Here's a patch to enable external auth (handled by apache) on the rest
interface.
I'm using a webSSO (the excellent LemonLDAP::NG) to control access to my
web applications. In this mode, LemonLDAP::NG handles the auth, and just
set REMOTE_USER when someone is correctly authenticated. So the app
never has access to the password, and so, do not have access to a
PHP_AUTH_PW variable.
In this case, just check REMOTE_USER is set.
--
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Web : http://www.firewall-services.com
diff -Nur -x '*.orig' -x '*.rej' dl-0.11/htdocs/rest.php mezzanine_patched_dl-0.11/htdocs/rest.php
--- dl-0.11/htdocs/rest.php 2013-07-01 19:40:38.000000000 +0200
+++ mezzanine_patched_dl-0.11/htdocs/rest.php 2013-11-19 13:52:34.657338448 +0100
@@ -17,6 +17,9 @@
|| $authData["pass"] !== $_SERVER['PHP_AUTH_PW'])
unset($authData);
}
+elseif(isset($_SERVER['REMOTE_USER'])){
+ $authData = Array( "user" => $_SERVER['REMOTE_USER']);
+}
if(isset($authData))
{
$rmt = ($authRealm != false);