3

I have a phpbb forum and i am developing a rails application that will be used for a mobile friendly app. I need a way to perform SSO between phpbb and rails.

I found a ruby gem called phpbb-auth on github but it hasn't been updated in over 3 years.

My initial thoughts were to mimic phpass (which i believe is what the latest phpbb uses) in rails and then just have rails reference the phpbb_users table when authenticating with Devise/Warden.

However, that task became daunting and would become just another lib to manage.

My next thought was to write a plugin for Warden to check for a phpbb_session and if its there, then continue. Otherwise redirect them to the phpbb login page.

Has anyone come across doing this before, and if so what was the method you used.

NDBoost
  • 10,184
  • 6
  • 53
  • 73

1 Answers1

2

I doing same thing right now (already succeed actually).

So, you basically have several options depending on your setup/deployment. Consider following:

  • Will you deploy your rails app and phpbb on same domain or different domains?
  • Have both sites access to each other db.
  • Which authentication system you whish to use? So, you'd like rails (i.e. devise, authlogic or whatever) authenticate and handle users or phpbb db auth (i.e. storing logins and password in phpbb users table).

So far, I've implement auth through phpbb db auth + single domain with my app (phpbb: forum.example.com, my rails app is on: example.com for cookie sharing). In this case you can use code from gem you have mentioned (phpbb-auth). It's not very hard. Code is still working fine (with some adjustments probably).

BUT

I do not like it this way :) I consider my site as a main app and do not want forum to handle my users...

So, as I understand starting from phpbb 3 you can write plugin (API docs) for external auth for phpbb.

There are several examples in Python and Django in the net. Looks like this one for same domain + db access. And looks like this one for doing things remotely with JavaScript. Those are in Python, but there's not too much Python inside, only some examples :), so you can easily adopt them for rails, I think.

This question discuss same stuff, but in more generic way.

Community
  • 1
  • 1
denis-bu
  • 3,426
  • 1
  • 17
  • 11
  • I ended up using phpass-ruby gem and just checking the password manually. I should create a gem for it.. Right now the rails app just accesses phpbb_users table and authenticates and creates a seperate session store. – NDBoost Jan 21 '13 at 14:35
  • My problem is using Heroku and trying to add multiple remote MySQL databases. As the rails app will be connecting to at least two DBs to read information. – NDBoost Jan 21 '13 at 14:38
  • Unfortunately I have no exp. in using Heroku so far. The way you end up is the way I end up either :) I'll post an update, if I'll find something interesting on this topic. – denis-bu Jan 23 '13 at 12:18
  • One more approach. You can make your phpbb forum an oauth provider. And access it from rails with omniauth gem. Not sure whether things gonna workout this way, but will definitely try this one someday. You can find some links tutorials here: http://stackoverflow.com/questions/3454063/set-up-a-php-oauth-provider – denis-bu Jan 23 '13 at 12:34