Authentication¶
Default Auth Service¶
By default, user credentials are stored in a json file. For some use cases, this is enough. It also makes this application lightweight since no database is required.
The default handler only accepts a filename parameter. This file should be writable by the web server.
'Filebrowser\Services\Auth\AuthInterface' => [
'handler' => '\Filebrowser\Services\Auth\Adapters\JsonFile',
'config' => [
'file' => __DIR__.'/private/users.json',
],
],
Configuring Auth Service to Use A Database¶
You can also use a MySQL database to store your users.
First, create a table users
with this sql query:
CREATE TABLE `users` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`name` varchar(255) NOT NULL,
`role` varchar(20) NOT NULL,
`permissions` varchar(200) NOT NULL,
`homedir` varchar(2000) NOT NULL,
`password` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `username` (`username`)
) CHARSET=utf8 COLLATE=utf8_bin;
Then, import default users with sql query:
INSERT INTO `users` (`username`, `name`, `role`, `permissions`, `homedir`, `password`)
VALUES
('guest', 'Guest', 'guest', '', '/', ''),
('admin', 'Admin', 'admin', 'read|write|upload|download|batchdownload|zip', '/', '$2y$10$Nu35w4pteLfc7BDCIkDPkecjw8wsH8Y2GMfIewUbXLT7zzW6WOxwq');
At the end, open configuration.php
, and update the AuthInterface handler
with your database settings:
'Filebrowser\Services\Auth\AuthInterface' => [
'handler' => '\Filebrowser\Services\Auth\Adapters\Database',
'config' => [
'driver' => 'mysqli',
'host' => 'localhost',
'username' => 'root',
'password' => 'password',
'database' => 'filebrowser',
],
],
Configuring Auth Service to Use WordPress¶
Replace your current Auth handler in configuration.php
file, like
so:
'Filebrowser\Services\Auth\AuthInterface' => [
'handler' => '\Filebrowser\Services\Auth\Adapters\WPAuth',
'config' => [
'wp_dir' => '/var/www/my_wordpress_site/',
'permissions' => ['read', 'write', 'upload', 'download', 'batchdownload', 'zip'],
'private_repos' => false,
],
],
You can then adjust the following configuration elements:
wp_dir
should be the directory path of your wordpress installation,permissions
is the array of permissions given to each user,private_repos
must be set to true or false, in order to allow, or not, each user to have his own home folder.
With more recent versions of the FileBrowser you can set guest_redirection
in your configuration.php
to redirect logged out users back to your WordPress site, like so:
'frontend_config' => [
...
'guest_redirection' => 'http://example.com/wp-admin/',
...
]
Configuring Auth Service to Use LDAP¶
Replace your current Auth handler in configuration.php
file, like so:
'Filebrowser\Services\Auth\AuthInterface' => [
'handler' => '\Filebrowser\Services\Auth\Adapters\LDAP',
'config' => [
'private_repos' => false,
'ldap_server'=>'ldap://192.168.1.1',
'ldap_bindDN'=>'uid=ldapbinduser,cn=users,dc=ldap,dc=example,dc=com',
'ldap_bindPass'=>'ldapbinduser-password',
'ldap_baseDN'=>'cn=users,dc=ldap,dc=example,dc=com',
'ldap_filter'=>'(uid=*)', //ex: 'ldap_filter'=>'(&(uid=*)(memberOf=cn=administrators,cn=groups,dc=ldap,dc=example,dc=com))',
'ldap_attributes' => ["uid","cn","dn"],
'ldap_userFieldMapping'=> [
'username' =>'uid',
'name' =>'cn',
'userDN' =>'dn',
'default_permissions' => 'read|write|upload|download|batchdownload|zip',
'admin_usernames' =>['user1', 'user2'],
],
],
],
Custom Authentication Using Third-Party Software¶
If you want to use FileBrowser as a part of another application, you probably already have users stored somewhere else. What you need in this case is to build a new custom Auth adapter that matches the AuthInterface to connect the applications together. This new adapter will allow the FileBrowser tp try to authenticate users with the other application, and then translate each new user into one of its User objects.
API Authentication¶
When using the Authentication API, FileBrowser’s front end application will use session-based authentication to authenticate users, and interact with the FileBrowser’s back end handlers.
Note
The application will not work if you disable cookies.