Broken anonymous repository access for public projects with Apache 2.4 (redmine.pm)
|Assignee:||Jean-Philippe Lang||% Done:|
Hi there. I recently upgraded my redmine from 2.3 to 2.5.1. Now i have the same problem described in this stackoverflow post:
Detailed: When my project is not public everything works fine (authentication with subsequent git clone). But when my project is public (Authentication required is disabled) than i get the internal server error message 500. In my error log on the server the following message appears:
"AH00027: No authentication done but request not allowed without authentication for $PATH. Authentication not configured?"
Before upgrading it was possible for me to clone a public repository without authentication. Why it is currently disabled?
Environment: Redmine version 2.5.1.stable Ruby version 2.0.0-p457 (2014-03-03) [x86_64-linux-gnu] Rails version 3.2.17 Environment production Database adapter Mysql2 SCM: Subversion 1.8.8 Git 1.9.1 Filesystem Redmine plugins: redmine_embedded 0.0.2 redmine_http_auth 0.3.0-dev redmine_mylyn_connector 2.8.2.stable redmine_scm 0.4.2 redmine_webdav 0.6.0
#4 Updated by Mark Anderson about 4 years ago
Am stuck here too - Ubuntu 14/Apache 2.4 combo, 2.5.1 Redmine
Can anyone clarify this - do I remove the whole "if" construct or somehow modify it? removing it means NO handler will be set - is that the hack?
Martin Denizet (redmine.org team member) wrote:
I experienced the same problem with Ubuntu 14.04 (Apache 2.4).
Though the patch which consists in removing the "if" for anonymous access worked, I was not able to get Git Smart HTTP to work.
#5 Updated by Martin Denizet (redmine.org team member) almost 4 years ago
As far as I understand, the error occurs because there is no handler under certain settings. Removing the "if" removes the problem because then there is a handler every time.
I tried to make it work on my Ubuntu test VM hacking the Redmine.pm. I could not get Git Smart HTTP to work with Redmine.pm.
I would get a 404 error when trying to clone.
I will try again later if I have time.
#6 Updated by Jorge S. about 3 years ago
I have this also happening in 3.0.2
2 Projects, no one of them public. I get "abort: HTTP Error 500: Internal Server Error" when trying to clone.
If under Settings -> Authentication I set "Authentication required", then I would be prompted for credentials in the clone command.
#7 Updated by Cyber Gen about 3 years ago
I have discovered that when authentication fails, no matter if it's a public or private project, I always get a 500 error.
I do see a difference in the apache log. When authentication is correct I see no lines in the log. When authentication fails I see this
[Sat Aug 08 13:23:38.727989 2015] [authn_file:error] [pid 8989:tid 139932576245504] [client 192.168.192.100:52376] AH01619: AuthUserFile not specified in the configuration
I beleive this to be a bug in the Redmine.pm file that doesn't return authentication when authentication fails.
#10 Updated by Holger Just almost 3 years ago
The basic idea is that we forcefully set the username to an empty string if we directly return with an OK. This results in Apache understanding that we have verified the empty username.
#11 Updated by Jean-Philippe Lang almost 3 years ago
- Subject changed from broken anonymous repository access for public projects (redmine.pm) to Broken anonymous repository access for public projects (redmine.pm)
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.1.3
- Resolution set to Fixed
Thanks, I'm committing the patch but I don't see any changes to Redmine.pm between 2.3 and 2.5.1 that could cause this error.
Tests for the perl module include a git clone on a public project without authentication (source:trunk/test/extra/redmine_pm/repository_git_test_pm.rb), and it passes. Maybe it's related to the Apache version, the tests run on Apache 2.2.