Skip to content
This repository was archived by the owner on Oct 29, 2021. It is now read-only.

Don't use basic auth credentials as login #47

Open
jeffdgr8 opened this issue Jun 19, 2017 · 2 comments
Open

Don't use basic auth credentials as login #47

jeffdgr8 opened this issue Jun 19, 2017 · 2 comments

Comments

@jeffdgr8
Copy link

jeffdgr8 commented Jun 19, 2017

Before installing the authgoogle extension to enable Google OAuth authentication, my dokuwiki site is behind HTTP basic authentication, before you can even load the dokuwiki login page. After installing the authgoogle extension and enabling as the authentication backend, the basic auth credentials are now used to attempt to authenticate to the dokuwiki. Since there is no account with those credentials, authentication fails. But it's impossible to login with a valid account as long as the basic auth credentials are provided (which they are required to be). It just gives an access denied error and only a logout button that doesn't actually logout the basic auth user.

I had to disable the basic auth layer in order to finish setting up the Google OAuth. The Google authentication is working correctly now, but I still need to reenable the basic auth wall to prevent access to the dokuwiki login page without those basic auth credentials. How can I make the plugin not attempt to authenticate to the dokuwiki with those basic auth credentials?

@kettari
Copy link
Owner

kettari commented Jun 19, 2017

Hi, I am sorry, but it's a bit complicated to reproduce this behaviour and I am not developing this module actively right now.

If someone will propose PR, I'll merge it.

@breakaway9
Copy link

It's fairly simple to reproduce the basic auth, we just added the following code into our httpd.conf file:

<Directory "/var/www/html/docuwiki/">
AuthType Basic
AuthName dev
AuthBasicProvider file
AuthUserFile /etc/httpd/conf.d/auth/PASS_FILE
Require valid-user
Options FollowSymLinks
AllowOverride All

you just need a valid PASS_FILE with a user name and password. Add the code above, restart the webserver.

here is a sample entry for a PASS_FILE

testuser:$apr1$68pthjwg$thq1HStm76UP10Z9cX7.W.

password is asdflkjh

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants