Enhancement #1159

Add backend authentication to zoning download

Added by Blatti Yves over 3 years ago. Updated over 3 years ago.

Status:ClosedStart date:10/08/2015
Priority:HighDue date:
Assignee:-% Done:

100%

Category:SHOP
Target version:4.3.2
Sponsor:ASIT-VD (CH) Ergonomic impact:

A user can use the two additional fields to use a secured backend

Functional impact:

A backend server for zoning can now be secured


Description

We have the ability to use backend authentication when protecting an URL typed download in easySDI:

+----------+    easySDI/joomla security   +---------------+   backend user/password   +--------------------------+
| Client   +<---------------------------->+ easySDI SHOP  +<------------------------->|Backend: HTTP(s), (S)FTP...
+----------+                              +---------------+                           +--------------------------+

We propose to add the same for grid/zoning download.
Most of the code can be reused.

Proposed:

current-download-url.png (7.4 KB) Blatti Yves, 10/08/2015 11:08 AM

zoning.png (8.34 KB) Blatti Yves, 10/08/2015 11:11 AM

182-failed.zip (157 Bytes) Blatti Yves, 11/03/2015 08:31 PM

182-original.zip (162 Bytes) Blatti Yves, 11/03/2015 08:31 PM


Related issues

Related to easySDI - Enhancement #1158: Allow downloads (direct and zoning) to be fetch with HTTP... Closed 10/08/2015

History

#1 Updated by Blatti Yves over 3 years ago

  • Related to Enhancement #1158: Allow downloads (direct and zoning) to be fetch with HTTP basic auth and constant URL added

#2 Updated by Blatti Yves over 3 years ago

+1

#3 Updated by Portier Thomas over 3 years ago

+1

#4 Updated by Van Hoecke Hélène over 3 years ago

  • Status changed from Request For Comments to Accepted
  • Assignee changed from Technical Committee to Van Hoecke Hélène

+1

#5 Updated by Van Hoecke Hélène over 3 years ago

  • Status changed from Accepted to Affected

#6 Updated by Van Hoecke Hélène over 3 years ago

  • Sponsor ASIT-VD (CH) added

#7 Updated by Blatti Yves over 3 years ago

Hi Hélène, it works, except for those two cases:

1) Binary files: I have tested it on grid download with HTTP basic authentication on an apache server with a simple .htacces/.htpasswd couple.
Problem: when I download the file without authentication, everything works. When I add authentication and configuration in the diffusion, the downloaded files are truncated (trailing binary zeros are removed). Binary files are invalid (See sample files).

This problem seems to also affect URL download (without grid)

2) Exceptions: Exceptions are not handled, when the password does not match for example, the backend server gives a 401, but there is a downloadable file containing the error in frontend.
Example: the zip file (invalid zip) contains:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
.....

#8 Updated by Van Hoecke Hélène over 3 years ago

  • Assignee changed from Van Hoecke Hélène to Blatti Yves

#9 Updated by Blatti Yves over 3 years ago

  • Status changed from Affected to Resolved
  • Assignee changed from Blatti Yves to Van Hoecke Hélène
  • % Done changed from 80 to 100

Tested OK, thanks !

#10 Updated by Blatti Yves over 3 years ago

  • Status changed from Resolved to To merge

#11 Updated by Van Hoecke Hélène over 3 years ago

  • Status changed from To merge to Closed
  • Assignee deleted (Van Hoecke Hélène )
  • Target version set to 4.3.2

Also available in: Atom PDF