Moodle Plugins directory: HTTP Basic authentication | Moodle.org
HTTP Basic authentication
Brendan Heywood, Enable users to authenticate using basic auth.
This is more for dev purposes and allows easier testing with tools such as webpage test, page speed, link checkers etc which often can use basic auth out of the box, and you don't want to, or cannot, customise just to handle moodle specific authentication.
Even in production this has value for use cases such as performance regression testing using a real user and a real page which does a full bootstrap.
Unlike the core 'no authentication' plugin, this still requires real users and does proper password checks. It does ignore the auth type against the account, eg manual, ldap, smtp so can be used side by side with other auth plugins, as long as those plugins store or cache the password, ie prevent_local_passwords() returns false for those plugins. So it can only be used with existing accounts and doesn't create accounts.
From a security perspective this auth plugin is exactly as secure as the manual auth plugin, so this should only be used in conjunction with https.
Screenshots
Contributors
The plugin looks good - it's simple and useful.
Would you mind fixing at least more important prechecker errors (eg @copyright, __construct(), visibility).
Also, note that the redirect you do:
$urltogo = '/';
won't work correctly if Moodle is installed in sub-directory (e.g. example.com/moodle) - you should redirect to root WWW instead.
Thanks for sharing !
Tomek
Current version 2014121100 (2014121100)
Release date: Thursday, December 11, 2014, 3:37 AM
Previous versions 2014121903 (2014121903)
Release date: Friday, January 9, 2015, 2:34 AM
maybe you just need to put info on the latest version that it's for Moodle 2.7, 2.8 - could you just update it.
I've fleshed out the install instructions here:
https://github.com/CatalystIT-AU/moodle-auth_basic#installation
This goes into /auth/basic/
Support for 3.3 and 3.4 has not yet been added to this plugin as the auth settings api changed in 3.3
There is nothing special about this plugin in terms of uninstalling - the only gotcha, which applies to all auth plugins, is that you can only uninstall it if there are no users who have this auth type, which includes suspended users. You may need to migrate them to another auth type like manual first and then uninstall this plugin.