Authentication: HTTP Basic authentication

auth_basic
Maintained by Picture of Catalyst IT Catalyst IT, Picture of Brendan Heywood Brendan Heywood, Picture of Daniel Thee Roperto Daniel Thee Roperto
Enable services and users to authenticate using basic auth.
152 sites
121 downloads
8 fans

Enable users to authenticate using basic auth.

This is more for dev purposes and allows easier testing with tools such as webpage test, page speed, link checkers etc which often can use basic auth out of the box, and you don't want to, or cannot, customise just to handle moodle specific authentication.

Even in production this has value for use cases such as performance regression testing using a real user and a real page which does a full bootstrap.

Unlike the core 'no authentication' plugin, this still requires real users and does proper password checks. It does ignore the auth type against the account, eg manual, ldap, smtp so can be used side by side with other auth plugins, as long as those plugins store or cache the password, ie prevent_local_passwords() returns false for those plugins. So it can only be used with existing accounts and doesn't create accounts.

From a security perspective this auth plugin is exactly as secure as the manual auth plugin, so this should only be used in conjunction with https.

Screenshots

Screenshot #0
Screenshot #1

Contributors

Picture of Catalyst IT
Catalyst IT (Lead maintainer)
Picture of Daniel Thee Roperto
Daniel Thee Roperto: Coder at Catalyst IT Australia
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Tomasz Muras
    Fri, 9 Jan 2015, 6:14 AM
    Hi Brendan,

    The plugin looks good - it's simple and useful.
    Would you mind fixing at least more important prechecker errors (eg @copyright, __construct(), visibility).
    Also, note that the redirect you do:
    $urltogo = '/';

    won't work correctly if Moodle is installed in sub-directory (e.g. example.com/moodle) - you should redirect to root WWW instead.

    Thanks for sharing !
    Tomek
  • Picture of Brendan Heywood
    Fri, 9 Jan 2015, 11:31 AM
    Thanks Tomek, It's now passes with both the local/moodlecheck and local/codechecker and I fixed that redirect, so should be good to go
  • Picture of Tomasz Muras
    Sat, 10 Jan 2015, 5:57 AM
    Something is not right here with the versions - https://moodle.org/plugins/pluginversions.php?plugin=auth_basic points to old version download as latest:

    Current version 2014121100 (2014121100)
    Release date: Thursday, December 11, 2014, 3:37 AM

    Previous versions 2014121903 (2014121903)
    Release date: Friday, January 9, 2015, 2:34 AM

    maybe you just need to put info on the latest version that it's for Moodle 2.7, 2.8 - could you just update it.
  • Picture of Brendan Heywood
    Sat, 10 Jan 2015, 7:05 AM
    Yeah I've cleaned that metadata up.
  • Picture of Christopher Blake
    Fri, 2 Sep 2016, 4:32 AM
    Which directory does this plug-in get installed to?
  • Picture of Brendan Heywood
    Mon, 5 Sep 2016, 8:39 AM
    hi Christopher,

    I've fleshed out the install instructions here:

    https://github.com/CatalystIT-AU/moodle-auth_basic#installation

    This goes into /auth/basic/
  • Picture of Christopher Blake
    Sat, 25 Nov 2017, 7:21 AM
    I'm having trouble removing this plugin from my instance. This may be causing an upgrading issue for Moodle v3.4 and I need to uninstall this plugin
  • Picture of Brendan Heywood
    Mon, 27 Nov 2017, 6:41 AM
    hi Christopher,

    Support for 3.3 and 3.4 has not yet been added to this plugin as the auth settings api changed in 3.3

    There is nothing special about this plugin in terms of uninstalling - the only gotcha, which applies to all auth plugins, is that you can only uninstall it if there are no users who have this auth type, which includes suspended users. You may need to migrate them to another auth type like manual first and then uninstall this plugin.
Please login to post comments