cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a configuration option to disable HTTP basic authentication

Browse source
This commit is contained in:
Tom Hughes 2022-07-08 17:25:20 +01:00
parent 0c524b2408
commit 0ae438a5c1
2 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/api_controller.rb
View file

@ -52,8 +52,13 @@ class ApiController < ApplicationController
# handle authenticate pass/fail # handle authenticate pass/fail
unless current_user unless current_user
# no auth, the user does not exist or the password was wrong # no auth, the user does not exist or the password was wrong
if Settings.basic_auth_support
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
render :plain => errormessage, :status => :unauthorized render :plain => errormessage, :status => :unauthorized
else
render :plain => errormessage, :status => :forbidden
end
false false
end end
end end
@ -75,11 +80,13 @@ class ApiController < ApplicationController
report_error t("oauth.permissions.missing"), :forbidden report_error t("oauth.permissions.missing"), :forbidden
elsif current_user elsif current_user
head :forbidden head :forbidden
else elsif Settings.basic_auth_support
realm = "Web Password" realm = "Web Password"
errormessage = "Couldn't authenticate you" errormessage = "Couldn't authenticate you"
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
render :plain => errormessage, :status => :unauthorized render :plain => errormessage, :status => :unauthorized
else
render :plain => errormessage, :status => :forbidden
end end
end end
@ -94,12 +101,13 @@ class ApiController < ApplicationController
# from the authorize method, but can be called elsewhere if authorisation # from the authorize method, but can be called elsewhere if authorisation
# is optional. # is optional.
def setup_user_auth def setup_user_auth
logger.info " setup_user_auth"
# try and setup using OAuth # try and setup using OAuth
if doorkeeper_token&.accessible? if doorkeeper_token&.accessible?
self.current_user = User.find(doorkeeper_token.resource_owner_id) self.current_user = User.find(doorkeeper_token.resource_owner_id)
elsif Authenticator.new(self, [:token]).allow? elsif Authenticator.new(self, [:token]).allow?
# self.current_user setup by OAuth # self.current_user setup by OAuth
else elsif Settings.basic_auth_support
username, passwd = auth_data # parse from headers username, passwd = auth_data # parse from headers
# authenticate per-scheme # authenticate per-scheme
self.current_user = if username.nil? self.current_user = if username.nil?

2
config/settings.yml
View file

@ -73,6 +73,8 @@ attachments_dir: ":rails_root/public/attachments"
#logstash_path: "" #logstash_path: ""
# List of memcache servers to use for caching # List of memcache servers to use for caching
#memcache_servers: [] #memcache_servers: []
# Enable HTTP basic authentication support
basic_auth_support: true
# Enable legacy OAuth 1.0 support # Enable legacy OAuth 1.0 support
oauth_10_support: true oauth_10_support: true
# URL of Nominatim instance to use for geocoding # URL of Nominatim instance to use for geocoding