Bug 113743 - MediaWiki publisher does not work with Wiki configured to use Basic Authentication
Summary: MediaWiki publisher does not work with Wiki configured to use Basic Authentic...
Status: UNCONFIRMED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Extensions (show other bugs)
Version:
(earliest affected)
5.4.2.2 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-09 18:08 UTC by Sven Neuz (SERPENTEQ)
Modified: 2018-12-19 13:10 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments
Extremely ugly POC patch - do NOT use!!! (2.81 KB, patch)
2017-11-09 18:19 UTC, Sven Neuz (SERPENTEQ)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Neuz (SERPENTEQ) 2017-11-09 18:08:05 UTC
Description:
It is impossible to publish documents to a MediaWiki with the provided extension if the Wiki uses Basic Authentication instead of the Wiki logon screen. 

Basic Authentication is officially supported by MedIaWiki, so the extension should be able to handle it. 

It fails as early as adding the URL to the server list.

Tested on Linux and Windows. Both behave the same (the JAR file of the extension is the same anyways).

Steps to Reproduce:
1. Configure a MediaWiki that uses Basic Authentication
a. Requires wfLoadExtension( 'Auth_remoteuser' ); in LocalSettings.php
b. Requires matching Apache Config
2. Add the Wiki to the MediaWiki Publisher Extension 
3. Even adding the URL will fail. The server log will show it responded with 401 (as it should be)

Actual Results:  
Adding the URL to the MediWiki fails. Posting articles if of course also impossible then.

Expected Results:
The extension detects the Basic Authentication and uses it instead of the Wiki logon screen.


Reproducible: Always


User Profile Reset: No



Additional Info:
It is possible to patch the extension to always include the Basic Auth header by adding
String basicAuth = Base64.getEncoder().encodeToString((sWikiUser+":"+sWikiPass).getBytes(StandardCharsets.UTF_8));
connGet.setRequestProperty("Authorization", "Basic " + basicAuth);

Note that the User/Password variable names are different depending on the part of the change.

This is of course just an ugly hack to prove it is working and actually a very bad idea to always send user and password even on plain text connections, so please do not use this in a productive environment.


User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Comment 1 Sven Neuz (SERPENTEQ) 2017-11-09 18:19:38 UTC
Created attachment 137648 [details]
Extremely ugly POC patch - do NOT use!!!

With this patch it is possible to access a MediWiki which uses Basic Auth and post an article. Even though the article is posted, the extension still displays an error message. It seems that the extension tries to read the newly created article but does not use the Basic Auth header this time (and also ignored the set user agent)

xxx - sen [09/Nov/2017:18:32:14 +0100] "POST /index.php?title=Test&action=submit HTTP/1.1" 302 1229 "-" "LibreOffice Wiki Publisher 1.2.1"
xxx - - [09/Nov/2017:18:32:14 +0100] "GET /Test HTTP/1.1" 401 1120 "-" "Java/1.8.0_144"

Note that I changed the Special Page from logon to ListUsers as a MediaWiki using Basic Auth does not provide this page. Also just an ugly hack.
Comment 2 Xisco Faulí 2018-06-12 11:06:14 UTC
Hello Sven Neuz,
Still working on this issue?
Would you mind submitting a patch to gerrit for review? More info: https://wiki.documentfoundation.org/Development/gerrit/SubmitPatch
Comment 3 Sven Neuz (SERPENTEQ) 2018-06-18 09:59:04 UTC
Actually I don't work on this issue, I just reported it. I created this really ugly POC patch to see if it works at all. Of course I can submit it but it *should not be used* as it will break the "normal" login and does have a terrible coding style.
Comment 4 Xisco Faulí 2018-12-19 10:57:22 UTC
A new major release of LibreOffice is available since this bug was reported.
Could you please try to reproduce it with the latest version of LibreOffice
from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to
'UNCONFIRMED' if the bug is still present in the latest version.
Comment 5 Sven Neuz (SERPENTEQ) 2018-12-19 13:10:02 UTC
Still the same issue in 6.1.0.3.