Merge pull request #10 from halkyon/basicauth_support

Provide a way to enable basic auth for authenticating dev/check URL.
2024-10-22 17:05:40 +02:00 · 2014-06-19 17:53:31 +12:00 · 2014-06-19 17:53:31 +12:00 · e77fc5c864
commit e77fc5c864
parent 9d930c1901 cda00c8a62
2 changed files with 44 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -37,6 +37,21 @@ Register checks in your own `_config.php` - see the `_config.php` in this module
 * `ExternalURLCheck`: Checks that one or more URLs are reachable via HTTP.
 * `SMTPConnectCheck`: Checks if the SMTP connection configured through PHP.ini works as expected.

+## Authentication
+
+By default, accessing the `dev/check` URL will not require authentication on CLI and dev environments, but if you're
+trying to access it on a live or test environment, it will respond with a 403 HTTP status unless you're logged in as
+an administrator on the site.
+
+You may wish to have an automated service check `dev/check` periodically, but not want to open it up for public access.
+You can enable basic authentication by defining the following in your environment:
+
+	define('ENVCHECK_BASICAUTH_USERNAME', 'test');
+	define('ENVCHECK_BASICAUTH_PASSWORD', 'password');
+
+Now if you access `dev/check` in a browser it will pop up a basic auth popup, and if the submitted username and password
+match the ones defined the username and password defined in the environment, access will be granted to the page.
+
 ## Adding more checks

 To add more checks, you should put additional `EnvironmentCheckSuite::register` calls into your `_config.php`.  See the `_config.php` file of this module for examples.
--- a/code/EnvironmentChecker.php
+++ b/code/EnvironmentChecker.php
@ -29,7 +29,34 @@ class EnvironmentChecker extends RequestHandler {
 	}
 	
 	function init($permission = 'ADMIN') {
-		if(!$this->canAccess(null, $permission)) return $this->httpError(403);
+		// if the environment supports it, provide a basic auth challenge and see if it matches configured credentials
+		if(defined('ENVCHECK_BASICAUTH_USERNAME') && defined('ENVCHECK_BASICAUTH_PASSWORD')) {
+			if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+				// authenticate the input user/pass with the configured credentials
+				if(
+					!(
+						$_SERVER['PHP_AUTH_USER'] == ENVCHECK_BASICAUTH_USERNAME
+						&& $_SERVER['PHP_AUTH_PW'] == ENVCHECK_BASICAUTH_PASSWORD
+					)
+				) {
+					$response = new SS_HTTPResponse(null, 401);
+					$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
+					// Exception is caught by RequestHandler->handleRequest() and will halt further execution
+					$e = new SS_HTTPResponse_Exception(null, 401);
+					$e->setResponse($response);
+					throw $e;
+				}
+			} else {
+				$response = new SS_HTTPResponse(null, 401);
+				$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
+				// Exception is caught by RequestHandler->handleRequest() and will halt further execution
+				$e = new SS_HTTPResponse_Exception(null, 401);
+				$e->setResponse($response);
+				throw $e;
+			}
+		} else {
+			if(!$this->canAccess(null, $permission)) return $this->httpError(403);
+		}
 	}

 	function canAccess($member = null, $permission = "ADMIN") {
@ -115,4 +142,4 @@ class EnvironmentChecker extends RequestHandler {
 		return self::$email_results;
 	}
 	
-}
+}