Defect #2692
closed
The Apache Authentification handler Redmine.pm should honor login_required parameter
Added by Felix Schäfer about 15 years ago.
Updated over 13 years ago.
Description
Redmine: r2363
The Redmine.pm authentification handler for Apache should check for the login_required parameter. I currently have a redmine install that requires login, where some projects are public, so that every logged in user can read it. I would expect the svn authentication to follow the same scheme, but repositories for public projects are also available to users who are not logged in.
Files
I updated my Redmine.pm a little so that no unauthenticated user can access a repository in a "login_required" Redmine installation, here is the patch:
Index: Redmine.pm
===================================================================
--- Redmine.pm (revision 2389)
+++ Redmine.pm (working copy)
@@ -206,7 +206,7 @@
my $project_id = get_project_identifier($r);
$r->set_handlers(PerlAuthenHandler => [\&OK])
- if is_public_project($project_id, $r);
+ if (is_public_project($project_id, $r) && !is_login_required($r));
return OK
}
@@ -225,6 +225,22 @@
}
}
+sub is_login_required {
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT value FROM settings WHERE settings.name='login_required';"
+ );
+
+ $sth->execute();
+ my @ret = $sth->fetchrow_array();
+ $sth->finish();
+ $dbh->disconnect();
+
+ $ret[0];
+}
+
sub is_public_project {
my $project_id = shift;
my $r = shift;
I'll have to work a little more to make it accessible for non-project members for a public project in a login_require redmine.
I was just working through the same issue and came up with a complete solution. My perl experience is slim to nil so I tried to change as little as possible. In addition to the change above, I changed the SQL in the main {RedmineQuery} property to include public projects and flipped around some of the code in the is_member function. The existing code was unsecure with LDAP authentication and I addressed that as well. I have attached my version of Redmine.pm. Can someone please review my changes and commit it into the tree? Thanks.
- Status changed from New to Closed
- Resolution set to Fixed
As far as I can see this is fixed in r3831.
Also available in: Atom
PDF