it as surname, given name by default, which seems to be common these days.

To allow for this, you might need to extract the actual username from the REMOTE_USER string. In case of Kerberos authentication this is usually username@MYDOMAIN. Simple string matching should suffice.

And when you are at it, you can even generate a default for the email address from this, by letting the administrator define a default domain, and then just concatenating username@default-domain.

EXCEPTION: (Exception) Source file "/var/www/html/phabricator/libphremoteuser/__phutil_library_init__.php" failed to load.

EXCEPTION: (Exception) Source file "/var/www/html/phabricator/libphremoteuser/phutil_library_init.php" failed to load. at [/src/moduleutils/PhutilBootloader.php:279]
arcanist(head=master, ref.master=d92fa96366c0), phabricator(head=master, ref.master=d02beaf8161a), phutil(head=master, ref.master=b416093386a2)
#0 PhutilBootloader::executeInclude(string) called at [/src/moduleutils/PhutilBootloader.php:217]
#1 PhutilBootloader::loadLibrary(string) called at [/src/moduleutils/core.php:12]
#2 phutil_load_library(string) called at [/src/infrastructure/env/PhabricatorEnv.php:202]
#3 PhabricatorEnv::buildConfigurationSourceStack(boolean) called at [/src/infrastructure/env/PhabricatorEnv.php:95]
#4 PhabricatorEnv::initializeCommonEnvironment(boolean) called at [/src/infrastructure/env/PhabricatorEnv.php:75]
#5 PhabricatorEnv::initializeScriptEnvironment(boolean) called at [/scripts/init/lib.php:22]
#6 init_phabricator_script(array) called at [/scripts/init/init-setup.php:12]
#7 require_once(string) called at [/scripts/setup/manage_config.php:5]

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.