Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #26407 De-duplicate authz/authn code used for SVN accesses
    Actions
    Infos
    #26407
    Thomas Gerbet (tgerbet)
    2022-07-22 11:38
    2022-04-22 15:52
    27931
    Details
    De-duplicate authz/authn code used for SVN accesses

    Tuleap uses mod_perl to manage accesses to SVN repositories. While this code is battle-tested the logic is duplicated from the PHP codebase and it is a source of annoyance. The latest one being the fact that connecting from Perl on a CentOS/RHEL7 system to MySQL 8.0 is not easy.

    In order to resolve our issues so we can progress on request #22660 the current approach will be tweaked a bit: The Tuleap mod_perl module will stay and will continue to deal with the caching but all the actual logic will be managed by the main PHP codebase. The Tuleap mod_perl module will do a HTTP call when to know if the access is allowed or not.

    SCM/Subversion
    Empty
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2022-07-22
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #26753 Tuleap Releases 13.11 Delivered 2022-05-09 15:28 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #26407

    Artifact Tracker v5

    request #29222 Remove Perl based SVN authentication
    request #31195 Apply nginx `auth_request` strategy to git http access

    Git commit

    tuleap/tuleap/stable

    Fix namespaces for code under src/common/svn/ a9d37afc73
    User avatar Thomas Gerbet (tgerbet) , 2022-04-25 08:17
    Clean-up remaining parts of SVN token usages per project 35613fadc2
    User avatar Thomas Gerbet (tgerbet) , 2022-04-25 14:37
    Move SVN_TokenDao away from legacy DB interface 42417baa90
    User avatar Thomas Gerbet (tgerbet) , 2022-04-26 16:21
    Introduce an endpoint dealing with user authentication and project-level authz for SVN operations adaccd462b
    User avatar Thomas Gerbet (tgerbet) , 2022-06-29 14:18
    Use headers instead of request body to pass information to the SVN auth endpoint 1054a5ee90
    User avatar Thomas Gerbet (tgerbet) , 2022-07-04 14:54
    Manage SVN auth using nginx and PHP instead of the mod_perl Tuleap.pm module d6dc6a2c33
    User avatar Thomas Gerbet (tgerbet) , 2022-07-12 09:32
    Hide the 'maximum credentials' setting when PHP based auth is enabled b0d7f94552
    User avatar Thomas Gerbet (tgerbet) , 2022-07-13 15:05
    Project access controller should not require user auth cookies when instance is not accessible to anonymous a6da048569
    User avatar Thomas Gerbet (tgerbet) , 2022-07-19 10:02
    The 'LDAP username' of users is only used to authenticate them in approved projects 4191bd2a47
    User avatar Thomas Gerbet (tgerbet) , 2022-07-19 15:07
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-07-22 11:38

    Closing this, the feature flag will removed at some point in the feature in a dedicated request.

    • Status changed from Under implementation to Closed
    • Connected artifacts
    • Close date set to 2022-07-22
    User avatar
    Manuel Vacelet (vaceletm)2022-07-19 10:53

    gerrit #26392 (Project access controller should not require user auth cookies when instance is not accessible to anonymous) integrated in Tuleap 13.10.99.146