Summary: | ASTERISK-21277: stasis-http authentication | ||
Reporter: | David M. Lee (dlee) | Labels: | Asterisk12 |
Date Opened: | 2013-03-15 09:40:27 | Date Closed: | 2013-07-03 12:21:04 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Core/Stasis Resources/res_ari |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | {{stasis-http}} currently does no authentication checking. The, needless to say, is a Bad Thing™.
We should support: * HTTP Basic authentication * {{crypt(3)}} encrypted password * Password-less authentication (logging in using ?api_key=username) * Read-only users The sample config should be something like this: {code:none} ;[user-username] ;read_only = no ; When set to yes, user is only authorized for ; ; read-only requests ; ; If a password is specified, user must authenticate using HTTP Basic ; authentication. If no password is specified, then the user may authenticate ; simply by adding ?api_key=username to their requests. ; ;password = ; Crypted or plaintext password (see crypt_password) ; ; crypt_password may be set to crypt (the default) or plain. When set to crypt, ; crypt(3) is used to encrypt the password. A crypted password can be generated ; using mkpasswd -m sha-512. ; ; When set to plain, the password is in plaintext ; ;crypt_password = crypt {code} | ||
Comments: | By: Dave Lee (personal) (leedm777) 2013-06-12 17:13:08.951-0500 Test comment. Please ignore. |