EllisLab text mark
Advanced Search
     
Template restrictions/redirects not working RSS feeds
 
zerovapor
Posted: 28 April 2012 02:30 PM   [ Ignore ]
Joined: 2011-07-13
13 posts

This question may be related to a resolved thread.

So I’ve tried the suggested fix there and have no luck with RSS feeds. Im looking for possible other solutions. Thanks
 
fram
Posted: 28 April 2012 03:20 PM   [ Ignore ]   [ # 1 ]   [ Rating: 0 ]
Joined: 2011-10-27
8 posts

Are you trying to redirect an RSS feed to a HTML page ?
I tried to redirect an RSS feed template to an HTML page and EE is correctly serving the HTML page but with the wrong content type in the http header.
This makes the browser try to load the content using the RSS reader and an error occurs.

This looks like a bug because the HTML template should be served with the correct content type.

A workaround for making this work is to redirect the feed to a no_auth feed with just a single item that tells the user that he is not authorized to access the feed.
In the page where you have the feed link you could display the link only for the authorized users.

FraM
 
zerovapor
Posted: 28 April 2012 05:12 PM   [ Ignore ]   [ # 2 ]   [ Rating: 0 ]
Joined: 2011-07-13
13 posts

That could have been one issue but its still not stopping users whom loggin via http access from seeing the private rss feed IE

user:: temp
group:: member

template podcast/private
access no to all except subscription users

user temp is still allowed to view this feed even though this user doesnt have the proper group id.
 
fram
Posted: 28 April 2012 05:54 PM   [ Ignore ]   [ # 3 ]   [ Rating: 0 ]
Joined: 2011-10-27
8 posts

I tried a configuration similar to yours and it’s working as it should on my 2.4 installation with the patch mentioned in your post.
If I use the authentication credentials of a user belonging to an unauthorized group the browser prompts the authentication dialog again.

Please check your configuration and make sure that you restart your browser when you want to test a different user.

FraM
 
zerovapor
Posted: 29 April 2012 01:25 AM   [ Ignore ]   [ # 4 ]   [ Rating: 0 ]
Joined: 2011-07-13
13 posts

Odd I tried on my local machine and it works fine. Tried on production and it fails.  Using rackspace cloud for hosting. Any ideas? I have a dedicated server if i need to move it off of rackspace.
 
Dan Decker
Posted: 30 April 2012 01:01 PM   [ Ignore ]   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2005-10-18
7340 posts

Hi zerovapor,

What version of ExpressionEngine are you using? There are some bugs in template restrictions when it comes to the last couple of versions.

Also, http authentication doesn’t play well with PHP as CGI, if you are using that. Are you having trouble with any other template types, or only RSS?

Any further details you can provide would be handy!

Thanks!

 Signature 

How may I help you?
 
zerovapor
Posted: 04 May 2012 11:15 PM   [ Ignore ]   [ # 6 ]   [ Rating: 0 ]
Joined: 2011-07-13
13 posts

*************EDIT ***************************

if you look at this bug fix https://support.ellislab.com/bugs/detail/17402  it fixes part of the problem this is there the real issue is

/system/expressionengine/libraries/auth.php line 139

function authenticate_http_basic

/**
 * Authenticate from basic http auth
 *
 * @access public
 */
public function authenticate_http_basic($not_allowed_groups = array(),$realm='Authentication Required')
 {
  $always_disallowed = array(234);

  $not_allowed_groups array_merge($not_allowed_groups$always_disallowed);

  if ( ! $this->_retrieve_http_basic())
  {
   @header('WWW-Authenticate: Basic realm="'.$realm.'"');
   $this->EE->output->set_status_header(401);
   @header("Date: ".gmdate("D, d M Y H:i:s")." GMT");
   exit("HTTP/1.0 401 Unauthorized");
  }

  return TRUE;
 

$not_allowed_groups is being set but its never being checked against anything. Im currently trying to work on a fix for this.

One fix I’ve found so far is passing $now_allowed_groups  to _authenticate() line 425.  But i haven’t tested this enough to even suggest it for a production site and wouldn’t suggest doing it.

 

******************Notice With Fix ***************************
So I found a way to correct the issue with authenticate_http_basic(). you can find my fix here.  https://gist.github.com/2600813 . Please if you find any bugs or issues let me know so I can fix them.