Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set basic auth from admin page #9

Closed
GaryJones opened this issue May 29, 2016 · 7 comments
Closed

Set basic auth from admin page #9

GaryJones opened this issue May 29, 2016 · 7 comments
Assignees
@bradyvercher
Labels
Status: Wontfix Type: Bug

Comments

@GaryJones
Copy link
Collaborator

For whatever reason, I'm struggling to set HTTP Basic Auth on the right folder, either manually, or through my hosts cPanel.

Since SatisPress appears to be creating a .htaccess file in the uploads/satispress directory anyway, it would be cool if SatisPress could have the option of creating the .htpasswd too and update the .htaccess file.
@bradyvercher
Copy link
Member

I don't think you should need to set up HTTP Basic Auth manually if you enable the checkbox on the SatisPress admin screen. Package downloads are proxied through PHP so it can handle authentication using the users that are available in WordPress.

If you try accessing the packages in the same browser window that is logged in to WordPress, then your existing cookies will prevent the Basic Auth prompt from displaying. You'll need to test from a private window.

@GaryJones
Copy link
Collaborator Author

Ah, there's no indication anywhere that the WP username and WP password are the way to get access in a private window. I'll give it a try.

@GaryJones
Copy link
Collaborator Author

Still having trouble with the WP user and password being recognised. I'm wondering if http://php.net/manual/en/features.http-auth.php#114877 is relevant here.

GaryJones added a commit that referenced this issue May 31, 2016
@GaryJones
Workaround for Basic Auth issue
de018f7 
Some CGI/FastCGI implementations don't set the PHP_AUTH_* variables, so potentially set them from a .htaccess environment rule.

See https://github.com/blazersix/satispress/wiki/Basic-Auth and http://stackoverflow.com/questions/3663520/php-auth-user-not-set

See #9.
@GaryJones GaryJones assigned GaryJones and bradyvercher and unassigned GaryJones Oct 11, 2016
@GaryJones
Copy link
Collaborator Author

@bradyvercher Would you be happy for this to be merged into master?

@bradyvercher
Copy link
Member

Will this only work if someone manually sets the environment variable in .htaccess?

I believe there's a related issue and potentially some code in the OAuth repo for the WP REST API that might shed some more light on this.

In any case, merging it into master is fine with me if it helps you. We can look into a more robust solution if it becomes a bigger problem.

@GaryJones
Copy link
Collaborator Author

Will this only work if someone manually sets the environment variable in .htaccess?

Yes. If it's not set, this code should do nothing.

@bradyvercher
Copy link
Member

Actually, on a closer look, I don't think this will work as is. It assumes the auth scheme is always Basic, but the Authorization header can contain different schemes with different token formats. Digest, OAuth, Hawk, Signature, and Bearer are a few I've used.

There's a lot more discussion over in the WP API repos about how to work around this, but I haven't seen a solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bradyvercher bradyvercher

Labels
Status: Wontfix Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GaryJones @bradyvercher