[asterisk-dev] [Code Review] 2649: ARI authentication

David Lee reviewboard at asterisk.org
Fri Jun 28 15:03:05 CDT 2013


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2649/
-----------------------------------------------------------

(Updated June 28, 2013, 3:03 p.m.)


Review request for Asterisk Developers.


Changes
-------

Addressed review feedback.

* Consolidated the allocation of the ast_http_auth object
* Cleaned up the parsing of username:password using strsep
* Allocated config objects using AO2_ALLOC_OPT_LOCK_NOLOCK
* Logging message cleanups


Bugs: ASTERISK-21277
    https://issues.asterisk.org/jira/browse/ASTERISK-21277


Repository: Asterisk


Description
-------

This patch adds authentication support to ARI.

Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).

ARI usernames and passwords are configured in the stasis_http.conf
file. The user may be set to `read_only`, which will prohibit the user
from issuing POST, DELETE, etc. The user's password may be specified
in either plaintext, or encrypted using the crypt() function.

Several other notes about the patch.

 * A few command line commands for seeing ARI config and status were
   also added.
 * The configuration parsing grew big enough that I extracted it to
   its own file.

 [1]: http://www.ietf.org/rfc/rfc2617.txt
 [2]: https://github.com/wordnik/swagger-ui


Diffs (updated)
-----

  /trunk/configs/stasis_http.conf.sample 393124 
  /trunk/configure UNKNOWN 
  /trunk/configure.ac 393124 
  /trunk/include/asterisk/autoconfig.h.in 393124 
  /trunk/include/asterisk/http.h 393124 
  /trunk/include/asterisk/utils.h 393124 
  /trunk/main/Makefile 393124 
  /trunk/main/http.c 393124 
  /trunk/main/utils.c 393124 
  /trunk/makeopts.in 393124 
  /trunk/res/Makefile 393124 
  /trunk/res/res_stasis_http.c 393124 
  /trunk/res/stasis_http/cli.c PRE-CREATION 
  /trunk/res/stasis_http/config.c PRE-CREATION 
  /trunk/res/stasis_http/internal.h PRE-CREATION 
  /trunk/tests/test_utils.c 393124 

Diff: https://reviewboard.asterisk.org/r/2649/diff/


Testing
-------

Unit tests for crypt wrapper.

Testsuite tests for authn testing. See https://reviewboard.asterisk.org/r/2650/


Thanks,

David Lee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130628/4880863a/attachment.htm>


More information about the asterisk-dev mailing list