Add a configuration option to disable HTTP basic authentication
This commit is contained in:
Tom Hughes
parent
0c524b2408
commit
0ae438a5c1
2 changed files with 14 additions and 4 deletions
|
|
@ -52,8 +52,13 @@ class ApiController < ApplicationController
|
|||
# handle authenticate pass/fail
|
||||
unless current_user
|
||||
# no auth, the user does not exist or the password was wrong
|
||||
if Settings.basic_auth_support
|
||||
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
|
||||
render :plain => errormessage, :status => :unauthorized
|
||||
else
|
||||
render :plain => errormessage, :status => :forbidden
|
||||
end
|
||||
|
||||
false
|
||||
end
|
||||
end
|
||||
|
|
@ -75,11 +80,13 @@ class ApiController < ApplicationController
|
|||
report_error t("oauth.permissions.missing"), :forbidden
|
||||
elsif current_user
|
||||
head :forbidden
|
||||
else
|
||||
elsif Settings.basic_auth_support
|
||||
realm = "Web Password"
|
||||
errormessage = "Couldn't authenticate you"
|
||||
response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
|
||||
render :plain => errormessage, :status => :unauthorized
|
||||
else
|
||||
render :plain => errormessage, :status => :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -94,12 +101,13 @@ class ApiController < ApplicationController
|
|||
# from the authorize method, but can be called elsewhere if authorisation
|
||||
# is optional.
|
||||
def setup_user_auth
|
||||
logger.info " setup_user_auth"
|
||||
# try and setup using OAuth
|
||||
if doorkeeper_token&.accessible?
|
||||
self.current_user = User.find(doorkeeper_token.resource_owner_id)
|
||||
elsif Authenticator.new(self, [:token]).allow?
|
||||
# self.current_user setup by OAuth
|
||||
else
|
||||
elsif Settings.basic_auth_support
|
||||
username, passwd = auth_data # parse from headers
|
||||
# authenticate per-scheme
|
||||
self.current_user = if username.nil?
|
||||
|
|
|
|||
|
|
@ -73,6 +73,8 @@ attachments_dir: ":rails_root/public/attachments"
|
|||
#logstash_path: ""
|
||||
# List of memcache servers to use for caching
|
||||
#memcache_servers: []
|
||||
# Enable HTTP basic authentication support
|
||||
basic_auth_support: true
|
||||
# Enable legacy OAuth 1.0 support
|
||||
oauth_10_support: true
|
||||
# URL of Nominatim instance to use for geocoding
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue