It is impossible to publish documents to a MediaWiki with the provided extension if the Wiki uses Basic Authentication instead of the Wiki logon screen.
Basic Authentication is officially supported by MedIaWiki, so the extension should be able to handle it.
It fails as early as adding the URL to the server list.
Tested on Linux and Windows. Both behave the same (the JAR file of the extension is the same anyways).
Steps to Reproduce:
1. Configure a MediaWiki that uses Basic Authentication
a. Requires wfLoadExtension( 'Auth_remoteuser' ); in LocalSettings.php
b. Requires matching Apache Config
2. Add the Wiki to the MediaWiki Publisher Extension
3. Even adding the URL will fail. The server log will show it responded with 401 (as it should be)
Adding the URL to the MediWiki fails. Posting articles if of course also impossible then.
The extension detects the Basic Authentication and uses it instead of the Wiki logon screen.
User Profile Reset: No
It is possible to patch the extension to always include the Basic Auth header by adding
String basicAuth = Base64.getEncoder().encodeToString((sWikiUser+":"+sWikiPass).getBytes(StandardCharsets.UTF_8));
connGet.setRequestProperty("Authorization", "Basic " + basicAuth);
Note that the User/Password variable names are different depending on the part of the change.
This is of course just an ugly hack to prove it is working and actually a very bad idea to always send user and password even on plain text connections, so please do not use this in a productive environment.
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Created attachment 137648 [details]
Extremely ugly POC patch - do NOT use!!!
With this patch it is possible to access a MediWiki which uses Basic Auth and post an article. Even though the article is posted, the extension still displays an error message. It seems that the extension tries to read the newly created article but does not use the Basic Auth header this time (and also ignored the set user agent)
xxx - sen [09/Nov/2017:18:32:14 +0100] "POST /index.php?title=Test&action=submit HTTP/1.1" 302 1229 "-" "LibreOffice Wiki Publisher 1.2.1"
xxx - - [09/Nov/2017:18:32:14 +0100] "GET /Test HTTP/1.1" 401 1120 "-" "Java/1.8.0_144"
Note that I changed the Special Page from logon to ListUsers as a MediaWiki using Basic Auth does not provide this page. Also just an ugly hack.
Hello Sven Neuz,
Still working on this issue?
Would you mind submitting a patch to gerrit for review? More info: https://wiki.documentfoundation.org/Development/gerrit/SubmitPatch
Actually I don't work on this issue, I just reported it. I created this really ugly POC patch to see if it works at all. Of course I can submit it but it *should not be used* as it will break the "normal" login and does have a terrible coding style.
A new major release of LibreOffice is available since this bug was reported.
Could you please try to reproduce it with the latest version of LibreOffice
from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to
'UNCONFIRMED' if the bug is still present in the latest version.
Still the same issue in 188.8.131.52.