Kandroid
Kandroid copied to clipboard
andresth
Feature Request: support http basic auth in kanboard URL
Actual behaviour
Try to setup a kanboard connection with
https://http-user:[email protected]/path/to/kanboard
WIth user: kanboard-username password: kanboard-user-password
Login will fail. Kandroid will complain that the Kanboard Version used is smaller than 1.0.38. Altough it is 1.0.45.
As there are a lot of HTTP 401s in the apache access.log, i assume that basic auth credentials in the URL are not used / parsed.
Expected behaviour
Kandroid uses the credentials provided in the URL to pass the HTTP BASIC AUTH that our webserver requires. Uses Kanboard credentials to auth against kanboard.
Steps to reproduce
Setup a server with http basic auth on Kanboard path, like
user@host# cat .htaccess AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user
Configuration
- Kandroid version: 0.54
- Android/Mod version: Different Devices, Samsung S5+ and Huawei P9 lite
- Theme (if you use one): none
- Device type, name and manufacturer: see device
- Kanboard version: 1.0.45 (updated, just for Kandroid ;))
Hi, HTTP BASIC AUTH is already used to authenticate against Kanboard.
If I understand your setup correctly, you added a second layer of authentication. So you have to login to see the Kanboard login page, is that correct?
Well, i have the normal Kanboard User Authentication via the normal login form.
However, to shield off the Kanboard from the "evil open internet" i added HTTP BASIC Auth for Apache. So whenever someone is accessing our Kanboard, he will first be asked by Apache to authenticate himself against the webserver to be even able to see the Kanboard Login Page. (we use a shared password for this - this is not meant to add bullet proof security, just to keep google and other bots off the server and also block random people browsing) When this succeeded the user will either still have a valid kanboard session or rather be shown the Kanboard login form to login with his personal account.
Does that answer your question somehow? :)
+1 I use the same setup as aslmx and would also like to have support for this in Kandroid.
another possible solution: disable basic authentication for some secret location for example /kanboard/supersecret/jsonrpc.php then use rewrite rule to restore correct path /kanboard/jsonrpc.php use username and API key to login, this will work even for remote auth. users.
@aslmx you may avoid double layer authentication with following kanboard settings define('REVERSE_PROXY_AUTH', true); define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); define('REVERSE_PROXY_DEFAULT_ADMIN', 'administrator'); define('REVERSE_PROXY_DEFAULT_DOMAIN', 'somedomain.com');
you also need to configure apache to pass REMOTE_USER environment variable RewriteEngine On RewriteCond %{REMOTE_USER} ^(.)$ RewriteRule ^(.)$ - [E=R_U:%1] RequestHeader set REMOTE_USER %{R_U}e
+1
I authenticate to PAM with HTTP Basic Auth, i. e. there's already robust and flexible authentication in place. Since Kanboard provides the option to use a reverse proxy for authentication and deactivate its login form as @linvinus mentioned, this concept appears to be supported by the server project which should be reflected in the app.
