Skip to content

feat(auth): Add external authentification feature #1581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

feat(auth): Add external authentification feature #1581

wants to merge 4 commits into from

Conversation

NicolasToussaint
Copy link
Member

@NicolasToussaint NicolasToussaint commented Jan 21, 2020
edited by GMishx
Loading

Description

Partially fixes #1273

This PR introduces external authentication, delegated to Apache.
Apache can be configured to perform any kind of authentication, and places relevent information (login, user name, email), etc. in environment variables.

  • on first login, the user's account is automatically created
  • then a session is opened for the user.

Optionally, all logins may be lower cased.

Further possible improvements:

  1. Make the configuration available in the GUI
  2. Configure the default list of agents for each newly created user
  3. Add the 'logout' feature (logout is ineffective in this version)

Changes

  • Added configuration options in fossology.conf.in
  • In src/lib/php/common-auth.php : new function to check external authentication validity
  • In src/www/ui/core-auth.php : check authenticatino and create new account if needed

How to test

Configure the Apache authentication, fossology.conf, and log in.

Sample configurations

@shaheemazmalmmd
Copy link
Member

@NicolasToussaint please fix the php alignments.

FOUND 8 ERRORS AFFECTING 7 LINES
--------------------------------------------------------------------------------
  98 | ERROR | [ ] Expected "if (...) {\n"; found "if (...)\n    {\n"
 265 | ERROR | [x] Line indented incorrectly; expected 4 spaces, found 6
 268 | ERROR | [x] Line indented incorrectly; expected 6 spaces, found 8
 270 | ERROR | [x] Line indented incorrectly; expected 6 spaces, found 8
 286 | ERROR | [x] Line indented incorrectly; expected 6 spaces, found 10
 286 | ERROR | [x] Closing brace indented incorrectly; expected 8 spaces, found
     |       |     10
 287 | ERROR | [x] Line indented incorrectly; expected 4 spaces, found 6
 290 | ERROR | [ ] Expected "if (...) {\n"; found "if (...)\n    {\n"

@NicolasToussaint
Copy link
Member Author

Thanks @shaheemazmalmmd ,

I pushed a fix that cleared the Travis checks.

GMishx
GMishx requested changes Feb 5, 2020
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few suggestions

install/defconf/fossology.conf.in
Comment on lines +80 to +90
; Use external Authentication
CONF_EXT_AUTH_ENABLE=false
; Environment variable where to find the User name
CONF_EXT_AUTH_ENV_USER=
; Environment variable where to find the User email
CONF_EXT_AUTH_ENV_MAIL=
; Environment variable where to find the User Description
CONF_EXT_AUTH_ENV_DESC=
; Set to true to use lowercase usernames
CONF_EXT_AUTH_ENV_LOWERCASE_USER=

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be a better idea to move these configurations under their own section (something like EXT_AUTH).
Then with the help of

fossology/src/lib/php/common-sysconfig.php

Line 73 in 8a17b95

function ConfigInit($sysconfdir, &$SysConf)
, you can access variables using following syntax:

$GLOBALS['SysConf']['EXT_AUTH']['CONF_EXT_AUTH_ENABLE'].

Note: The function is called here:

fossology/src/www/ui/index.php

Line 52 in e326309

ConfigInit($SYSCONFDIR, $SysConf);

src/www/ui/core-auth.php
try {
$this->userDao->getUserAndDefaultGroupByUserName($username);
} catch (Exception $e) {
/* If user does not exist then we create it */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this part be configurable with fossology.conf or some other way to restrict user creation?

src/www/ui/core-auth.php
/* Set default list of agents when a new user is created */
$agentList = "agent_bucket,agent_copyright,agent_keyword,agent_mimetype,agent_monk,agent_nomos,agent_ojo";
$default_bucketpool_fk = 2;
$this->user-add_user($User,$Desc,$Seed,$Hash,$Perm,$Email,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean?

fossology/src/lib/php/common-users.php

Line 44 in 8a17b95

function add_user($User, $Desc, $Seed, $Hash, $Perm, $Email, $Email_notify,

@GMishx
Copy link
Member

GMishx commented Feb 5, 2020

Also, please change the second commit message ("try to fix indentation to follow Travis rules") to something like "chore(www): Indentation fixes"?

@NicolasToussaint
chore(www): Indentation fixes
85caeab
@NicolasToussaint
Merge branch 'feat/orange-opensource/1273/external-authentication-del…
058e875 
…egation-3' of github.com:Orange-OpenSource/fossology into o-master/gh-orange/external-authentication-delegation-3
@NicolasToussaint NicolasToussaint deleted the feat/orange-opensource/1273/external-authentication-delegation-3 branch February 18, 2020 16:20
@NicolasToussaint
Copy link
Member Author

NicolasToussaint commented Feb 18, 2020
edited
Loading

I removed this PR, and created a fresh one, with (hopefully) all @GMishx 's remarks integrated, and 2 new options for better configuration.

#1619

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GMishx GMishx GMishx requested changes

Assignees

No one assigned

Labels

enhancement needs code review needs test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Apache based authentication delegation

3 participants

@NicolasToussaint @shaheemazmalmmd @GMishx