https://github.com/psigen/libphremoteuser

Extension to Phabricator that performs basic authentication via a web server's REMOTE_USER variable.
https://github.com/psigen/libphremoteuser

Last synced: about 1 year ago
JSON representation

Extension to Phabricator that performs basic authentication via a web server's REMOTE_USER variable.

• Host: GitHub
• URL: https://github.com/psigen/libphremoteuser
• Owner: psigen
• License: mit
• Created: 2013-08-15T23:41:03.000Z (almost 13 years ago)
• Default Branch: master
• Last Pushed: 2020-05-05T04:14:58.000Z (about 6 years ago)
• Last Synced: 2023-04-08T04:47:46.190Z (about 3 years ago)
• Language: PHP
• Size: 141 KB
• Stars: 3
• Watchers: 2
• Forks: 10
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
libphremoteuser

===============

This extension to [Phabricator](http://phabricator.org/) performs basic authentication 

via a web server's REMOTE_USER variable.  It should be able to work with a variety of 

major servers such as Apache and Nginx, but I have only tested it with Apache.

Installation

------------

To install this library, simply clone this repository alongside your phabricator installation:

    cd /path/to/install

    git clone https://github.com/psigen/libphremoteuser.git

    

Then, simply add the path to this library to your phabricator configuration:

    cd /path/to/install/phabricator

    ./bin/config set load-libraries '["libphremoteuser/src/"]'

    

When you next log into Phabricator as an Administrator, go to **Auth > Add Authentication Provider**.  

In the list, you should now see an entry called **Web Server**.  Enabling this provider should add a 

new button to your login screen.

In order to actually log in, your web server needs to populate the **$REMOTE_USER** variable when the

login button is pressed.  You can do this by forcing the login URI that Phabricator uses to be 

restricted, by adding a directive like the following to your web server configuration (this is Apache2):

    

      Authtype Basic

      AuthName "Phabricator at My Server"

      Require valid-user

      

      Options None

      Order allow,deny

      Allow from all

    

Security

--------

I make no guarantees about this library being totally secure.  It's not __obviously__ insecure.  

However, please make sure to at least 

**REDIRECT THE LOGIN URI TO SSL, OTHERWISE YOU ARE SENDING PLAIN TEXT PASSWORDS.**

If you care about security consider:

  * Hosting Phabricator entirely on https/SSL

  * Restricting access to the whole Phabricator installation directory, also using SSL.