[Libreoffice-bugs] [Bug 113743] New: MediaWiki publisher does not work with Wiki configured to use Basic Authentication

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Thu Nov 9 18:08:05 UTC 2017 

https://bugs.documentfoundation.org/show_bug.cgi?id=113743

            Bug ID: 113743
           Summary: MediaWiki publisher does not work with Wiki configured
                    to use Basic Authentication
           Product: LibreOffice
           Version: 5.4.2.2 release
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Extensions
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: sven.neuz at serpenteq.com

Description:
It is impossible to publish documents to a MediaWiki with the provided
extension if the Wiki uses Basic Authentication instead of the Wiki logon
screen. 

Basic Authentication is officially supported by MedIaWiki, so the extension
should be able to handle it. 

It fails as early as adding the URL to the server list.

Tested on Linux and Windows. Both behave the same (the JAR file of the
extension is the same anyways).

Steps to Reproduce:
1. Configure a MediaWiki that uses Basic Authentication
a. Requires wfLoadExtension( 'Auth_remoteuser' ); in LocalSettings.php
b. Requires matching Apache Config
2. Add the Wiki to the MediaWiki Publisher Extension 
3. Even adding the URL will fail. The server log will show it responded with
401 (as it should be)

Actual Results:  
Adding the URL to the MediWiki fails. Posting articles if of course also
impossible then.

Expected Results:
The extension detects the Basic Authentication and uses it instead of the Wiki
logon screen.


Reproducible: Always


User Profile Reset: No



Additional Info:
It is possible to patch the extension to always include the Basic Auth header
by adding
String basicAuth =
Base64.getEncoder().encodeToString((sWikiUser+":"+sWikiPass).getBytes(StandardCharsets.UTF_8));
connGet.setRequestProperty("Authorization", "Basic " + basicAuth);

Note that the User/Password variable names are different depending on the part
of the change.

This is of course just an ugly hack to prove it is working and actually a very
bad idea to always send user and password even on plain text connections, so
please do not use this in a productive environment.


User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101
Firefox/56.0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20171109/9fa52fec/attachment-0001.html>

More information about the Libreoffice-bugs mailing list