Home » Download » Modules » Webserver authentication » Issues

Try to acquire authentication when it is needed

kkaefer - August 15, 2008 - 16:27
Project:Webserver authentication
Version:6.x-1.x-dev
Component:Code
Category:feature request
Priority:normal
Assigned:kkaefer
Status:needs work
Description

The attached patch adds a new feature to this module: When the 403 error handler is set to the newly defined menu item “authenticate”, the user is redirected to that URL when he’s not yet logged in. The administrator has to configure the appropriate access rules for only that specific URL (it acts as a “login URL” only). When the user acquired the login from that URL, he is redirected to the page he requested originally or – when the permissions are still not there – he is finally shown the 403 page.

The required configuration for this setup:

  • set 403 handler to “authenticate”.

  • in Drupal’s .htaccess, add the following:

    <Files authenticate>
      # Kerberos authentication
      AuthType Kerberos
      AuthName "Kerberos login"


      KrbMethodK5Passwd on
      KrbMethodNegotiate off
      KrbAuthoritative on
      KrbVerifyKDC off
      KrbAuthRealms KERBEROS.EXAMPLE.COM
      require valid-user
    </Files>

    or use any other authentication method inside <Files authenticate>.

When the user is logged out, any request to a page that would require more access permissions is redirected to that “page”. Apache requires authentication for that page, Drupal grabs the username from it, logs the user in and redirects to the original page.

AttachmentSize
webserver_auth-redirect.patch1.75 KB
» Login or register to post comments

#1

kkaefer - August 15, 2008 - 16:36

The use case for this is when you want to have a website that is accessible to guests as well, but when certain parts (e.g. admin area) are restricted to admins.

Login or register to post comments

#2

kswan - September 2, 2008 - 19:56

I tried this patch and have some feedback.

First, this code only works if Clean URLs are enabled. Without Clean URLs I get stuck in a redirect loop.

<?php
function webserver_auth_verify() {
  global $user;
  $segment = drupal_get_normal_path(parse_url(substr(request_uri(), drupal_strlen(base_path())), PHP_URL_PATH));
?>

The $segment variable is empty if Clean URLs is disabled.

I enabled Clean URLs, and it is now redirecting to 'authenticate' correctly, but the webserver_auth_verify function never gets into the "user is verified" mode.

<?php
elseif ($user->uid && $segment == arg(0)) {
    // The user managed to authenticate with this URL; send him to his destination.
    drupal_goto();
  }
?>

It ends up at a white screen after running

<?php
$GLOBALS['conf']['site_403'] = '';
?>

even though the user successfully authenticated.

I can then go to my homepage and the user is logged in.

I tried to change

<?php
elseif ($user->uid && $segment == arg(0)) {
?>

to
<?php
elseif ($user->uid) {
?>

and the redirect works correctly now, but I am not sure of the implications of this change.

Login or register to post comments

#3

Paul Kishimoto - September 21, 2008 - 19:08

Hi—I was just made maintainer of this module, exciting!

kkaefer, can you take a look at kswan's comments and submit a patch that works (for you) with Clean URLs off?

That glitch aside, this looks like very useful functionality and I'd like to include it (once I figure out how to CVS commit...I'm too used to bzr!)

Login or register to post comments

#4

kkaefer - September 21, 2008 - 21:47

Definitely! Any code submitted here is GPL, so you can take it, modify and commit it.

Login or register to post comments

#5

kswan - June 17, 2009 - 16:14
Status:needs review» needs work

Status correction.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.