natalie/indefero
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make HTTP auth cover all popular FastCGI workarounds

Browse Source
This commit is contained in:
Patrick Georgi 2011-08-25 15:28:02 +02:00
parent f7470e4a7a
commit 39f77886db
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/httprepos-git.mdtext
View File

@ -29,8 +29,10 @@ to mod_php or similar integrated mechanisms:
analogous mechanisms might need to be setup for other http daemons), which analogous mechanisms might need to be setup for other http daemons), which
passes through the Authorization HTTP Header of a request. passes through the Authorization HTTP Header of a request.
In case of mod_rewrite, the necessary line is: In case of mod_rewrite, the necessary line is
one of (depending on server configuration):
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
- The FastCGI adaptor must allow large requests to be handled by PHP, - The FastCGI adaptor must allow large requests to be handled by PHP,
otherwise push might fail. otherwise push might fail.

9
src/IDF/Scm/Git.php
View File

@ -927,10 +927,15 @@ class IDF_Scm_Git extends IDF_Scm
public function repository($request, $match) public function repository($request, $match)
{ {
// authenticate: authenticate connection through "extra" password // handle a couple of workarounds for authenticating with FastCGI/PHP
if (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) if (!empty($_SERVER['HTTP_AUTHORIZATION']))
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
elseif (!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6))); list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
elseif (!empty($_SERVER['REDIRECT_REMOTE_USER']))
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
// authenticate: authenticate connection through "extra" password
if (!empty($_SERVER['PHP_AUTH_USER'])) { if (!empty($_SERVER['PHP_AUTH_USER'])) {
$sql = new Pluf_SQL('login=%s', array($_SERVER['PHP_AUTH_USER'])); $sql = new Pluf_SQL('login=%s', array($_SERVER['PHP_AUTH_USER']));
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen())); $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));