From 3bf01b803afe759a1918c125c5cbb70c9b57cfd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= Date: Thu, 3 Dec 2020 21:29:01 +0100 Subject: [PATCH] fix: add support for basic auth with simple-auth (#659) --- docs/api/admin/events-api.md | 2 ++ docs/api/admin/feature-toggles-api.md | 2 ++ docs/api/admin/feature-types-api.md | 2 ++ docs/api/admin/metrics-api.md | 2 ++ docs/api/admin/state-api.md | 2 ++ docs/api/admin/strategies-api.md | 2 ++ lib/middleware/simple-authentication.js | 8 ++++++-- package.json | 1 + yarn.lock | 7 +++++++ 9 files changed, 26 insertions(+), 2 deletions(-) diff --git a/docs/api/admin/events-api.md b/docs/api/admin/events-api.md index 4742d65c94..6c0c96020a 100644 --- a/docs/api/admin/events-api.md +++ b/docs/api/admin/events-api.md @@ -3,6 +3,8 @@ id: events title: /api/admin/events --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + # Events API `GET: http://unleash.host.com/api/admin/events` diff --git a/docs/api/admin/feature-toggles-api.md b/docs/api/admin/feature-toggles-api.md index 1127bb1a1c..04900609f9 100644 --- a/docs/api/admin/feature-toggles-api.md +++ b/docs/api/admin/feature-toggles-api.md @@ -3,6 +3,8 @@ id: features title: /api/admin/features --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + ### Fetching Feature Toggles `GET: http://unleash.host.com/api/admin/features` diff --git a/docs/api/admin/feature-types-api.md b/docs/api/admin/feature-types-api.md index 1de570cc84..b200b44253 100644 --- a/docs/api/admin/feature-types-api.md +++ b/docs/api/admin/feature-types-api.md @@ -3,6 +3,8 @@ id: feature-types title: /api/admin/feature-types --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + # Feature Types API `GET: http://unleash.host.com/api/admin/feature-types` diff --git a/docs/api/admin/metrics-api.md b/docs/api/admin/metrics-api.md index c63d6fc8ba..146dff1b1d 100644 --- a/docs/api/admin/metrics-api.md +++ b/docs/api/admin/metrics-api.md @@ -3,6 +3,8 @@ id: metrics title: /api/admin/metrics --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + # This document describes the metrics endpoint for admin ui ### Seen-toggles diff --git a/docs/api/admin/state-api.md b/docs/api/admin/state-api.md index ba71e87007..002acb8bf1 100644 --- a/docs/api/admin/state-api.md +++ b/docs/api/admin/state-api.md @@ -3,6 +3,8 @@ id: state title: /api/admin/state --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + ### Export Feature Toggles & Strategies `GET: http://unleash.host.com/api/admin/state/export` diff --git a/docs/api/admin/strategies-api.md b/docs/api/admin/strategies-api.md index c95617a0a6..ae5a15969d 100644 --- a/docs/api/admin/strategies-api.md +++ b/docs/api/admin/strategies-api.md @@ -3,6 +3,8 @@ id: strategies title: /api/admin/strategies --- +> In order to access the admin api endpoints you need to identify yourself. If you are using the `unsecure` authententication method, you may use [basic authenticaion](https://en.wikipedia.org/wiki/Basic_access_authentication) to ientify yourself. + ### Fetch Strategies `GET: http://unleash.host.com/api/admin/strategies` diff --git a/lib/middleware/simple-authentication.js b/lib/middleware/simple-authentication.js index 5f211d3a3d..e7b90728b2 100644 --- a/lib/middleware/simple-authentication.js +++ b/lib/middleware/simple-authentication.js @@ -1,5 +1,4 @@ -'use strict'; - +const auth = require('basic-auth'); const User = require('../user'); const AuthenticationRequired = require('../authentication-required'); @@ -15,6 +14,11 @@ function unsecureAuthentication(basePath = '', app) { app.use(`${basePath}/api/admin/`, (req, res, next) => { if (req.session.user && req.session.user.email) { req.user = req.session.user; + } else if (req.header('authorization')) { + const user = auth(req); + if (user && user.name) { + req.user = new User({ username: user.name }); + } } next(); }); diff --git a/package.json b/package.json index ea07a5ebb3..9804434749 100644 --- a/package.json +++ b/package.json @@ -63,6 +63,7 @@ }, "dependencies": { "async": "^3.1.0", + "basic-auth": "^2.0.1", "compression": "^1.7.3", "cookie-parser": "^1.4.4", "cookie-session": "^2.0.0-rc.1", diff --git a/yarn.lock b/yarn.lock index 88c523a404..92a47b5557 100644 --- a/yarn.lock +++ b/yarn.lock @@ -693,6 +693,13 @@ base@^0.11.1: mixin-deep "^1.2.0" pascalcase "^0.1.1" +basic-auth@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.1.tgz#b998279bf47ce38344b4f3cf916d4679bbf51e3a" + integrity sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg== + dependencies: + safe-buffer "5.1.2" + bcrypt-pbkdf@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"