Loading...
 
Skip to main content

Intertiki does not work if Master is behind Apache Basic Auth directory

Status
Closed
Subject
Intertiki does not work if Master is behind Apache Basic Auth directory
Version
3.x
Category
  • Regression
  • Usability
Feature
Admin Interface (UI)
InterTiki
XML RPC
Resolution status
Invalid
Submitted by
mizraith
Lastmod by
Ushindi Gedeon
Rating
(0)
Description

I have several tikiwikis (v 3.0 beta 4) on the same domain. Both behind the same .htaccess protected directory. The goal was to setup a working instance of InterTiki between these two Tiki's.

By way of example


BACKGROUND
A few setup issues have been noted (these details have now been added to the InterTiki documentation). Most notably is correctly specifying the location of "/remote.php" for the above case. For our above example to following is req'd:


On the master, I have successfully made contact using either the IP shown in the Apache logs, or by simply using "127.0.0.1" in this case.

Likewise (also added to InterTiki docs) there was some oddity related to order of events with how the server info was being plugged into MySQL tiki_preferences interlist table. I have not properly tracked this down so will not go into it further at this time.

Also of note (for another bug or support request) is that I am unable to get InterTiki on the master to log out anything.

BUG/FEATURE REQUEST
Note: InterTiki operates as designed and is simply unable to get behind an Apache Basic Auth wall. However, hard-coding in setCredentials line for the XML_RPC_Client should work in this case but does not.

After getting setup dialed in like above, the client received the following message:
XMLRPC Error: 5 - Didn't receive 200 OK from remote server. (HTTP/1.1 401 Authorization Required)

Some digging into /lib/userlib.php finds the calls for setting up the XML_RPC_Client at lines (around) 228, 2812, 2831, 2860 and 2905. Looking into the XML_RPC_Client class in /lib/pear/xml/rpc.php shows that there exists a setCredentials($username, $password) method. The setCredentials method exists to allow for RPC calls to get through Basic Apache Authentication.

Possible Bug
I went ahead and modified the clients (and eventually the master's) /lib/userlib.php in the above locations with a simple addition of:
$client->setCredentials("myApacheUsername", "myPassword");

This time, when logging in from the client, the response was:
XMLRPC Error: 5 - Didn't receive 200 OK from remote server. (HTTP/1.1 302 Moved Temporarily)

And with that I am stuck. It seems like (as a workaround hack for the time being) the ability is there in the XML_RPC_Client methods to get through an Apache Basic Auth, but the return code is weird at best.

Possible Actions

  1. Ignore — Explicity note that InterTiki masters/clients must not exist behind Basic Auth walls.
  2. Investigate why a hacked userlib.php returns a 302 code and determine if this is as designed or a bug.
  3. Possibly add a basic username/password entry field in the client administration page for driving the setCredentials method.



Solution
Workaround
Importance
5
Priority
25
Demonstrate Bug on Tiki 19+
Demonstrate Bug (older Tiki versions)
Ticket ID
2456
Created
Friday 24 April, 2009 23:08:09 UTC
by Unknown
LastModif
Monday 25 May, 2026 19:51:10 UTC


Show PHP error messages