mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-10-24 00:06:11 +02:00
Code Issues Projects Releases Wiki Activity
Files
c4a83e35425f1565148ab0993cdd5c5bb80e53d6
filegator/docs/configuration/auth.md
Luiz Kill a48fa3c717 Adds an attributes parameter to the ldap adapter (#184) 
* Adds an attribute parameter to the ldap adapter

Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.

(from https://www.php.net/manual/en/function.ldap-search.php)

* Updates the docs about ldap_attributes parameter

* Enhances portuguese translation

* Update backend/Services/Auth/Adapters/LDAP.php

Commit suggestion
2021-02-18 09:18:30 +01:00

126 lines
4.7 KiB
Markdown
Raw Blame History

---
currentMenu: auth
---
## Default Auth service
By default, users are stored in json file. For some use-cases, this is enough. It also makes this app lightweight since no database is required.
Default handler accepts only file name parameter. This file should be writable by the web server.
```
'Filegator\Services\Auth\AuthInterface' => [
'handler' => '\Filegator\Services\Auth\Adapters\JsonFile',
'config' => [
'file' => __DIR__.'/private/users.json',
],
],
```
## Configuring Auth service to use database
You can use mysql database to store your users.
First, create a table `users` with this sql query:
```
CREATE TABLE `users` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`name` varchar(255) NOT NULL,
`role` varchar(20) NOT NULL,
`permissions` varchar(200) NOT NULL,
`homedir` varchar(2000) NOT NULL,
`password` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `username` (`username`)
) CHARSET=utf8 COLLATE=utf8_bin;
```
Then, import default users with sql query:
```
INSERT INTO `users` (`username`, `name`, `role`, `permissions`, `homedir`, `password`)
VALUES
('guest', 'Guest', 'guest', '', '/', ''),
('admin', 'Admin', 'admin', 'read|write|upload|download|batchdownload|zip', '/', '$2y$10$Nu35w4pteLfc7BDCIkDPkecjw8wsH8Y2GMfIewUbXLT7zzW6WOxwq');
```
At the end, open `configuration.php` and update AuthInterface handler to reflect your database settings:
```
'Filegator\Services\Auth\AuthInterface' => [
'handler' => '\Filegator\Services\Auth\Adapters\Database',
'config' => [
'driver' => 'mysqli',
'host' => 'localhost',
'username' => 'root',
'password' => 'password',
'database' => 'filegator',
],
],
```
## Configuring Auth service to use WordPress
Replace your current Auth handler in `configuration.php` file like this:
```
'Filegator\Services\Auth\AuthInterface' => [
'handler' => '\Filegator\Services\Auth\Adapters\WPAuth',
'config' => [
'wp_dir' => '/var/www/my_wordpress_site/',
'permissions' => ['read', 'write', 'upload', 'download', 'batchdownload', 'zip'],
'private_repos' => false,
],
],
```
Adjust in the config above:
- `wp_dir` should be the directory path of your wordpress installation
- `permissions` is the array of permissions given to each user
- `private_repos` each user will have its own sub folder, admin will see everything (false/true)
Note: With more recent versions of FileGator you can set `guest_redirection` in your `configuration.php` to redirect logged-out users back to your WP site:
```
'frontend_config' => [
...
'guest_redirection' => 'http://example.com/wp-admin/',
...
]
```
## Configuring Auth service to use LDAP
Replace your current Auth handler in `configuration.php` file like this:
```
'Filegator\Services\Auth\AuthInterface' => [
'handler' => '\Filegator\Services\Auth\Adapters\LDAP',
'config' => [
'private_repos' => false,
'ldap_server'=>'ldap://192.168.1.1',
'ldap_bindDN'=>'uid=ldapbinduser,cn=users,dc=ldap,dc=example,dc=com',
'ldap_bindPass'=>'ldapbinduser-password',
'ldap_baseDN'=>'cn=users,dc=ldap,dc=example,dc=com',
'ldap_filter'=>'(uid=*)', //ex: 'ldap_filter'=>'(&(uid=*)(memberOf=cn=administrators,cn=groups,dc=ldap,dc=example,dc=com))',
'ldap_attributes' => ["uid","cn","dn"],
'ldap_userFieldMapping'=> [
'username' =>'uid',
'name' =>'cn',
'userDN' =>'dn',
'default_permissions' => 'read|write|upload|download|batchdownload|zip',
'admin_usernames' =>['user1', 'user2'],
],
],
],
```
## Custom Authentication using 3rd party
If you want to use FileGator as a part of another application, you probably already have users stored somewhere else. What you need in this case is to build a new custom Auth adapter that matches the [AuthInterface](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/AuthInterface.php) to connect those two. This new adapter will try to authenticate users in your application and translate each user into filegator [User](https://github.com/filegator/filegator/blob/master/backend/Services/Auth/User.php) object.
## API authentication
Front-end will use session based authentication to authenticate and consume the back-end.
Note: The application will not work if you disable cookies.
Reference in New Issue View Git Blame Copy Permalink