Redmine.pm and authentication

Added by Tapio Salonsaari about 9 years ago

Hello.

I had an problem setting up SVN -authentication via Redmine.pm. I'm using apache2 with virtualhosts svn.myhost.foo and redmine.myhost.foo where svn.myhost is basic SVN-configuration and redmine.myhost is access to redmine installation via proxy balancer. Everything seemed to run smoothly, but I couldn't login into SVN-server.

I've got a project 'myproject1' with repository http://svn.myserver.foo/myproject1, so I tried to access svn-server from command line:

> svn list http://svn.myserver.foo/myproject1
Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking
Password for 'take': 
Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking
Username: take
Password for 'take': 
Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking
Username: take
Password for 'take': 
svn: PROPFIND request failed on '/myproject1'
svn: PROPFIND of '/myproject1': authorization failed (http://svn.myserver.foo)

I traced the problem via MySQL-logs and into a query like this:

SELECT hashed_password FROM members, projects, users WHERE
projects.id=members.project_id AND users.id=members.user_id AND
users.status=1 AND login='take' AND identifier=NULL

The problem is obviously 'identifier=NULL' -part. I traced the problem into Redmine.pm and function get_project_identifier(), which didn't return correct identifier. I went around the problem by altering the code to suit my server:

sub get_project_identifier {
    my $r = shift;
    my $location = $r->location;
    #my ($identifier) = $r->uri =~ m{$location/*([^/]+)}; <- Changed this
    my $identifier = $location; # <- to this
    $identifier=~s/\///;
    $identifier;
}

After the modification it works like it's supposed to. I'm just wondering if that's an actual bug in Redmine.pm or is there some option / whatever to actually fix the problem instead of going around it?

Replies (4)

RE: Redmine.pm and authentication - Added by Nicolas Chuche about 9 years ago

What's your apache conf ?

You should have something like that :

<Location /svn>
   DAV svn
   SVNParentPath "/var/svn" 
   SVNListParentPath On
[...]

RE: Redmine.pm and authentication - Added by Tapio Salonsaari about 9 years ago

That may be the actual problem. My conf looks like this:

        <Location /myproject1>
                DAV svn
                SVNPath "/path/to/myproject1/svn" 

But if I use SVNParentPath and SVNListParentPath options it's possible for everyone to read all the projects via http://myserver.foo/svn/, right? That's not something I'll allow since the same redmine installation is used to handle several projects with different developers. And developers are allowed only to see their own projects, so giving them access to read even the names of the projects at svn-server is not an option.

Anyways, the modification I made works just fine for me and I'll think I'll stick to it. It's not broken so there's no need to fix it ;) Good to know anyways how thigns are planned to work since redmine is the answer for many projects and it's more than likely that I'm going to admin several installations in near future.

RE: Redmine.pm and authentication - Added by Nicolas Chuche about 9 years ago

But if I use SVNParentPath and SVNListParentPath options it's possible for everyone to read all the projects via http://myserver.foo/svn/, right?

If you just use SVNParentPath that's false.

You should follow http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl where everything is explain.

If something is not clear enough, just ask, I will try to clarify.

Anyways, the modification I made works just fine for me and I'll think I'll stick to it. It's not broken so there's no need to fix it ;)

By the way it's broken as you will have to declare a Location parameter for each project. Not really hard but not really a good thing.

RE: Redmine.pm and authentication - Added by S C almost 9 years ago

Hi,

If your configuration uses addresses like http://my.server.com/my_project
the get_project_identifier function will receive something like '/my_project'.
Then the regexp will not match...

To do the trick I replaced :

my ($identifier) = $r->uri =~ m{$location/*([^/]+)};

by :

my ($identifier) = $r->uri =~ m{/([^/]+)};

But it's a quick and dirty solution. It would be nice to get an Apache option to set the regexp or something equivalent...

(1-4/4)