[asterisk-bugs] [Asterisk 0010961]: [patch] Add HTTP Basic & Digest Auth (rfc2617) for manager web interface.

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Oct 13 15:36:20 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10961 
====================================================================== 
Reported By:                ys
Assigned To:                otherwiseguy
====================================================================== 
Project:                    Asterisk
Issue ID:                   10961
Category:                   Core/NewFeature
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     assigned
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 85514 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2007-10-12 06:48 CDT
Last Modified:              2008-10-13 15:36 CDT
====================================================================== 
Summary:                    [patch] Add HTTP Basic & Digest Auth (rfc2617) for
manager web interface.
Description: 
I found, that manager web interface used "Cookie" Header for authenticate
the user. This require two http request, one for authenticate and next for
commands.
This patch add only Basic authentication scheme implementation, as defined
in rfc2617.
If used this scheme, httptimeout are unused, but we don't need to keep a
http session (and mansession) alive, after HTTP Request is processed.







======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0011414 [patch] Move loading users from authent...
====================================================================== 

---------------------------------------------------------------------- 
 (0093563) otherwiseguy (administrator) - 2008-10-13 15:36
 http://bugs.digium.com/view.php?id=10961#c93563 
---------------------------------------------------------------------- 
What are your thoughts on not having a separate uri for http auth/cookie
requests and doing the parsing based on either a setting (like you mention
webauth=http_auth above which doesn't seem to be implemented), or maybe
just taking auth header details and using them if they exist, otherwise
falling back to cookie based?

There just seems to be a lot of code duplication between the
auth_http_callback and generic_http_callback.  I haven't looked enough to
see how big a task it would be, just curious as to your opinion, since you
wrote it and are more familiar with the design.  :-) 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-10-13 15:36 otherwiseguy   Note Added: 0093563                          
======================================================================




More information about the asterisk-bugs mailing list