[asterisk-dev] [Code Review] 2649: ARI authentication

Joshua Colp reviewboard at asterisk.org
Wed Jul 3 09:14:09 CDT 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2649/#review9059
-----------------------------------------------------------

Ship it!


I'll make you feel extra special and ship it too since I reviewed it previously ;)


- Joshua Colp


On June 28, 2013, 8:03 p.m., David Lee wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2649/
> -----------------------------------------------------------
> 
> (Updated June 28, 2013, 8:03 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-21277
>     https://issues.asterisk.org/jira/browse/ASTERISK-21277
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> This patch adds authentication support to ARI.
> 
> Two authentication methods are supported. The first is HTTP Basic
> authentication, as specified in RFC 2617[1]. The second is by simply
> passing the username and password as an ?api_key query parameter
> (which allows swagger-ui[2] to authenticate more easily).
> 
> ARI usernames and passwords are configured in the stasis_http.conf
> file. The user may be set to `read_only`, which will prohibit the user
> from issuing POST, DELETE, etc. The user's password may be specified
> in either plaintext, or encrypted using the crypt() function.
> 
> Several other notes about the patch.
> 
>  * A few command line commands for seeing ARI config and status were
>    also added.
>  * The configuration parsing grew big enough that I extracted it to
>    its own file.
> 
>  [1]: http://www.ietf.org/rfc/rfc2617.txt
>  [2]: https://github.com/wordnik/swagger-ui
> 
> 
> Diffs
> -----
> 
>   /trunk/configs/stasis_http.conf.sample 393124 
>   /trunk/configure UNKNOWN 
>   /trunk/configure.ac 393124 
>   /trunk/include/asterisk/autoconfig.h.in 393124 
>   /trunk/include/asterisk/http.h 393124 
>   /trunk/include/asterisk/utils.h 393124 
>   /trunk/main/Makefile 393124 
>   /trunk/main/http.c 393124 
>   /trunk/main/utils.c 393124 
>   /trunk/makeopts.in 393124 
>   /trunk/res/Makefile 393124 
>   /trunk/res/res_stasis_http.c 393124 
>   /trunk/res/stasis_http/cli.c PRE-CREATION 
>   /trunk/res/stasis_http/config.c PRE-CREATION 
>   /trunk/res/stasis_http/internal.h PRE-CREATION 
>   /trunk/tests/test_utils.c 393124 
> 
> Diff: https://reviewboard.asterisk.org/r/2649/diff/
> 
> 
> Testing
> -------
> 
> Unit tests for crypt wrapper.
> 
> Testsuite tests for authn testing. See https://reviewboard.asterisk.org/r/2650/
> 
> 
> Thanks,
> 
> David Lee
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130703/fac9e9ec/attachment.htm>

More information about the asterisk-dev mailing list