Redmine.pm and authentication
Added by Tapio Salonsaari about 16 years ago
Hello.
I had an problem setting up SVN -authentication via Redmine.pm. I'm using apache2 with virtualhosts svn.myhost.foo and redmine.myhost.foo where svn.myhost is basic SVN-configuration and redmine.myhost is access to redmine installation via proxy balancer. Everything seemed to run smoothly, but I couldn't login into SVN-server.
I've got a project 'myproject1' with repository http://svn.myserver.foo/myproject1, so I tried to access svn-server from command line:
> svn list http://svn.myserver.foo/myproject1 Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking Password for 'take': Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking Username: take Password for 'take': Authentication realm: <http://svn.myserver.foo:80> myproject1 Project Tracking Username: take Password for 'take': svn: PROPFIND request failed on '/myproject1' svn: PROPFIND of '/myproject1': authorization failed (http://svn.myserver.foo)
I traced the problem via MySQL-logs and into a query like this:
SELECT hashed_password FROM members, projects, users WHERE projects.id=members.project_id AND users.id=members.user_id AND users.status=1 AND login='take' AND identifier=NULL
The problem is obviously 'identifier=NULL' -part. I traced the problem into Redmine.pm and function get_project_identifier(), which didn't return correct identifier. I went around the problem by altering the code to suit my server:
sub get_project_identifier { my $r = shift; my $location = $r->location; #my ($identifier) = $r->uri =~ m{$location/*([^/]+)}; <- Changed this my $identifier = $location; # <- to this $identifier=~s/\///; $identifier; }
After the modification it works like it's supposed to. I'm just wondering if that's an actual bug in Redmine.pm or is there some option / whatever to actually fix the problem instead of going around it?
Replies (4)
RE: Redmine.pm and authentication - Added by Nicolas Chuche about 16 years ago
What's your apache conf ?
You should have something like that :
<Location /svn> DAV svn SVNParentPath "/var/svn" SVNListParentPath On [...]
RE: Redmine.pm and authentication - Added by Tapio Salonsaari about 16 years ago
That may be the actual problem. My conf looks like this:
<Location /myproject1> DAV svn SVNPath "/path/to/myproject1/svn"
But if I use SVNParentPath and SVNListParentPath options it's possible for everyone to read all the projects via http://myserver.foo/svn/, right? That's not something I'll allow since the same redmine installation is used to handle several projects with different developers. And developers are allowed only to see their own projects, so giving them access to read even the names of the projects at svn-server is not an option.
Anyways, the modification I made works just fine for me and I'll think I'll stick to it. It's not broken so there's no need to fix it ;) Good to know anyways how thigns are planned to work since redmine is the answer for many projects and it's more than likely that I'm going to admin several installations in near future.
RE: Redmine.pm and authentication - Added by Nicolas Chuche about 16 years ago
But if I use SVNParentPath and SVNListParentPath options it's possible for everyone to read all the projects via http://myserver.foo/svn/, right?
If you just use SVNParentPath that's false.
You should follow http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl where everything is explain.
If something is not clear enough, just ask, I will try to clarify.
Anyways, the modification I made works just fine for me and I'll think I'll stick to it. It's not broken so there's no need to fix it ;)
By the way it's broken as you will have to declare a Location parameter for each project. Not really hard but not really a good thing.
RE: Redmine.pm and authentication - Added by S C almost 16 years ago
Hi,
If your configuration uses addresses like http://my.server.com/my_project
the get_project_identifier function will receive something like '/my_project'.
Then the regexp will not match...
To do the trick I replaced :
my ($identifier) = $r->uri =~ m{$location/*([^/]+)};
by :
my ($identifier) = $r->uri =~ m{/([^/]+)};
But it's a quick and dirty solution. It would be nice to get an Apache option to set the regexp or something equivalent...