External authentication without double-login in tt-rss

30 Dez

I already wrote about tiny tiny RSS (tt-rss) in this article.

So far, the login-mechanism of tt-rss was used. However, tt-rss also allows to use authentication mechanisms of an webserver, which allowes the usage of htAccess and htUser-Files.

To activate external authentication, I first edited config.php and changed ALLOW_REMOTE_USER_AUTH to true (you find it around line 130):

define('ALLOW_REMOTE_USER_AUTH', true);

After that, I hat to tell Apache to protect the directory:

<Directory /var/www/tt-rss>
        AuthName "RSS Feedreader"
        AuthType Basic
        Require valid-user
        AuthUserFile /my/user/file
</Directory>

After reloading Apache I was a bit surprised. I got an authentication-dialog, entered username and password, and got the tt-rss login screen. The funny thing: the username I entered here was ignored. But I had to enter something.

I tried to find out why this happened. I finally found a little hack which prevented the login screen:

In functions.php, I edited line 1959. I replaced

if ($login_action == "do_login") {

through

if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
        && $_SERVER["REMOTE_USER"] && $login != "admin") {
    authenticate_user($link, '', '');
    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
} elseif ($login_action == "do_login") {

And finally it worked. As far as I can tell, this hack has no side-effects. It even works with the mobile view. But I don’t want to be responsible for any problem 😉

Have fun!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert