Merge pull request #10 from halkyon/basicauth_support
Provide a way to enable basic auth for authenticating dev/check URL.
This commit is contained in:
Ingo Schommer
commit
e77fc5c864
15
README.md
15
README.md
|
|
@ -37,6 +37,21 @@ Register checks in your own `_config.php` - see the `_config.php` in this module
|
|||
* `ExternalURLCheck`: Checks that one or more URLs are reachable via HTTP.
|
||||
* `SMTPConnectCheck`: Checks if the SMTP connection configured through PHP.ini works as expected.
|
||||
|
||||
## Authentication
|
||||
|
||||
By default, accessing the `dev/check` URL will not require authentication on CLI and dev environments, but if you're
|
||||
trying to access it on a live or test environment, it will respond with a 403 HTTP status unless you're logged in as
|
||||
an administrator on the site.
|
||||
|
||||
You may wish to have an automated service check `dev/check` periodically, but not want to open it up for public access.
|
||||
You can enable basic authentication by defining the following in your environment:
|
||||
|
||||
define('ENVCHECK_BASICAUTH_USERNAME', 'test');
|
||||
define('ENVCHECK_BASICAUTH_PASSWORD', 'password');
|
||||
|
||||
Now if you access `dev/check` in a browser it will pop up a basic auth popup, and if the submitted username and password
|
||||
match the ones defined the username and password defined in the environment, access will be granted to the page.
|
||||
|
||||
## Adding more checks
|
||||
|
||||
To add more checks, you should put additional `EnvironmentCheckSuite::register` calls into your `_config.php`. See the `_config.php` file of this module for examples.
|
||||
|
|
|
|||
|
|
@ -29,7 +29,34 @@ class EnvironmentChecker extends RequestHandler {
|
|||
}
|
||||
|
||||
function init($permission = 'ADMIN') {
|
||||
if(!$this->canAccess(null, $permission)) return $this->httpError(403);
|
||||
// if the environment supports it, provide a basic auth challenge and see if it matches configured credentials
|
||||
if(defined('ENVCHECK_BASICAUTH_USERNAME') && defined('ENVCHECK_BASICAUTH_PASSWORD')) {
|
||||
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
||||
// authenticate the input user/pass with the configured credentials
|
||||
if(
|
||||
!(
|
||||
$_SERVER['PHP_AUTH_USER'] == ENVCHECK_BASICAUTH_USERNAME
|
||||
&& $_SERVER['PHP_AUTH_PW'] == ENVCHECK_BASICAUTH_PASSWORD
|
||||
)
|
||||
) {
|
||||
$response = new SS_HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
||||
$e = new SS_HTTPResponse_Exception(null, 401);
|
||||
$e->setResponse($response);
|
||||
throw $e;
|
||||
}
|
||||
} else {
|
||||
$response = new SS_HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
||||
$e = new SS_HTTPResponse_Exception(null, 401);
|
||||
$e->setResponse($response);
|
||||
throw $e;
|
||||
}
|
||||
} else {
|
||||
if(!$this->canAccess(null, $permission)) return $this->httpError(403);
|
||||
}
|
||||
}
|
||||
|
||||
function canAccess($member = null, $permission = "ADMIN") {
|
||||
|
|
@ -115,4 +142,4 @@ class EnvironmentChecker extends RequestHandler {
|
|||
return self::$email_results;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue