search

sshambar / ExternalAuth

Piwigo plugin that supports login via webserver provided identity
https://piwigo.org/ext/extension_view.php?eid=894
GNU General Public License v2.0
4 stars 2 forks source link

Support using apache .htpasswd files as authentication store #3

Open hdholm opened 4 years ago

hdholm commented 4 years ago

So first a very brief background providing motivation for this. Currently piwigo allows using apache native authentication, and ExternalAuth extends that elegantly. I'd like to use piwigo for a family photo site that also has genealogical information (produced by GRAMPS.) Since genealogical information is just an extensive set of html files, it makes sense to just add a .htaccess file and let apache do all the authentication for both sites with piwgo doing the limited user management. I had done some proof-of-concept work to incorporate user managed passwords into piwigo, but it's clear to me this code would be better placed in a plugin (ideally just extending ExternalAuth.) I don't have much experience with PHP and confess I'm a little lost in the plugin mechanism so if someone else wants to incorporate the attached code, or give me some hints on how to go about incorporating it into a plugin, I would really appreciate it. I do fully understand my quick-and-dirty implementation isn't the most elegant solution and probably isn't the ideal way to integrate into piwigo. Thanks for any help/advice. piwigo.diff.txt

sshambar commented 4 years ago

You could certainly adapt this code into a plugin that registers hooks in the piwigo password change mechanism to update the htpasswd file... I'm not sure extending ExternalAuth to do this is really the correct solution though since is mechanism agnostic (and currently pretty much ignores the piwigo passwords) -- REMOTE_USER may be set by one of many different Apache modules, eg Database, LDAP, Kerberos, Auth_Tkt, etc. so password management is really beyond the plugin's control.

If I get some free time, I may see if I can cobble a quick plugin together, but I'm pretty swamped for the next couple weeks...

Of course, you might enjoy learning a bit about PHP and Piwigo in the meantime; you can start with the excellent Skeleton plugin (from the Piwigo plugin directory), and strip it down to just a few hook functions and use the the core functions from your patch file :)

I'll leave this open to remind me to look into a creating a new plugin later though...