fix: add support for basic auth with simple-auth (#659)

docs/api/admin/events-api.md

@@ -3,6 +3,8 @@ id: events
 title: /api/admin/events
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 # Events API
 
 `GET: http://unleash.host.com/api/admin/events`

docs/api/admin/feature-toggles-api.md

@@ -3,6 +3,8 @@ id: features
 title: /api/admin/features
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 ### Fetching Feature Toggles
 
 `GET: http://unleash.host.com/api/admin/features`

docs/api/admin/feature-types-api.md

@@ -3,6 +3,8 @@ id: feature-types
 title: /api/admin/feature-types
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 # Feature Types API
 
 `GET: http://unleash.host.com/api/admin/feature-types`

docs/api/admin/metrics-api.md

@@ -3,6 +3,8 @@ id: metrics
 title: /api/admin/metrics
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 # This document describes the metrics endpoint for admin ui
 
 ### Seen-toggles

docs/api/admin/state-api.md

@@ -3,6 +3,8 @@ id: state
 title: /api/admin/state
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 ### Export Feature Toggles & Strategies
 
 `GET: http://unleash.host.com/api/admin/state/export`

docs/api/admin/strategies-api.md

@@ -3,6 +3,8 @@ id: strategies
 title: /api/admin/strategies
 ---
 
+> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself.
+
 ### Fetch Strategies
 
 `GET: http://unleash.host.com/api/admin/strategies`

lib/middleware/simple-authentication.js

@@ -1,5 +1,4 @@
-'use strict';
-
+const auth = require('basic-auth');
 const User = require('../user');
 const AuthenticationRequired = require('../authentication-required');
 
@@ -15,6 +14,11 @@ function unsecureAuthentication(basePath = '', app) {
     app.use(`${basePath}/api/admin/`, (req, res, next) => {
         if (req.session.user && req.session.user.email) {
             req.user = req.session.user;
+        } else if (req.header('authorization')) {
+            const user = auth(req);
+            if (user && user.name) {
+                req.user = new User({ username: user.name });
+            }
         }
         next();
     });

package.json

@@ -63,6 +63,7 @@
   },
   "dependencies": {
     "async": "^3.1.0",
+    "basic-auth": "^2.0.1",
     "compression": "^1.7.3",
     "cookie-parser": "^1.4.4",
     "cookie-session": "^2.0.0-rc.1",

yarn.lock

@@ -693,6 +693,13 @@ base@^0.11.1:
     mixin-deep "^1.2.0"
     pascalcase "^0.1.1"
 
+basic-auth@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.1.tgz#b998279bf47ce38344b4f3cf916d4679bbf51e3a"
+  integrity sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==
+  dependencies:
+    safe-buffer "5.1.2"
+
 bcrypt-pbkdf@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"