[ckan-discuss] CKAN Basic Authentication bug
David Raznick
david.raznick at okfn.org
Wed Aug 7 15:06:34 BST 2013
Hello
I think there is a simple way of fixing this. The issue is than mod_wsgi
adds REMOTE_USER to the environ and our auth will take that and try and
match it to a user.
https://github.com/okfn/ckanext-geodatagov/blob/master/deployment/etc/ckan/apache.wsgi#L13
Taking lines 13,14,15,17 from the above and putting at the end of your
apache.wsgi file should stop this from happening. When posting the CKAN
api you will need to use the X-CKAN-API-Key header or specify another
header in the config file.
Thanks
David
On 7 August 2013 13:39, David Read <david.read at hackneyworkshop.com> wrote:
> I guess this is because sets the Authorization header, which the web
> interface seems to be picking up. I don't think CKAN using this header
> is an abuse of HTTP (although correct me if I'm wrong), so having the
> Basic Auth on top of CKAN is just a use case that hasn't been
> considered before. I expect this could be solved relatively easily in
> the CKAN code, so do dive in or commission someone to submit a
> suitable pull request.
>
> David
>
> On 5 August 2013 14:02, Jan Vansteenlandt <jan at okfn.be> wrote:
> > Hi all,
> >
> > I've got the following problem for which I couldn't find any solutions
> > online. I have installed a CKAN on a webserver and it's necessary that
> > before anyone can even enter the CKAN instance they should enter their
> Basic
> > Authentication credentials first.
> >
> > This is easily done by providing an location tag with auth modules in the
> > .htaccess of the virtualhost. Now, as this works nicely once for after
> > authentication I get to see my CKAN instance, it doesn't allow me to log
> > into CKAN itself. If I hit the login button, it returns a too many
> redirects
> > and if I hit register it tells me I'm already logged in....even though I
> get
> > no panel or anything. So it thinks I'm already logged in because of the
> > server Basic Authentication in front of the CKAN instance.
> >
> > So my question is, is this normal behaviour, I think a Basic
> Authentication
> > shouldn't be influencing with the internal authentication of CKAN? If
> this
> > however is indeed not possible, what would you suggest to allow for
> similar
> > behaviour, so that people first have to log in before being able to see
> the
> > CKAN itself.
> >
> > I'm working on a 2.0.1 version of CKAN.
> >
> > Best regards,
> >
> > Jan
> >
> > _______________________________________________
> > ckan-discuss mailing list
> > ckan-discuss at lists.okfn.org
> > http://lists.okfn.org/mailman/listinfo/ckan-discuss
> > Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss
> >
>
> _______________________________________________
> ckan-discuss mailing list
> ckan-discuss at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-discuss
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-discuss/attachments/20130807/31a1d592/attachment.htm>
More information about the ckan-discuss
mailing list