[Home]

Summary:ASTERISK-21277: stasis-http authentication
Reporter:David M. Lee (dlee)Labels:Asterisk12
Date Opened:2013-03-15 09:40:27Date Closed:2013-07-03 12:21:04
Priority:MajorRegression?
Status:Closed/CompleteComponents:Core/Stasis Resources/res_ari
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:{{stasis-http}} currently does no authentication checking. The, needless to say, is a Bad Thing™.

We should support:
* HTTP Basic authentication
* {{crypt(3)}} encrypted password
* Password-less authentication (logging in using ?api_key=username)
* Read-only users

The sample config should be something like this:
{code:none}
;[user-username]
;read_only = no         ; When set to yes, user is only authorized for
;                       ; read-only requests
;
; If a password is specified, user must authenticate using HTTP Basic
; authentication. If no password is specified, then the user may authenticate
; simply by adding ?api_key=username to their requests.
;
;password =             ; Crypted or plaintext password (see crypt_password)
;
; crypt_password may be set to crypt (the default) or plain. When set to crypt,
; crypt(3) is used to encrypt the password. A crypted password can be generated
; using mkpasswd -m sha-512.
;
; When set to plain, the password is in plaintext
;
;crypt_password = crypt
{code}
Comments:By: Dave Lee (personal) (leedm777) 2013-06-12 17:13:08.951-0500

Test comment. Please ignore.