HTTP AUTH no longer working following upgrade

Forum for questions and support relating to the 1.34.x releases only.
Post Reply
User avatar
MJN
Posts: 250
Joined: Wed Jan 17, 2007 10:29 am
Location: Wiltshire, UK
Contact:

HTTP AUTH no longer working following upgrade

Post by MJN » Wed Mar 04, 2020 11:01 pm

FIrstly, apologies for the 3rd consecutive post following my upgrade from v1.32.2 to v1.34.5 - they are not intended to be gripes, or at least not at ZoneMinder anyway!

For years now (just gone 13!) I've been using HTTP basic authentication (sent through HTTPS) with Zoneminder and only now following the upgrade has it stopped working. Specifically, it appears to be causing an infinite redirect on login such that I can't access the system. Chrome reports 'ERR_TOO_MANY_REDIRECTS' and Firefox something more ambiguous but enabling the network developer tool shows mutliple redirects too.

My Apache config is the default /etc/apache2/conf-available/zoneminder.conf file supplied with the package (installed via iconnor's PPA) with the addition of the following simple config added to the <Directory /usr/share/zoneminder/www> directive:

Code: Select all

AuthType Basic
AuthName "ZoneMinder - Unauthorised Access Prohibited"
AuthUserFile /home/mathew/NewtonNet/zmhtpasswds 
Require valid-user
The relevant (or what I assume to be relevant) ZoneMinder config options are:

Screenshot from 2020-03-04 22-55-10.png
Screenshot from 2020-03-04 22-55-10.png (50.72 KiB) Viewed 2829 times

If I disable HTTP authentication I am presented with the ZoneMinder authentication screen (which I've never seen before) and I can login fine.

I don't expect anyone to debug what I can only assume is any issue with my own configuration, but if anything jumps out I would be ever so grateful for it being pointed out. I have been randomly trying different ZoneMinder options without success but I am stabbing in the dark with this strategy.

rockedge
Posts: 1154
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by rockedge » Wed Mar 04, 2020 11:35 pm

have you worked with AUTH_TYPE set to builtin?
set AUTH_RELAY to hashed and supply a string for AUTH_HASH_SECRET

remove the block

Code: Select all

AuthType Basic
AuthName "ZoneMinder - Unauthorised Access Prohibited"
AuthUserFile /home/mathew/NewtonNet/zmhtpasswds 
Require valid-user
test and see if that works better.

otherwise the login screen should not appear using HTTP basic authentication I don't think.

User avatar
MJN
Posts: 250
Joined: Wed Jan 17, 2007 10:29 am
Location: Wiltshire, UK
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by MJN » Wed Mar 04, 2020 11:46 pm

rockedge wrote:
Wed Mar 04, 2020 11:35 pm
have you worked with AUTH_TYPE set to builtin?
set AUTH_RELAY to hashed and supply a string for AUTH_HASH_SECRET

remove the block

Code: Select all

AuthType Basic
AuthName "ZoneMinder - Unauthorised Access Prohibited"
AuthUserFile /home/mathew/NewtonNet/zmhtpasswds 
Require valid-user
test and see if that works better.
Thanks for your thoughts on this.

With the configuration as advised, I can log in (via ZoneMinder's own login screen). But my issue is I want to use HTTP basic authentication as I have various other rudimentary clients pulling streams from Zoneminder that can handle HTTP AUTH but seemingly not interface with Zoneminder's built-in authentication. I could of course revert back to v1.32.3 but obviously I'd rather not do that.
otherwise the login screen should not appear using HTTP basic authentication I don't think.
Indeed, and it doesn't with the AUTH-TYPE set to remote. More specifically, it never used to - now I can't get anything to appear when HTTP auth is enabled in Apache because of the endless redirects.

rockedge
Posts: 1154
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by rockedge » Wed Mar 04, 2020 11:53 pm

I understand why you would like it to remain with basic auth.

you are on version 1.34+ correct? have you also enabled Options->System->OPT_USE_LEGACY_API_AUTH ?

I don't think that is it though.

User avatar
asker
Posts: 1397
Joined: Sun Mar 01, 2015 12:12 pm

Re: HTTP AUTH no longer working following upgrade

Post by asker » Wed Mar 04, 2020 11:57 pm

Yeah, I think basic auth is completely broken in 1.34. Isaac mentioned it in slack yesterday. I don't use it, but he might be looking into fixing it now (if he hasn't fixed it already)
--
My collection of ZoneMinder learnings:
https://wiki.zoneminder.com/Various_ZM_thoughts

User avatar
MJN
Posts: 250
Joined: Wed Jan 17, 2007 10:29 am
Location: Wiltshire, UK
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by MJN » Thu Mar 05, 2020 12:14 am

rockedge wrote:
Wed Mar 04, 2020 11:53 pm
I understand why you would like it to remain with basic auth.
It always felt quite simple for me, and I've always been confident in its use (when used within HTTPS).

As a temporary workaround I have disabled OPT_USE_AUTH in ZoneMinder and reenabled HTTP AUTH in Apache. This gives me the access control I require, albeit without the ability to control what individual users can do within ZoneMinder. Truth be told that could be an acceptable long-term solution for me as there is only me that accesses it and I'd only set up different users to limit what certain 3rd party devices could access (including my homemade Internet-enable cat feeder of all things!).
you are on version 1.34+ correct? have you also enabled Options->System->OPT_USE_LEGACY_API_AUTH ?

I don't think that is it though.
Worth asking though but, yes, I've tried with that enabled (I think it's the default judging by the explanatory text).

User avatar
MJN
Posts: 250
Joined: Wed Jan 17, 2007 10:29 am
Location: Wiltshire, UK
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by MJN » Thu Mar 05, 2020 12:17 am

asker wrote:
Wed Mar 04, 2020 11:57 pm
Yeah, I think basic auth is completely broken in 1.34. Isaac mentioned it in slack yesterday. I don't use it, but he might be looking into fixing it now (if he hasn't fixed it already)
Ah, okay! That's actually good news (for me) because I was at a complete loss as to how my Apache config could've been incompatible and no longer giving the intended result. Dare I say it but I even thought 'if I can't get this working I might need to look elsewhere'! As mentioned, I've been using Zoneminder for 13 years now (since 2007) and so it would be with some regret if that ended up being the case.

As mentioned above I've disabled OPT_USE_AUTH and then may well prove to be perfectly acceptable for my requirements with just HTTP AUTH being used to control access (to my Zoneminder installation as a whole rather than restricting access to particular cameras and features).

User avatar
MJN
Posts: 250
Joined: Wed Jan 17, 2007 10:29 am
Location: Wiltshire, UK
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by MJN » Thu Mar 05, 2020 12:42 am

Aaagh... just discovered someone has already filed a bug here. Apologies for all the noise here.

User avatar
iconnor
Posts: 1325
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: HTTP AUTH no longer working following upgrade

Post by iconnor » Thu Mar 05, 2020 1:26 am

I believe I have it fixed in master, will be in 1.34.6.

Lots of interesting considerations though. There may be further work to do here.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests