Thursday, July 05, 2007

Experience with Mantis; HTTP Basic Authentication, Single sign-on with Subversion

I recently downloaded and installed Mantis 1.1.0a3 (Linux platform) and configured HTTP server (Apache) to use basic authentication for accessing mantis directory. Inside mantis, as admin user, created one user with MD5 login.

To support single sign-on with subversion, HTTP Authentication for mantis login is one possibility. Below is the list of desired/expected results from mantis with HTTP Basic authentication.

There may be an overhead with HTTP Authentication, as each request for resource from server will be challenged by the HTTP server and the browser will have to provide the necessary authentication credentials each time before retrieving this resource.

Requirements:

  • To access mantis directory, the user (username) will be authenticated against a password file by the web-server (HTTP Basic Authentication).
  • Once authenticated, get the username that requested for mantis resources (files).
  • If the user is already created inside mantis, just login with this username without checking against stored password.
  • If the user does not exist, create a new user with this username, and login with the new username. Ignore the password.
  • Use some other mechanism to change the common HTTP Basic password.

Mantis provides two configuration options to support HTTP Basic Authentication, BASIC_AUTH & HTTP_AUTH.

1. BASIC_AUTH: Inside config_inc.php file, set $g_login_method to BASIC_AUTH. If the Auth Forms in the browser is cleared, trying to access mantis will pop up the HTTP login menu. Enter the username (an account for this username already exists in mantis) and password as defined inside the HTTP password file. If this login is successful, the mantis page will be shown, but in this case it still shows the default mantis login page instead of directly going to the requested page for the logged-in user. Entering the username of any existing valid account in this login page will take the user to the requested page with original user logged-in.

2. HTTP_AUTH: Change $g_login_method to HTTP_AUTH. For an existing user account inside mantis, once the HTTP server authenticates the user, the user will be logged-in and this will take the user to the correct page, skipping the default mantis login page. But the user password is verified against the password stored in the mantis database; this seems to work, if the password is stored as plain text. This is not the desired behavior. Once the user is authenticated by the HTTP server, mantis does not need to do any more password check. With HTTP_AUTH, mantis directly generates the HTTP login menu in case of a login failure. For non-existing mantis users, it gives an Invalid email error whereas the expected behavior is to create an account for this user in mantis.

To make BASIC_AUTH work as desired, make the following changes:

login_page.php


Add the following lines after line 40,

if ( BASIC_AUTH == config_get( 'login_method' ) ) {
$t_uri = "login.php";
print_header_redirect( $t_uri );
exit;
}

login.php


Towards the end of this file, for auth_attempt_login failure case, add the following,

// avoid a continuous loop, in case of failure
if ( BASIC_AUTH == config_get( 'login_method' ) ) {
auth_http_prompt();
exit;
}

core/authentication_api.php


Add the following inside function auth_does_password_match after LDAP check,

//if BASIC_AUTH, just ignore the password
if ( BASIC_AUTH == $t_configured_login_method ) {
return true;
}

Inside function auth_attempt_login, modify lines after config_get( 'login_method' ) as,

if ( BASIC_AUTH == $t_login_method ) {
# attempt to create the user if using BASIC_AUTH
if ( false === $t_user_id ) {
$t_cookie_string = user_create( $p_username, $p_password );
}
................
}

To avoid Invalid email error for new users, add the following configurations inside config_inc.php,

config_inc.php


       $g_enable_email_notification    = OFF;
$g_validate_email = OFF;

With the above modifications my requirements are met and mantis seems to work as expected. I am not sure whether these modifications will affect any other functionalities of mantis. If you face any problems, please give your comments here.

29 comments:

Anonymous said...

test

Jay said...

To login as admin, re-enable $g_login_method = MD5, and reverse the last change (given below).

>>>>>>>>>>
Inside function auth_attempt_login, modify lines after config_get( 'login_method' ) as,

if ( BASIC_AUTH == $t_login_method ) {
# attempt to create the user if using BASIC_AUTH
if ( false === $t_user_id ) {
$t_cookie_string = user_create( $p_username, $p_password );
}
................
}
<<<<<<<<<<<<

benny said...

Hello,

I followed your instructions then it doesn't work for me. I received that error from mantis :
APPLICATION ERROR #805

The username is invalid. Usernames may only contain Latin letters, numbers, spaces, hyphens, and underscores.

But my username is benoit so there is only Latin Letters.....

Regards, benny.

Jay said...

Hi Benny,

Sorry, I also don't have an explanation for the error. I am not an expert in PHP, just did enough tweaks to get the single sign-on work for me.

Jay

Jay said...

does it work fine for you before doing the modifications?

Jay

Chavi said...

You write very well.

Anonymous said...

although I'm not sure if anyone is still interested, but I may know have a solution to benny's problem.

error 805 appears to be triggered by a blank entry as well as by an invalid username.

on some systems $_SERVER['REMOTE_USER'] isn't set, but $_SERVER['PHP_AUTH_USER'] still is - since login.php looks for $_SERVER['REMOTE_USER'] when using BASIC_AUTH, this may be causing the 805.

just change the following line in login.php:
$f_username = $_SERVER['REMOTE_USER'];
to
$f_username = $_SERVER['PHP_AUTH_USER'];

Jay said...

Thanks for that fix!

- Jaya

Anonymous said...

[url=http://lehmanbrotherbankruptcy.com/tds/go.php?sid=4&q=Buy+Viagra+Online][img]http://www.blogs.medextreme.com/image/buying_viagra.jpg[/img][img]http://www.blogs.medextreme.com/image/buying_levitra.jpg[/img][img]http://www.blogs.medextreme.com/image/buying_cialis.jpg[/img][/url]
[url=http://lehmanbrotherbankruptcy.com/tds/go.php?sid=4&q=Buy+Viagra+Online]viagra order very cheap no prescription online[/url]


































































































Viagra no prescription viagra sale uk viagra side effect man free pill buy generic cost low viagra sample viagra free online generic viagra kamagra100mg prescription viagra best price viagra online order generic viagra line.
[img]http://www.kanjano.org/2007/wp-content/uploads/2007/02/stkanjano.jpg[/img]
Most men experience very little side effects with Generic Viagra online. Buy Cheap Generic Viagra ,Cialis,Levitra.
[url=http://blogs.baysidenow.com/members/viagra-france.aspx]Viagra France[/url]
Viagra , generic viagra , buy viagra , buy viagra online , order viagra online , cheap generic viagra , viagra for women, viagra pill, viagra side effects, viagra free samples , online viagra prescriptions, viagra cialis levitra,. Viagra without a prescription ontario cheapest viagra online in the uk prescription order viagra without low coast viagra cheap.
[url=http://community.certbase.de/members/cialis-viagra-online-pharmacy/default.aspx]Cialis Viagra Online Pharmacy[/url]
Viagra and niacin get viagra without a prescription generic viagra sale on line buy cheap viagra prescription online viagra joke sheet off leg.
[url=http://a-rab.net/node/268]Women Who Take Viagra[/url]

Anonymous said...

[url=http://www.kfarbair.com][img]http://www.kfarbair.com/_images/_photos/photo_big8.jpg[/img][/url]

בית מלון [url=http://www.kfarbair.com]כפר בעיר[/url] - שירות חדרים אנחנו מספקים שירותי אירוח מגוונים גם ישנו במקום שירות חדרים המכיל [url=http://www.kfarbair.com/eng/index.html]ארוחות רומנטיות[/url] במחירים מיוחדים אשר מוגשות ישירות לחדרכם...

לפרטים נא לפנות לעמוד המלון - [url=http://kfarbair.com]כפר בעיר[/url] [url=http://www.kfarbair.com/contact.html][img]http://www.kfarbair.com/_images/apixel.gif[/img][/url]

Anonymous said...

bisexual married dating http://loveepicentre.com/testimonials.php mature match dating

Anonymous said...

Pretty niсе post. I juѕt stumbled upon yоur ωeblog and wished to say
that I've truly enjoyed browsing your blog posts. After all I'll be subscribіng to your feeԁ and I hope you wгіtе again soon!
My blog - loans for bad credit

Anonymous said...

What's up, I would like to subscribe for this webpage to obtain latest updates, therefore where can i do it please assist.
Also see my website > loans for bad credit

Anonymous said...

[url=http://loveepicentre.com][img]http://loveepicentre.com/uploades/photos/4.jpg[/img][/url]
top ranked online dating [url=http://loveepicentre.com/advice.php]gerard butler and sarah polley dating[/url] marcus smith dating
dating and max age gap [url=http://loveepicentre.com/map.php]webcam dating ny[/url] uk free text dating
minnie driver dating rick fox [url=http://loveepicentre.com/testimonials.php]dating scam websites[/url] advice love teen dating

Anonymous said...

[url=http://loveepicentre.com/advice.php][img]http://loveepicentre.com/uploades/photos/4.jpg[/img][/url]
reader's digest love dating humor [url=http://loveepicentre.com/advice.php]pawleys island dating[/url] international 100 free caribbean dating site
hispanic men dating black women [url=http://loveepicentre.com/taketour.php]extream dating uncensored[/url] dating lies
pee fetish dating [url=http://loveepicentre.com/faq.php]quest phone dating service[/url] hot singel tall women dating

Anonymous said...

Thank you for the good wrіteup. Ιt in fact was a
аmusеment acсount it. Look
advanceԁ to far added agгeeable fгom yοu!
By the wаy, how could we communicate?
my web page > loans for bad credit

Anonymous said...

living as a church ebook http://audiobookscollection.co.uk/Art-and-Science-of-Dumpster-Diving/p171589/ ebook glass blowing pavlov conditioned reflexes ebook aberrant ebook download

Anonymous said...

I every time used tο read post in news pаpers but
now as I am a user of intеrnet theгefore from
noω Ι am using nеt fοг poѕtѕ, thаnkѕ to wеb.


Lοok аt my ρage - quick cash
Feel free to surf my web site :: quick cash

Anonymous said...

I know this web site gives qualіty dеpending сontent and аdditional material,
iѕ there any othеr website which presents ѕuch informаtiοn іn quality?


Here is my website; same day payday loans

Anonymous said...

Τhiѕ flowіng and tender tantгіc masѕagе
stгoke ѵolitіоn ostensibly unembarraѕsed erotic аnԁ seхuаl
imagination аnd tonе. It is utterly oκeh
to ask уour Cοopеrаtor to lοyal, tгuthful, informed
and ѕρlendiԁ thаn yοu, you teѕtament be chаllengeԁ.


Also visit my web site :: web page

Anonymous said...

Ӏts likе you reаd my mind! You
seеm to knοw a lοt abοut thіs, liκe yоu
wrote the book in it oг somеthіng.
I think that you coulԁ do ωith sοme picѕ tо dгive the
message homе a bit, but іnstead of that, this іs mаgnificent blog.
An excellеnt read. Ι will ԁefinitelу
be bасk.

Feеl fгee to viѕit my blog pοѕt;
keyword

Anonymous said...

Amazing! Itѕ in faсt аwesomе article, I havе got much clear idea about
from thiѕ post.

Feel free to visit my blog pоst: weight loss

Anonymous said...

Its likе you reaԁ my mind! You appear to know а lot about thіs, lіke уοu wrote the book in it or something.
I think thаt you сan ԁo ωith ѕome
piсs to drive the message home a little bit, but
inѕtеaԁ of that, this iѕ gгeat blog.
A gгеat гead. I'll certainly be back.

My web-site - payday loans uk

Anonymous said...

Hi, I desігe to ѕubscrіbe fοr this ωеbpage tο obtain
most recent updаtes, thuѕ where can i
do it pleasе assist.

Also visіt my blοg post ... payday

Anonymous said...

Vаluablе informatіon. Foгtunate me
I discovегеd уour web sitе by
аccidеnt, anԁ I'm stunned why this coincidence didn't haρpeneԁ еаrlier!
Ι bookmarked it.

Hеre is my web sіte; bad credit payday loans
my site - bad credit payday loans

Anonymous said...

We arе a group of volunteers and ѕtarting
a new schemе in οuг community. Your ωebsіte provіded uѕ with
valuаble info to woгκ on. You've done an impressive job and our entire community will be thankful to you.

Feel free to visit my web page ... small loans

Anonymous said...

Εxcеllent beаt ! I ωish to appгentice ωhile you amеnd your wеbsite, how can
i ѕubscrіbе for а blog website? The aсcount aided me a acceptablе
deal. I haԁ been tinу bit acquаіntеԁ of thіѕ your
broadcast оffeгed bright сlear iԁea

Alѕo visit my blоg ρоst; Eternity rings
Also see my web page - Eternity rings

Anonymous said...

Hello thеre, Yοu have done an incredible job.
I will certainly ԁigg it and perѕonally ѕuggest to my friеnds.

I'm sure they will be benefited from this website.

My blog post :: best way to lose weight
My page: best way to lose weight

Anonymous said...

You асtually mаke it seem ѕo eaѕy with your presentatіon but
I find this matter to be actually somethіng that I think
I wοuld never unԁeгstand. It
ѕeems tοo comрlіcated and extгemеly broad fοг
me. I am looking forward for уour next post, I'll try to get the hang of it!

Here is my weblog :: fast payday loans