search

SimpleMachines / smf-mw-auth

SMF MediaWiki Authentication
https://www.simplemachines.org
Other
23 stars 18 forks source link

compat auth not working #19

Closed unnilennium closed 1 year ago

unnilennium commented 2 years ago

I am unable to use compat auth I need it because forum is not on same server. Anf I do not want to use same user against the db of smf

[ForumSessionProvider] Constructor initialized.
[ForumSessionProvider] Loading Forum System Settings.
[ForumSessionProvider] Configuration File missing or not readable. Tried to load at 
[ForumSessionProvider] Forum Software Integraiton invalid.
[ForumSessionProvider] Unable to provide session, database not loaded.

BUG1 : first comparing /ForumSsoProvider.php

// Is this a legacy authentication plugin?.
        if (!empty($wgSMFLogin) && method_exists($this->fs, 'compatLegacy'))
            $this->fs->compatLegacy();

and ForumProvider/smf2.0.php

/*
     *  A compatiblity layer for Auth_SMF.php extension settings.
     *
     * @return  void    No return is expected.
    */
    public function compatAuthSMF()
    {

seems that the function is not using the right name

changing it to compatLegacy make one more step in log

[ForumSessionProvider] Constructor initialized.
[ForumSessionProvider] Loading Forum System Settings.
[ForumSessionProvider] Detected SMF_Auth settings, loading compatibilty layer.
[ForumSessionProvider] Configuration File missing or not readable. Tried to load at ../forum
[ForumSessionProvider] Forum Software Integraiton invalid.
[ForumSessionProvider] Unable to provide session, database not loaded.

but still no chance !

BUG2: documentation says path should be $wgFSPath = '/path/to/smf/root/'; while code search for $this->ForumSettings['path'] = isset($wgSMFPath) ? $wgSMFPath : '../forum';

=> please update readme $wgSMFPath = '/path/to/smf/root/';

I then, with a workaround using a fake Settings.php (with my legacy SMF auth values disguised) in my wiki path, I am able to get

[ForumSessionProvider] Constructor initialized.
[ForumSessionProvider] Loading Forum System Settings.
[ForumSessionProvider] Detected SMF_Auth settings, loading compatibilty layer.
[ForumSessionProvider] Found Configuration File, attempting to loading.
[ForumSessionProvider] Loading the cookie using provider: smf2.0
[ForumSessionProvider] No Cookie present, aborting integration.
[ForumSessionProvider] No User detected, fall through to MediaWiki.
[ForumSessionProvider] Unable to provide session, database not loaded.

still no chance with legacy but better ..

regarding more at configs Uses the legacy Auth_SMF.php LocalSettings

define('SMF_IN_WIKI', true); $wgSMFLogin = true;

wgSMFLogin is checked in /ForumSsoProvider.php

but BUG 3 nowhere I can see the SMF_IN_WIKI was it intended to get the config from the legacy defined values

jdarwood007 commented 2 years ago

If the forum is on a different server, you are going to have to give it a path to where SMF is and where it can find the Settings.php. It loads this data in to connect up to your SMF database and provide redirects as needed for the SSO.

If you are setting up a new install, you shouldn't need to touch the legacy settings. That was just the combat layer to the original auth provided here. I will look into those bugs though.

The last error messages show that you should be using SMF 2.0 and it is looking for the proper cookies. If your forum and wiki are on different domains, this won't work. If they are on different sub domains, you need sub domain independent cookies turned on in SMF. Essentially, this SSO plugin looks for your SMF cookie, parses it and validates it to log you in. Just as SMF would itself.

SMF_IN_WIKI was a direct request include prevention. Doesn't do anything much now.

unnilennium commented 2 years ago

thanks for the hint I enabled the option to allow all subdomain

also saw this version of the legacy plugin there https://github.com/SimpleMachines/bridges/tree/master/SMF-MediaWiki-auth with the SMF_IN_WIKI I guess this current plugin is linked to this version of legacy plugin,

I used one really older where forum db settings were defined in the wiki LocalSettings. This plugin was using the deprecated $wgAuth /AuthPlugin.php so I am not able to use it after upgrading to MW 1.35 , I then switched to writing a quick version using PluggableAuth extension and the new AuthManager as I am not able to run your plugin.

Keeping on trying this current SSO plugin:

best I get already logged in in forum and using this define('SMF_IN_WIKI', true); $wgSMFLogin = true;

[ForumSessionProvider] Constructor initialized. [ForumSessionProvider] Loading Forum System Settings. [ForumSessionProvider] Detected SMF_Auth settings, loading compatibilty layer. [ForumSessionProvider] Found Configuration File, attempting to loading. [ForumSessionProvider] Loading the cookie using provider: smf2.0 [ForumSessionProvider] Read the cookie, possible member ID "XX" found [ForumSessionProvider] User detected, attempting to load the database. [ForumSessionProvider] Database loaded, attempting to load forum member. [ForumSessionProvider] Found a cached instance of this data, using it [ForumSessionProvider] Forum member found, verifying cookie of XX [ForumSessionProvider] Member ID, XX, failed to validate password under IP.IP.IP.IP

when I am already logged in on the SMF then If I click on connect I get alternatively an error in redirection and kept on the wiki or a get a forum login page but redirected to the forum index after

One time I got logged in in returning manually to wiki but every other trial this is just a loop between wiki and forum

if not logged and

define('SMF_IN_WIKI', true);

$wgSMFLogin = true;

I always get unknown action page in wiki whenever I hit connect

ok found the origin of failed to validate password under IP.IP.IP.IP forum and wiki are both behind proxy and one was seeing the real ip the other the proxy ip. $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; helps this part still no log out button and no correct redirection upon login

and wondering If I change Ip do I need to relog ?

jdarwood007 commented 2 years ago

[ForumSessionProvider] Member ID, XX, failed to validate password under IP.IP.IP.IP

This right here is your hint. The password in the cookie isn't validating. This means it found the cookie and was able to get the data into a workable order. But when it attempted to validate the password, it failed.

Are you using the latest 2.0.x? Another issue can occur is with the auth changes that occurred. Settings.php in SMF should now have a auth_secret. This is used to hash the cookie safely to prevent forgeries. But if it is missing, it could be causing issues. SMF itself will do its best to make things work, but the auth here doesn't know how to handle it.

jdarwood007 commented 2 years ago

FYI, for MediaWiki. You do need to tell it your behind a proxy: https://serverfault.com/questions/526547/mediawiki-behind-reverse-proxy-populates-user-ip-address-with-proxy-address