Phil Sturgeon REST_SERVER and Auth

[eluser]jedre[/eluser]
Hello I try use this rest server: http://github.com/philsturgeon/codeigniter-restserver
and when I enable rest_auth in rest.php:

Code:

$config['rest_auth'] = 'basic';

and set user and password:

Code:

$config['rest_valid_logins'] = array('admin' => '1234');

I can't login, why?

You can try:
http://ws.wolniak.org/index.php/ksiegarnia/book/id/1

In my localhost everything is OK.

EDIT:
When I try run this: Example #6 Basic HTTP Authentication example
http://php.net/manual/en/features.http-auth.php

Window appear again and again...

[eluser]smilie[/eluser]
Hm, hold on... You are mixing two things now.

REST has it's own, build in user / auth system.
That's:
$config['rest_auth'] = 'basic';
and
$config['rest_valid_logins'] = array('admin' => '1234');

When connecting to the REST server (API), you need to provide these username and password (provided you are using rest client):

$this->load->library('rest', array(
'server' => 'http://localhost/restserver/index.php/example_api/',
'http_user' => 'admin',
'http_pass' => '1234',
'http_auth' => 'basic' // or 'digest'
));

That's one part of 'security'.
What error do you receive? If it is on same server as HTTP auth (see bellow), then that is the reason :-)

======

Regarding HTTP Auth, that is Apache based security.
99% chance that Apache can not read your httpd password file, hence can not check user / pass. Check apache error log, there should be something like: Can not access "config file".

But again, both things have nothing to do with each other :-)

[eluser]Phil Sturgeon[/eluser]
Actually they do smile, a Basic Auth request will spawn a password box just like the Apache/htpass approach.

jedre: No idea, that is crazy. Throw up a phpinfo().

[eluser]smilie[/eluser]
Ups :-)

I just re-read the info from http://net.tutsplus.com/ but I could not find that it works with httpd (apache) module :/

Do you then need:

htpasswd -c file user

on the system or...? :S

My bad, appologies.

Cheers,
Smilie

[eluser]Phil Sturgeon[/eluser]
The Basic Auth is nothing to do with htpasswd, it's just some HTTP Headers set by the server that expect a certain response, handled by the browser. No apache magic in there.

[eluser]smilie[/eluser]
Check! Clear! Thanks!

Cheers,
Smilie

[eluser]jedre[/eluser]
The problem occurs when PHP is configured as FastCGI, and affects some servers.
I modified the file libraries/REST_Controller.php and now works OK, here is the solution.

.htaccess

Code:

RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Before:

Code:

// most other servers
elseif ($this->input->server('HTTP_AUTHENTICATION'))
{
    if (strpos(strtolower($this->input->server('HTTP_AUTHENTICATION')),'basic') === 0)
    {
        list($username,$password) = explode(':',base64_decode(substr($this->input->server('HTTP_AUTHORIZATION'), 6)));
    }
}

After:

Code:

// most other servers
elseif ( $this->input->server('HTTP_AUTHENTICATION') || $this->input->server('REDIRECT_REMOTE_USER') )
{
    $HTTP_SERVER_AUTH = ($this->input->server('HTTP_AUTHENTICATION')) ? $this->input->server('HTTP_AUTHENTICATION') : $this->input->server('REDIRECT_REMOTE_USER');
        
    if (strpos(strtolower($HTTP_SERVER_AUTH),'basic') === 0)
    {
        list($username,$password) = explode(':',base64_decode(substr($HTTP_SERVER_AUTH, 6)));
    }
}

My server use REDIRECT_REMOTE_USER not HTTP_AUTHENTICATION. I don't know why, it's important that it works.

@phil Sturgeon
BTW, Thanks for great REST server and client library.

[eluser]Ritesh Thumar[/eluser]
To Phil Sturgeon

hello ..
i want to khnow that how can i use code igniter's login module in restserver.

i m making one mobile app.and that app is connected with web app;.so in mobile login module when user will enter username and password, that both data will post to my restserver link. at that link i will fetch that data using post method. now i want to check that user is authenticate user or not..for web app i am using code igniter and for xml creation i m using restserver.

hop u can understand this..

rply me as soon as poss

[eluser]Unknown[/eluser]
[quote author="jedre" date="1290130711"]The problem occurs when PHP is configured as FastCGI, and affects some servers.
I modified the file libraries/REST_Controller.php and now works OK, here is the solution.

.htaccess

Code:

RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Before:

Code:

// most other servers
elseif ($this->input->server('HTTP_AUTHENTICATION'))
{
    if (strpos(strtolower($this->input->server('HTTP_AUTHENTICATION')),'basic') === 0)
    {
        list($username,$password) = explode(':',base64_decode(substr($this->input->server('HTTP_AUTHORIZATION'), 6)));
    }
}

After:

Code:

// most other servers
elseif ( $this->input->server('HTTP_AUTHENTICATION') || $this->input->server('REDIRECT_REMOTE_USER') )
{
    $HTTP_SERVER_AUTH = ($this->input->server('HTTP_AUTHENTICATION')) ? $this->input->server('HTTP_AUTHENTICATION') : $this->input->server('REDIRECT_REMOTE_USER');
        
    if (strpos(strtolower($HTTP_SERVER_AUTH),'basic') === 0)
    {
        list($username,$password) = explode(':',base64_decode(substr($HTTP_SERVER_AUTH, 6)));
    }
}

My server use REDIRECT_REMOTE_USER not HTTP_AUTHENTICATION. I don't know why, it's important that it works.

@phil Sturgeon
BTW, Thanks for great REST server and client library.[/quote]

Hey just a quick note that might help someone: I tried to change my .htaccess to

Code:

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

but, then I was getting "Not Found" errors. so I modified to

Code:

RewriteRule ^(.*)$ - [E=REMOTE_USER:%{HTTP:Authorization},L]

and worked great.

Thanks for the solution!