allow authentication using SSL client certificates (closes #324)
This commit is contained in:
parent
535d216a7d
commit
f98252f27c
3 changed files with 29 additions and 10 deletions
|
@ -128,10 +128,13 @@
|
|||
// Limits the amount of feeds daemon (or a cronjob) updates on one run
|
||||
|
||||
define('ALLOW_REMOTE_USER_AUTH', false);
|
||||
// Set to 'true' if you trust your web server's REMOTE_USER
|
||||
// environment variable to validate that the user is logged in. This
|
||||
// option can be used to integrate tt-rss with Apache's external
|
||||
// authentication modules.
|
||||
// Set to 'true' if you trust your web server's REMOTE_USER or
|
||||
// REDIRECT_SSL_CLIENT_S_DN_CN environment variables to validate
|
||||
// that the user is logged in. This option can be used to integrate
|
||||
// tt-rss with Apache's external authentication modules or SSL
|
||||
// client certificate authentication.
|
||||
// Please note that REMOTE_USER takes precedence over SSL certificate
|
||||
// information.
|
||||
|
||||
define('AUTO_LOGIN', false);
|
||||
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
|
||||
|
|
|
@ -1757,6 +1757,22 @@
|
|||
return true;
|
||||
}
|
||||
|
||||
function get_remote_user() {
|
||||
$remote_user = $_SERVER["REMOTE_USER"];
|
||||
|
||||
if (!$remote_user)
|
||||
$remote_user = $_SERVER["REDIRECT_SSL_CLIENT_S_DN_CN"];
|
||||
|
||||
return db_escape_string($remote_user);
|
||||
}
|
||||
|
||||
function get_remote_fakepass() {
|
||||
if (get_remote_user())
|
||||
return "******";
|
||||
else
|
||||
return "";
|
||||
}
|
||||
|
||||
function authenticate_user($link, $login, $password, $force_auth = false) {
|
||||
|
||||
if (!SINGLE_USER_MODE) {
|
||||
|
@ -1766,9 +1782,9 @@
|
|||
$login = db_escape_string($login);
|
||||
|
||||
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
|
||||
&& $_SERVER["REMOTE_USER"] && $login != "admin") {
|
||||
&& get_remote_user() && $login != "admin") {
|
||||
|
||||
$login = db_escape_string($_SERVER["REMOTE_USER"]);
|
||||
$login = db_escape_string(get_remote_user());
|
||||
|
||||
$query = "SELECT id,login,access_level,pwd_hash
|
||||
FROM ttrss_users WHERE
|
||||
|
@ -1959,8 +1975,8 @@
|
|||
|
||||
if (!$_SESSION["uid"] || !validate_session($link)) {
|
||||
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
|
||||
&& $_SERVER["REMOTE_USER"] && defined('AUTO_LOGIN') && AUTO_LOGIN) {
|
||||
authenticate_user($link,$_SERVER['REMOTE_USER'],null);
|
||||
&& get_remote_user() && defined('AUTO_LOGIN') && AUTO_LOGIN) {
|
||||
authenticate_user($link, get_remote_user(), null);
|
||||
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
||||
} else {
|
||||
render_login_form($link, $mobile);
|
||||
|
|
|
@ -131,11 +131,11 @@ function validateLoginForm(f) {
|
|||
<tr><td align="right"><?php echo __("Login:") ?></td>
|
||||
<td align="right"><input name="login"
|
||||
onchange="fetchProfiles()" onfocus="fetchProfiles()"
|
||||
value="<?php echo $_SERVER["REMOTE_USER"] ?>"></td></tr>
|
||||
value="<?php echo get_remote_user() ?>"></td></tr>
|
||||
<tr><td align="right"><?php echo __("Password:") ?></td>
|
||||
<td align="right"><input type="password" name="password"
|
||||
onchange="fetchProfiles()" onfocus="fetchProfiles()"
|
||||
value="<?php echo $_SERVER["REMOTE_USER"] ?>"></td></tr>
|
||||
value="<?php echo get_remote_fakepass() ?>"></td></tr>
|
||||
<tr><td align="right"><?php echo __("Language:") ?></td>
|
||||
<td align="right">
|
||||
<?php
|
||||
|
|
Loading…
Reference in a new issue