DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authpdo:nextcloud

This is an old revision of the document!


authPDO

Nextcloud

Configuration for authPDO plugin to authenticate with open-source private cloud system.

Scenario

In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12) to make edits in the Wiki. The wiki is not open to all. Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.

In this example, the Nextcloud release is version 12, running on PostgreSQL.

Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.

Modification of core files

Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().

Specifically these changes need to be done to PassHash.class.php:

Somewhere around lines 54ff:

elseif(preg_match('/^1\|\$2(a|y)\$(.{2})\$/', $hash, $m)) {
    $method = 'nextcloud';
    $salt   = $hash;
}

This is the auto detection part that compares the first part of the hash string to the expected format with a regular expression.

Then much further below the actual hash function:

public function hash_nextcloud($clear, $salt = null, $compute = 10) {
    $currentVersion = 1;
    $options = [
       'cost' => 10,
    ];
    return $currentVersion . '|' . password_hash($clear, PASSWORD_DEFAULT, $options);
}

This is still untested, but should work I hope.

Plugin Configuration

This guide is a work in progress

Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().

In the AuthPDO section, configure the following:

plugin>authpdo>debug Checkbox - enable this for testing, otherwise disable
plugin>authpdo>dsn pgsql:host=localhost;port=5432;dbname=mydatabasename
plugin>authpdo>user <DB-USERNAME>
plugin>authpdo>pass <DB-PASSWORD>
plugin>authpdo>select-user SELECT uid AS user, password AS hash, displayname AS name FROM nc_users WHERE uid=':user' (currently without email, not working)
plugin>authpdo>check-pass
plugin>authpdo>select-user-groups SELECT gid AS 'group', uid FROM nc_group_user WHERE uid=':user' (not tested)
Other fields Leave empty

Note: Instead of using the same PostgreSQL user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.

In the Authentication section:

authtype authpdo
passcrypt bcrypt
defaultgroup users
superuser
manager
disableactions Uncheck everything to prevent users registering in Dokuwiki

Note: “passcrypt = bcrypt” doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above). If you want to do this more likely more corefile modifications are necessary.

plugin/authpdo/nextcloud.1508017529.txt.gz · Last modified: 2017-10-14 23:45 by 178.7.64.55

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki