Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révision Les deux révisions suivantes | ||
tuto:webapps:llng:openupload [05/01/2011 14:14] dani |
tuto:webapps:llng:openupload [10/06/2011 13:04] dani [Sur SME/iPasserelle] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | |||
Voici la marche à suivre pour protéger l' | Voici la marche à suivre pour protéger l' | ||
Ligne 8: | Ligne 7: | ||
La première étape est d' | La première étape est d' | ||
<hidden Patch pour OpenUpload 0.4.2> | <hidden Patch pour OpenUpload 0.4.2> | ||
- | <code diff> | + | <file diff openupload-0.4.2-httpldap.patch> |
diff -Nur -x ' | diff -Nur -x ' | ||
--- openupload-0.4.2/ | --- openupload-0.4.2/ | ||
- | +++ mezzanine_patched_openupload-0.4.2/ | + | +++ mezzanine_patched_openupload-0.4.2/ |
@@ -485,8 +485,14 @@ | @@ -485,8 +485,14 @@ | ||
| | ||
Ligne 19: | Ligne 18: | ||
- redirect('? | - redirect('? | ||
+ /* Check if HTTP auth is used */ | + /* Check if HTTP auth is used */ | ||
- | + if (($this-> | + | + if (($this-> |
- | + isset($_SERVER{$this-> | + | + isset($_SERVER{$this-> |
+ $this-> | + $this-> | ||
+ } else { | + } else { | ||
Ligne 31: | Ligne 30: | ||
diff -Nur -x ' | diff -Nur -x ' | ||
--- openupload-0.4.2/ | --- openupload-0.4.2/ | ||
- | +++ mezzanine_patched_openupload-0.4.2/ | + | +++ mezzanine_patched_openupload-0.4.2/ |
@@ -0,0 +1,31 @@ | @@ -0,0 +1,31 @@ | ||
+<?php | +<?php | ||
Ligne 43: | Ligne 42: | ||
+ function init() { | + function init() { | ||
+ $this-> | + $this-> | ||
- | + $this->remote | + | + $this->http = app()-> |
+ $this-> | + $this-> | ||
+ $this-> | + $this-> | ||
+ | + | ||
- | + /* Which HTTP header | + | + /* Which field contains the user login ? */ |
- | + | + | + |
+ | + | ||
+ /* cannot add or edit users for now */ | + /* cannot add or edit users for now */ | ||
Ligne 56: | Ligne 55: | ||
+ function authenticate($login, | + function authenticate($login, | ||
+ $result = false; | + $result = false; | ||
- | + if ($_SERVER{$this-> | + | + if ($_SERVER{$this-> |
+ $result = true; | + $result = true; | ||
+ return $result; | + return $result; | ||
Ligne 66: | Ligne 65: | ||
diff -Nur -x ' | diff -Nur -x ' | ||
--- openupload-0.4.2/ | --- openupload-0.4.2/ | ||
- | +++ mezzanine_patched_openupload-0.4.2/ | + | +++ mezzanine_patched_openupload-0.4.2/ |
@@ -69,7 +69,12 @@ | @@ -69,7 +69,12 @@ | ||
| | ||
Ligne 72: | Ligne 71: | ||
// if it's logging in save user and pwd | // if it's logging in save user and pwd | ||
- if (isset($_POST[' | - if (isset($_POST[' | ||
- | + if ((app()-> | + | + if ((app()-> |
- | + | + | + |
- | + $username = $_SERVER{app()-> | + | + $username = $_SERVER{app()-> |
- | + $password = $_SERVER{app()-> | + | + $password = $_SERVER{app()-> |
+ } | + } | ||
+ elseif (isset($_POST[' | + elseif (isset($_POST[' | ||
Ligne 89: | Ligne 88: | ||
+?> | +?> | ||
diff -Nur -x ' | diff -Nur -x ' | ||
- | --- openupload-0.4.2/ | + | --- openupload-0.4.2/ |
- | +++ mezzanine_patched_openupload-0.4.2/ | + | +++ mezzanine_patched_openupload-0.4.2/ |
- | @@ -44,6 +44,11 @@ | + | @@ -44,6 +44,14 @@ |
# $CONFIG[' | # $CONFIG[' | ||
| | ||
- | +/* If you trust your web server, you can use it to authenticate users */ | + | +/************************************************************ |
- | +$CONFIG[' | + | + * HTTP/LDAP detail configuration options |
- | +/* This is the HTTP header | + | + ************************************************************/ |
- | +$CONFIG[' | + | + |
+ | +# $CONFIG[' | ||
+ | +/* This is the field which contains user login */ | ||
+ | +# $CONFIG[' | ||
+ | + | ||
/* TRANSLATION MODULE */ | /* TRANSLATION MODULE */ | ||
# | # | ||
- | </code> | + | </file> |
</ | </ | ||
Ligne 110: | Ligne 112: | ||
<code php> | <code php> | ||
- | # Should OpenUpload trust apache authentication | + | |
- | $CONFIG[' | + | $CONFIG[' |
# Which variable contains user login ? | # Which variable contains user login ? | ||
- | $CONFIG[' | + | $CONFIG[' |
# LDAP configuration, | # LDAP configuration, | ||
Ligne 177: | Ligne 179: | ||
<code bash> | <code bash> | ||
db configuration setprop openupload Authentication LemonLDAP AliasOnPrimary disabled | db configuration setprop openupload Authentication LemonLDAP AliasOnPrimary disabled | ||
- | db domain | + | db domains |
- | signal-event domain-create upload.domain.tld | + | signal-event domain-create upload.$(db configuration get DomainName) |
+ | mkdir -p / | ||
+ | cat <<' | ||
+ | $CONFIG[' | ||
+ | |||
+ | $CONFIG[' | ||
+ | |||
+ | $CONFIG[' | ||
+ | |||
+ | $CONFIG[' | ||
+ | |||
+ | EOF | ||
signal-event webapps-update | signal-event webapps-update | ||
</ | </ | ||
Ligne 202: | Ligne 215: | ||
Si vous voulez maintenir l' | Si vous voulez maintenir l' | ||
- | * login | + | * Protection contre des requêtes contenant deux actions: |
- | * Commentaire: | + | * Commentaire: |
- | * Expression: | + | * Expression: (a|action)=.*(a|action)=.* |
- | * Règle: | + | * Règle: |
- | * logout: | + | * Autoriser les téléchargements et les suppressions: |
- | * Commentaire: | + | * Commentaire: |
- | * Expression: ^/(?i)(index\.php)?\?(.*)?a(ction)?=logout | + | * Expression: |
+ | * Règle: unprotect | ||
+ | * Autoriser l' | ||
+ | * Commentaire: 12unprotect_templates | ||
+ | * Expression: ^/ | ||
+ | * Règle: unprotect | ||
+ | * Autoriser l' | ||
+ | * Commentaire: | ||
+ | * Expression: ^/plugins/ | ||
+ | * Règle: unprotect | ||
+ | * Autoriser l' | ||
+ | * Commentaire: | ||
+ | * Expression: ^/index\.php$ | ||
+ | | ||
+ | * Interception du lien de logout | ||
+ | * Commentaire: | ||
+ | * Expression: | ||
* Règle: logout_app | * Règle: logout_app | ||
- | * default | + | * Redirection du login |
- | * Commentaire: | + | * Commentaire: 21login |
+ | * Expression: (a|action)=login | ||
+ | * Règle: logout_app http:// | ||
+ | * Défaut: | ||
* Expression: default | * Expression: default | ||
- | * Règle: | + | * Règle: |
- | Ces règles permettrons aux utilisateurs externes de télécharger les fichiers. | + | Ces règles permettrons aux utilisateurs externes de télécharger les fichiers |