Merge pull request #10 from halkyon/basicauth_support

Provide a way to enable basic auth for authenticating dev/check URL.
silverstripe · Jun 19, 2014 · e77fc5c · e77fc5c
2 parents 9d930c1 + cda00c8
commit e77fc5c
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -37,6 +37,21 @@ Register checks in your own `_config.php` - see the `_config.php` in this module
  * `ExternalURLCheck`: Checks that one or more URLs are reachable via HTTP.
  * `SMTPConnectCheck`: Checks if the SMTP connection configured through PHP.ini works as expected.
 
+## Authentication
+
+By default, accessing the `dev/check` URL will not require authentication on CLI and dev environments, but if you're
+trying to access it on a live or test environment, it will respond with a 403 HTTP status unless you're logged in as
+an administrator on the site.
+
+You may wish to have an automated service check `dev/check` periodically, but not want to open it up for public access.
+You can enable basic authentication by defining the following in your environment:
+
+	define('ENVCHECK_BASICAUTH_USERNAME', 'test');
+	define('ENVCHECK_BASICAUTH_PASSWORD', 'password');
+
+Now if you access `dev/check` in a browser it will pop up a basic auth popup, and if the submitted username and password
+match the ones defined the username and password defined in the environment, access will be granted to the page.
+
 ## Adding more checks
 
 To add more checks, you should put additional `EnvironmentCheckSuite::register` calls into your `_config.php`.  See the `_config.php` file of this module for examples.

diff --git a/code/EnvironmentChecker.php b/code/EnvironmentChecker.php
@@ -29,7 +29,34 @@ function __construct($checkSuiteName, $title) {
 	}
 
 	function init($permission = 'ADMIN') {
-		if(!$this->canAccess(null, $permission)) return $this->httpError(403);
+		// if the environment supports it, provide a basic auth challenge and see if it matches configured credentials
+		if(defined('ENVCHECK_BASICAUTH_USERNAME') && defined('ENVCHECK_BASICAUTH_PASSWORD')) {
+			if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+				// authenticate the input user/pass with the configured credentials
+				if(
+					!(
+						$_SERVER['PHP_AUTH_USER'] == ENVCHECK_BASICAUTH_USERNAME
+						&& $_SERVER['PHP_AUTH_PW'] == ENVCHECK_BASICAUTH_PASSWORD
+					)
+				) {
+					$response = new SS_HTTPResponse(null, 401);
+					$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
+					// Exception is caught by RequestHandler->handleRequest() and will halt further execution
+					$e = new SS_HTTPResponse_Exception(null, 401);
+					$e->setResponse($response);
+					throw $e;
+				}
+			} else {
+				$response = new SS_HTTPResponse(null, 401);
+				$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
+				// Exception is caught by RequestHandler->handleRequest() and will halt further execution
+				$e = new SS_HTTPResponse_Exception(null, 401);
+				$e->setResponse($response);
+				throw $e;
+			}
+		} else {
+			if(!$this->canAccess(null, $permission)) return $this->httpError(403);
+		}
 	}
 
 	function canAccess($member = null, $permission = "ADMIN") {
@@ -115,4 +142,4 @@ public static function get_email_results() {
 		return self::$email_results;
 	}
 
-}
+}