Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing user access to search list and fuzzy search while limiting access to management tools #457

Open
pengchuan-lin-bp opened this issue Feb 10, 2023 · 1 comment
Open

Allowing user access to search list and fuzzy search while limiting access to management tools #457

pengchuan-lin-bp opened this issue Feb 10, 2023 · 1 comment

Comments

@pengchuan-lin-bp
Copy link

Hello,

First of all, great work!

I tried to limit user access to management tools in OSS. I followed the instructions, and it worked great!

However, because search list and fuzzy search functionalities are both added via Django webapps, limiting user access to management tools under /search-apps also blocks out search list and fuzzy search functionalities as well, which is not ideal since they are not really management tools and should be open to the users.

After some online searching, I found a hacky way to allow user access to search list and fuzzy search while limiting access to management tools by modifying /src/open-semantic-search-apps/etc/opensemanticsearch-django-webapps/apache.conf:

	<If "-f '/etc/opensemanticsearch-django-webapps/.htpasswd'">

		AuthType Basic
		AuthUserFile /etc/opensemanticsearch-django-webapps/.htpasswd
		AuthName "Open Semantic Search"

		# The two lines below are added in
		SetEnvIf Request_URI /search-apps/morphology noauth
		SetEnvIf Request_URI /search-apps/search-list noauth

		<RequireAny>
			#The line below is added in
			Require env noauth
			Require valid-user
			Require ip 127.0.0.1
			Require ip ::1
		</RequireAny>

	</If>

The three lines that were added in will make exceptions for search list and fuzzy search based on their URL, but this method also introduces some issues:

  1. If and only if search and management tools both require authentications, then user can access search list and fuzzy search even without proper authentication for search. Basically, search authentication won't get checked because management tools authentication already exits, which gets bypassed anyway.
  2. The formatting of search list and fuzzy search page will be awkward because css files seems to have trouble loading.

Just raising this issue to because search list and fuzzy search shouldn't count as management tools in my opinion, as well as to help anyone that has similar issues.
@mrdacina
Copy link

mrdacina commented Mar 7, 2023

Hello My Friend,

How can I do authentication with domain user and password?

Best Regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pengchuan-lin-bp @mrdacina