ansible-inventories/arocom#2210 Support for extra http auth users in specific request paths

93ab8789 · jurgenhaas · 2975839a · 93ab8789 · 93ab8789
Commit 93ab8789 authored 6 years ago by jurgenhaas
--- a/tasks/apache_auth.yml
+++ b/tasks/apache_auth.yml
@@ -11,13 +11,28 @@
      group='{{ apacheUser }}'
      mode='755'

-  - name: "Setup AuthType Basic"
+  - name: "Setup AuthType Basic Credentials"
    htpasswd:
      path='{{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}'
      name='{{ drupal_domain.apache_auth.user }}'
-      password='{{ drupal_domain.apache_auth.password }}'
+      password='{{ drupal_domain.apache_auth.password|default("") }}'
      owner='{{ apacheUser }}'
      group='{{ apacheUser }}'
      mode='640'
+      state='{{ drupal_domain.apache_auth.password is defined|ternary("present","absent") }}'
+    notify:
+      - "Apache | Restart Apache"
+
+  - name: "Setup AuthType Basic Credentials for extra users"
+    htpasswd:
+      path='{{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}'
+      name='{{ item.user }}'
+      password='{{ item.password }}'
+      owner='{{ apacheUser }}'
+      group='{{ apacheUser }}'
+      mode='640'
+    with_items: '{{ drupal_domain.apache_auth.extra_users|default([]) }}'
+    notify:
+      - "Apache | Restart Apache"

  tags: 'ApacheConfig'
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -60,6 +60,7 @@
 {% endif %}
  SetEnv HTTP_X_FORWARDED_HOST {{ drupal_domain.domain }}
  SetEnv HTTPS {{ (drupal_domain.protocol|default("https") == 'https')|ternary('on','off') }}
+  SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

  DocumentRoot {{ docRoot }}
  <Directory {{ docRoot }}/>
@@ -69,7 +70,22 @@
    AuthType {{ drupal_domain.apache_auth.type }}
    AuthName "{{ drupal_domain.apache_auth.name }}"
    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}
+{% if drupal_domain.apache_auth.extra_users is defined %}
+    <RequireAny>
+{% for user in drupal_domain.apache_auth.extra_users %}
+      <RequireAll>
+        Require expr "{{ user.expression }}"
+        Require user {{ user.user }}
+      </RequireAll>
+{% endfor %}
+      <RequireAll>
+        Require {% if drupal_domain.apache_auth.password is defined %}user {{ drupal_domain.apache_auth.user }}{% else %}all granted{% endif %}
+
+      </RequireAll>
+    </RequireAny>
+{% else %}
    Require user {{ drupal_domain.apache_auth.user }}
+{% endif %}
 {% else %}
 {% if apache_version|default('2.4') == '2.2' %}
    Order allow,deny