Support for authentication with an apache-style htpasswd-file

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: aba+bugzilla, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 8479041 [details]
htpasswd.pm

User Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20140611 Firefox/24.0 Iceweasel/24.6.0 (Nightly/Aurora)
Build ID: 20140611050012

Steps to reproduce:

Currently Bugzilla cannot use an apache-style htpasswd-file as authentication source. The attached htpasswd.pm works for me (but is probably not appropriate for inclusion as the file name is hardcoded).



Expected results:

Please indicate whether a patch of that kind might be acceptable, and what (in addition to the password file selection) needs to be adjusted for inclusion.
(Reporter)

Updated

4 years ago
Attachment #8479041 - Flags: review?(dkl)
Comment on attachment 8479041 [details]
htpasswd.pm

supporting more authentication mechanisms isn't something that we're keen to take on in the bugzilla core currently.

instead this mechanism would be better suited to an extension.

see http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/Extension.html for information about how to package this as an extension, which would allow it to run on any recent bugzilla version.
Attachment #8479041 - Attachment mime type: text/x-perl → text/plain
Attachment #8479041 - Flags: review?(dkl) → review-
Assignee: user-accounts → extension.ideas
Component: User Accounts → Extension Ideas
you may want to look at https://github.com/mozilla/webtools-bmo-bugzilla/tree/master/extensions/Persona as an example of an extension which adds a new authentication method.

- Config.pm contains new modules (in your case Apache::Htpasswd)
- grep the code for "browserid_verify_url" to see where we're adding an admin parameter; you'd want to
  set the path to your htpasswd file using a similar mechanism
And of course worth mentioning that this will also suffer from the same limitations as the Persona extension such as:

* Unable to create account without manual intervention of an admin
* Unable to change your password through the preferences UI
* Unable to change your email address through the preferences UI
* Possibility of a user creating a bugzilla account through the UI, but then
using a different login with htpasswd and the two are not synced.

dkl

Comment 4

4 years ago
Bugzilla already supports htpasswd for years. You have to set user_info_class = Env and configure your .htaccess file to point to your htpasswd file.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.