Project

General

Profile

Actions

Feature #11475

closed

Redmine.pm: Allow fallback to other Apache auth providers

Added by Yasin Al Farhad over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Category:
SCM extra
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

The goal was to allow other auth modules to co-exist with Redmine.pm, and thus satisfy special case requests covering global administrative/anonymous requests in addition to those allowd by Redmine based on project relationships. I tried every other possible combinations of Apache directives to achieve this goal, but it looks like by returning AUTH_REQUIRED early in the process, Redmine.pm is becoming authoritative and preventing other modules, i.e. authn_file or authz_svn, to accept valid requests.

Replacing AUTH_REQUIRED with DECLINED seems to solve the problem:

http://www.redmine.org/projects/redmine/repository/revisions/9887/entry/trunk/extra/svn/Redmine.pm#L345

--- Redmine.pm.9887    2012-07-22 22:21:17.410411915 +0200
+++ Redmine.pm        2012-07-22 20:55:00.014411918 +0200
@@ -342,7 +342,8 @@
       return OK;
   } else {
       $r->note_auth_failure();
-      return AUTH_REQUIRED;
+#      return AUTH_REQUIRED;
+      return DECLINED;
   }
 }

However, I am not very confident about whether this will satisfy all cases and not break others. Comments and/or suggestions from relevant experts are welcomed and very much appreciated.

Quoting from http://perl.apache.org/docs/2.0/user/handlers/http.html#HTTP_Request_Cycle_Phases

Before discussing each handler in detail remember that if you use the stacked handlers feature all handlers in the chain will be run as long as they return Apache2::Const::OK or Apache2::Const::DECLINED...

Actions

Also available in: Atom PDF