Announcement

Collapse
No announcement yet.

Can a script read Basic Authentication?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Can a script read Basic Authentication?

    I'm working on a module that will receive incoming JSON requests from a fulfillment house, and use the data to update order status. The fulfillment server can send requests with Basic authentication, using a username and password that we specify. But is it possible for a script or module to read the HTTP headers of an incoming request to json.mvc?

    The documentation mentions a system variable, s.auth_type, which may be related to this. But the description is so vague, I can't tell what it actually contains.

    Thanks --
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    #2
    Hi Kent,
    I am almost certain this can be done, but I am not at my main computer, and can't locate any code to help...
    Hopefully someone else can chime in.

    Bill
    William Gilligan - Orange Marmalade, Inc.
    www.OrangeMarmaladeinc.com

    Comment


      #3
      You can read the headers as part of s.HTTP_xxx variable. So you'd probably want s.HTTP_AUTHENTICATION or something along those lines.
      David Carver
      Miva, Inc. | Software Developer

      Comment


        #4
        Hi David, that doesn't seem to be working for me. The header is called "Authorization," not "Authentication." I did a few tests using curl to send requests with the "Authorization: Basic XXXXXXX" header. The module's log file shows that it received the requests, but the variable s.http_authorization came up empty every time.

        Can you please check on the correct syntax for this? If there's documentation on it, you can just send me a link. I wasn't able to find anything in the descriptions of system variables.

        Maybe there's some config setting that I need to change to enable this variable?

        Thanks -- Kent
        Kent Multer
        Magic Metal Productions
        http://TheMagicM.com
        * Web developer/designer
        * E-commerce and Miva
        * Author, The Official Miva Web Scripting Book -- available on-line:
        http://www.amazon.com/exec/obidos/IS...icmetalproducA

        Comment


          #5
          We don't modify any HTTP headers. From a quick search it appears Apache strips that header. https://stackoverflow.com/questions/...p-post-request

          I verified that NGINX does not do this FWIW.
          David Carver
          Miva, Inc. | Software Developer

          Comment


            #6
            Thanks David, that solved the problem. For anyone else who's reading along, you have to add these lines to .htaccess to allow Miva to see the header:
            Code:
            RewriteEngine On
            RewriteCond %{HTTP:Authorization} ^(.*)
            RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
            The first line, of course, is probably already present in the file. In that case, put the two new lines somewhere after it.
            Kent Multer
            Magic Metal Productions
            http://TheMagicM.com
            * Web developer/designer
            * E-commerce and Miva
            * Author, The Official Miva Web Scripting Book -- available on-line:
            http://www.amazon.com/exec/obidos/IS...icmetalproducA

            Comment

            Working...
            X