kettari / authgoogle Goto Github PK

When NOT logged in I see the following banners at the top and bottom of the login screen:

"No ACL setup yet! Denying access to everyone."

Login does work properly and this is a closed Wiki (no access unless part of a user group)

Has anyone else seen this?

When I click the “Sign in with Google” button, browser won't open Google authentication page, just stay there.

Before installing the authgoogle extension to enable Google OAuth authentication, my dokuwiki site is behind HTTP basic authentication, before you can even load the dokuwiki login page. After installing the authgoogle extension and enabling as the authentication backend, the basic auth credentials are now used to attempt to authenticate to the dokuwiki. Since there is no account with those credentials, authentication fails. But it's impossible to login with a valid account as long as the basic auth credentials are provided (which they are required to be). It just gives an access denied error and only a logout button that doesn't actually logout the basic auth user.

I had to disable the basic auth layer in order to finish setting up the Google OAuth. The Google authentication is working correctly now, but I still need to reenable the basic auth wall to prevent access to the dokuwiki login page without those basic auth credentials. How can I make the plugin not attempt to authenticate to the dokuwiki with those basic auth credentials?

I tried adding the users email to the superuser config field, but that doesn't seem to work. Is that because authgoogle provides an internal username to Dokuwiki which is different to the email? Is there any way to make this work, or do I need to add this feature myself?

There are many codes using plus api. Therefore, the dokuwiki plugin (authgoogle) should be not work after 2019/3/7

Exp.
config.php: 'plus' => array('scope' => 'https://www.googleapis.com/auth/plus.login'),

contrib/Google_Oauth2Service.php: $this->userinfo = new Google_UserinfoServiceResource($this, $this->serviceName, 'userinfo', json_decode('{"methods": {"get": {"id": "oauth2.userinfo.get", "path": "oauth2/v2/userinfo", "httpMethod": " GET", "response": {"$ref": "Userinfo"}, "scopes": ["https://www.googleapis.com/auth/plus.login", "https://www.googleapis.com/auth/plus.me", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profi le"]}}}', true));

Ref - https://developers.google.com/+/api-shutdown

Hello,

I think the merge of this fix:

#26

has partially broken the module. The initial login works fine, but after a few hours (so presumably once the session times out?) we see this error:

Fatal error: Uncaught exception 'Google_AuthException' with message 'The OAuth 2.0 access token has expired, and a refresh token is not available. Refresh tokens are not returned for responses that were auto-approved.' in /data/dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php:221 Stack trace: #0 /data/dokuwiki/lib/plugins/authgoogle/google/service/Google_ServiceResource.php(167): Google_OAuth2->sign(Object(Google_HttpRequest)) #1 /data/dokuwiki/lib/plugins/authgoogle/google/contrib/Google_Oauth2Service.php(36): Google_ServiceResource->__call('get', Array) #2 /data/dokuwiki/lib/plugins/authgoogle/auth.php(116): Google_UserinfoServiceResource->get() #3 /data/dokuwiki/inc/auth.php(109): auth_plugin_authgoogle->trustExternal('', '', false) #4 /data/dokuwiki/inc/init.php(221): auth_setup() #5 /data/dokuwiki/doku.php(29): require_once('/data/dokuwiki/...') #6 {main} thrown in/data/dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php on line 221

The only way to get around it is to delete the session cookies. I think this is due to the change of access type to 'online' and approval prompt to 'auto'. I think this means we don't get a refresh token from Google when we log in, which means we can't then obtain another access token when the initial one expires.

To get around this for now I've commented out the following in auth.php:

        $client->setAccessType('online');
        $client->setApprovalPrompt('auto');

which reintroduces the Google asking for approval on each login issue, but at least it means sessions won't completely break after a few hours.

Dokuwiki Release 2017-02-19b "Frusterick Manners"

Similar to issue:
#38

Modify action.pho in the authgoogle folder with the following line change:

Change:
function register(&$controller)

to:
function register(Doku_Event_Handler $controller)

Hi,

the plugin works perfectly when using apache + php 5.4.
However it does not show the login with google button when using nginx + php-fpm 5.4

Is this a bug or is there any htaccess related rule that it is not interpreted by nginx?

Regards
phil

Hello,
I really like to login in to my personal wiki with my google-acount into my already existing account.
authgoogle is already installed and set up. I can login via my google-account. How can I add (link) my google-account to my existing account?

@kettari #featurerequest

Thanks for the great extension. :)

I have an issue and can't find ways to resolve. Google keeps asking permission to "Have offline access access" each time when users try to login the system. Is there any way to deal with that? Thanks.

Had the same issue #6
and cannot update the plugin with the plugin manager

clicked on update..

A message says that the plugin is now up to date

but the button update is here.

and a message in a yellow bow tells me the plugin is not.

I have the las version of dokuwiki

Hi,

I am using dokuwiki detritus behind an nginx proxy with php-fpm 7.
I installed the plugin with the plugin manager and now I have warning everywhere !

Warning: Declaration of action_plugin_authgoogle::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /var/www/html/lib/plugins/authgoogle/action.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/lib/plugins/authgoogle/action.php:7) in /var/www/html/inc/actions.php on line 207

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/lib/plugins/authgoogle/action.php:7) in /var/www/html/lib/tpl/dokuwiki/main.php on line 12

Thank's for your help !

authgoogle is only one of auth backends we would like to use, therefore making it compatible with authchained is important for us.

I have verified that if I use your plugin I'm no more able to receive email notification (es. subscriptions to some wiki's pages). As soon I disable the plugin the email notification start again to send emails.

When clicking on the Login with google button, I will be redirected to choose my google account.

After Logging in, i will beredirected again to google to choose my account again and then i will get into the wiki.

Like the email address?

I think ACLs are not applied at user level when google username is used.

I fixed this issue myself last week when I was adding authgoogle to my wiki, but only just remembered it when I checked my git logs.

Following the instructions on dokuwiki.org, I added the following URLs to Authorized Redirect URIs:

http://www.your-domain.com/doku.php?id=start&do=login
http://www.your-domain.com/start?do=login

however I got the following issue when trying to log in:

The redirect URI in the request: http://www.your-domain.com/doku.php?id=start&do=login did not match a registered redirect URI

To fix the issue I had to add the URL with the ampersand encoded as &. Is that expected, and if so, should the wiki be updated?

It would be nice to have the option of hiding the plain auth login fields when Google auth is enabled. I see users trying to enter their Google credentials in the plain auth fields.

When we login using Google OAuth special cookie with json value is added.
After logout we see that special cookie was removed but dokuwiki cookie stayed.
Page refreshes and ends up with PHP error.

Fatal error: Uncaught exception 'Google_AuthException' with message 'Could not json decode the token' in /mnt/safe/srv/wiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php:162
Stack trace:
#0 /mnt/safe/srv/wiki/lib/plugins/authgoogle/google/Google_Client.php(170): Google_OAuth2->setAccessToken('deleted')
#1 /mnt/safe/srv/wiki/lib/plugins/authgoogle/auth.php(104): 
Google_Client->setAccessToken('deleted')
#2 /mnt/safe/srv/wiki/inc/auth.php(108): auth_plugin_authgoogle->trustExternal('', '', false) #3 /mnt/safe/srv/wiki/inc/init.php(221): auth_setup()
#4 /mnt/safe/srv/wiki/doku.php(29): require_once('/mnt/safe/srv/w...')
#5 {main} thrown in /mnt/safe/srv/wiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php on line 162

To resolve this I have to remove dokuwiki cookie.

Posible solution: Probably we do not need to throw an exception if cookie value parsing has failed. Just silently ignore the problem.

Would be nice to get this feature working with googleauth...

So every time a new user is created, send an email.

thx a lot

I have been using this plugin for several years without fail. Once I set it up it just worked. Suddenly the other day it stopped working with the error "Authorization Error. Error 400: invalid_request" nothing was changed before this error happened. I updated our dokuwiki version and I updated the plugin and tried it again and still got the same error.

Does anyone have any ideas of what could be causing this?

Authorization Error
Error 400: invalid_request

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Learn more
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.

redirect URL: XXXXX

I noticed it sometimes takes two logins to finally get into the Wiki. First time I receive Permission Denied.

For the first connection redirection go on https://myaccount.google.com/?pli=1#, this is normal ?
User have to go back to the dokuwiki website to make it work.

Just tried the new Dokuwiki version (2014-09-29 "Hrun") on my local machine and (possibly due to the changes in the auth methods) now if I log out and log back in, each time there's a new entry generated in users.auth.php. This means that users lose any usergroup (like admin) other than the one assigned by default.

Hey,

I've been experimenting with some changes (some a bit reckless one might say) and broke some bits with the tokens.

What I found though is that if there's any exception coming from the Google OAuth library it goes unhandled and totally throws the wheels off the plugin and Dokuwiki itself.

What's worse is that broken sessions keep sticking around even after fixing things, so users who get into a broken state for any reason (for example when the admin switches to a new application ID) they will only see the PHP exception (or an empty screen depending on Apache / PHP settings) with no way to log out.

I'm not quite sure how to do this, but I think if these exceptions were handled and all what the plugin would do is to destroy the Dokuwiki session and delete the stored refresh token it would already solve most of these unexpected problems.

For actual PHP stack traces and flavours of errors messages coming from Google see below:

[16-Apr-2014 05:04:53 America/New_York] PHP Fatal error:  Uncaught exception 'Google_AuthException' with message 'Error refreshing the OAuth2 token, message: '{
  "error" : "unauthorized_client"
}'' in ../dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php:288
Stack trace:
#0 ../dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php(248): Google_OAuth2->refreshTokenRequest(Array)
#1 ../dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php(225): Google_OAuth2->refreshToken('1/T4C4y3ROfFR1a...')
#2 ../dokuwiki/lib/plugins/authgoogle/google/service/Google_ServiceResource.php(167): Google_OAuth2->sign(Object(Google_HttpRequest))
#3 ../dokuwiki/lib/plugins/authgoogle/google/contrib/Google_Oauth2Service.php(36): Google_ServiceResource->__call('get', Array)
#4 ../dokuwiki/lib/plugins/authgoogle/auth.php(109): Google_UserinfoServiceResou in ../dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php on line 288

[12-Apr-2014 15:57:18 America/New_York] PHP Fatal error:  Uncaught exception 'Google_AuthException' with message 'Error refreshing the OAuth2 token, message: '{
  "error" : "invalid_grant"
}'' in ../dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php:288

Iam getting this error, (tried with multiple accounts) - where can I find more info on what goes wrong? logs?

(after following the setup guide)

Everytime I login via Google account, I have to process one more screen like this:

This app would like to:

• Have offline access

Doesn't it save authentication status in local storage?

Hello,

Can you set the plugin to redirect to the original link after login? It looks like there a pull request for this already (though I couldn't get it to work). The issue is following a link, being forced to login, then being dumped on the start page.

Thanks!

I'm trying to follow the instructions here: https://www.dokuwiki.org/plugin:authgoogle
I've created my application at the Developer Console, but when I switch my authentication backend to authgoogle, an error message saying

User authentication is temporarily unavailable. If this situation persists, please inform your Wiki Admin.

appears. I tried to work out what's going wrong, but I don't have much experience with OAuth2, and the auth.php code doesn't seem to log any errors. Is there anything I can do to try and get more information to debug with?

Hi,

I've added and configured the plugin as explained in the page, but I can not find the Connect wtih Google button on my DokuWiki's login/register pages.

Please advise.

There's a way to avoid password requirement?

When you specify the "Allowed email domains" parameter for Authgoole it won't let anyone in, from any domain. The reason is:
auth_plugin_authgoogle::_check_email_domain compares the entire email address with a domain (which is never equal). Fix:
correct this:
if ($email == $domain) return true;
to this:
$emaildomain = substr(strrchr($email, "@"), 1);
if ($emaildomain == $domain) return true;

Hi,

I am running dokuwiki "Detritus" version behind an nginx proxy with php-fpm 7. When I installed the plugin I had this error. And It appears on every pages.

Warning: Declaration of action_plugin_authgoogle::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /var/www/html/lib/plugins/authgoogle/action.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/lib/plugins/authgoogle/action.php:7) in /var/www/html/inc/actions.php on line 207

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/lib/plugins/authgoogle/action.php:7) in /var/www/html/lib/tpl/dokuwiki/main.php on line 12

Thanks for your help.

Getting this error now,
"Auth Google Error: HTTP Error: (0) Problem with the SSL CA cert (path? access rights?)"

I'm guessing it's related to
http://it.slashdot.org/story/14/04/07/2354258/openssl-bug-allows-attackers-to-read-memory-in-64k-chunks
and your cert might not be any good?

Thanks!