Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues when using HTTP BASIC Auth on EnvironmentChecker.php #73

Open
robertvanlienden opened this issue Dec 9, 2021 · 1 comment
Open

Issues when using HTTP BASIC Auth on EnvironmentChecker.php #73

robertvanlienden opened this issue Dec 9, 2021 · 1 comment
Labels
affects/v4 impact/high type/bug

Comments

@robertvanlienden
Copy link

robertvanlienden commented Dec 9, 2021
edited
Loading

Hi there,

I've found 2 issues in this module touching the BASIC AUTH.

Details about environment

Running this module on;

  • PHP 7.2
  • Apache

Readme

  1. The example in the README does not work. In the original README there are double-quotes added.
    But the double-quotes are not needed, the example below is the right way to add this environment variables;
ENVCHECK_BASICAUTH_USERNAME=test
ENVCHECK_BASICAUTH_PASSWORD=password

For some reason Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME') returns "test" and Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME') will return "password".

In the README update PR I've created, there was a comment mentioning https://github.com/m1/Env#env-example. Quotes around .env variables should be allowed.

Wierd issue, needs further investigation.

$_SERVER['PHP_AUTH_PW'] and $_SERVER['PHP_AUTH_USER']

  1. $_SERVER['PHP_AUTH_PW'] and $_SERVER['PHP_AUTH_USER'] checks in EnvironmentChecker.php -> init method are not working

For some reason, when I check on the variables above, I've keep getting the "basic auth form" and logging in.
Did some investigation, and the variables are just not available.

When I'm adding a $request = $this->getRequest(); and then use $request->getHeader('PHP_AUTH_USER') and $request->getHeader('PHP_AUTH_PW') the basic login works.

And now?

I'm willing to create a PR later, but right now I just don't have time to fix this and create a PR.
Because I've found this issue and I think its important to fix this, I've created a Issue to make sure this is documented somewhere.

Work-around;
For now, I've created a custom HealthCheck controller that doesn't involve the init method on the EnvironentChecker.
This way I can use my own basic authentication logic in my own controller.
@robertvanlienden robertvanlienden mentioned this issue Dec 9, 2021
Closed
@robertvanlienden
Copy link
Author

robertvanlienden commented Dec 9, 2021
edited
Loading

Update on README;
#74
PR closed because the quotes should be supported by .env https://github.com/m1/Env#env-example (Thanks @dhensby for your comment on the PR)

Created the PR above to fix the readme.

Update on $_SERVER['PHP_AUTH_PW'] and $_SERVER['PHP_AUTH_USER'] variables;

Found this comment on http-auth on php.net suggesting a work around to use this variable; SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 in the Apache configuration.

Now I'm not sure if we should replace the $_SERVER['PHP_AUTH_PW'] and $_SERVER['PHP_AUTH_PW'] variables.

But I found out that SilverStripe BasicAuth relies on $request->getHeader('PHP_AUTH_USER') and $request->getHeader('PHP_AUTH_PW') variables.
🤔 I can't make a choice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects/v4 impact/high type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emteknetnz @robertvanlienden