[asterisk-dev] [Code Review] 2649: ARI authentication
David Lee
reviewboard at asterisk.org
Fri Jun 28 14:28:00 CDT 2013
> On June 28, 2013, 10:51 a.m., Joshua Colp wrote:
> > /trunk/res/stasis_http/config.c, line 210
> > <https://reviewboard.asterisk.org/r/2649/diff/1/?file=40563#file40563line210>
> >
> > I'd elaborate a bit more in this error message - perhaps incorporate the filename?
Agreed.
> On June 28, 2013, 10:51 a.m., Joshua Colp wrote:
> > /trunk/res/stasis_http/config.c, lines 261-264
> > <https://reviewboard.asterisk.org/r/2649/diff/1/?file=40563#file40563line261>
> >
> > Should this be a fatal error for the configuration file? (does this deem it broken) If so then use a prelink callback.
Nah; the remainder of the file is fine. The behavior that a user without a password cannot log in is well defined.
Given that, though, the log should be a warning instead of an error. That I will change.
- David
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2649/#review9012
-----------------------------------------------------------
On June 28, 2013, 9:56 a.m., David Lee wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2649/
> -----------------------------------------------------------
>
> (Updated June 28, 2013, 9:56 a.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-21277
> https://issues.asterisk.org/jira/browse/ASTERISK-21277
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> This patch adds authentication support to ARI.
>
> Two authentication methods are supported. The first is HTTP Basic
> authentication, as specified in RFC 2617[1]. The second is by simply
> passing the username and password as an ?api_key query parameter
> (which allows swagger-ui[2] to authenticate more easily).
>
> ARI usernames and passwords are configured in the stasis_http.conf
> file. The user may be set to `read_only`, which will prohibit the user
> from issuing POST, DELETE, etc. The user's password may be specified
> in either plaintext, or encrypted using the crypt() function.
>
> Several other notes about the patch.
>
> * A few command line commands for seeing ARI config and status were
> also added.
> * The configuration parsing grew big enough that I extracted it to
> its own file.
>
> [1]: http://www.ietf.org/rfc/rfc2617.txt
> [2]: https://github.com/wordnik/swagger-ui
>
>
> Diffs
> -----
>
> /trunk/configs/stasis_http.conf.sample 393125
> /trunk/configure UNKNOWN
> /trunk/configure.ac 393125
> /trunk/include/asterisk/autoconfig.h.in 393125
> /trunk/include/asterisk/http.h 393125
> /trunk/include/asterisk/utils.h 393125
> /trunk/main/Makefile 393125
> /trunk/main/http.c 393125
> /trunk/main/utils.c 393125
> /trunk/makeopts.in 393125
> /trunk/res/Makefile 393125
> /trunk/res/res_stasis_http.c 393125
> /trunk/res/stasis_http/cli.c PRE-CREATION
> /trunk/res/stasis_http/config.c PRE-CREATION
> /trunk/res/stasis_http/internal.h PRE-CREATION
> /trunk/tests/test_utils.c 393125
>
> Diff: https://reviewboard.asterisk.org/r/2649/diff/
>
>
> Testing
> -------
>
> Unit tests for crypt wrapper.
>
> Testsuite tests for authn testing. See https://reviewboard.asterisk.org/r/2650/
>
>
> Thanks,
>
> David Lee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130628/414e194d/attachment-0001.htm>
More information about the asterisk-dev
mailing list