Closed MehmedGIT closed 1 year ago
In addition to the other comments I made, when I tested the authentication I found this "problems":
* When I try to upload a workspace with a non existing user, I get 500 instead of 403. * When I try to upload a workspace with correct user but wrong password I get 500 instead of 403
You're right. I was using the wrong method. I have added 2 extra tests for unauthorized usage. It's fixed now and it returns 401 Unauthorized. That's the default of FastAPI for wrong credentials anyway. Let me know if you still think 403 is better to be returned and why.
Is HttpBasic via HTTPS secure?
@kba, unfortunately, no. There is no HTTPS replacement for HTTP and that's bad. Potentially we should improve with a better protocol among the supported ones: https://fastapi.tiangolo.com/tutorial/security/
I'd say HttpBasic Auth via HTTPS is secure enough for our purpose for now, at least for my current usage. I do not protect any data but "only" misuse of the infrastructure (An isolated VM). Could/should be updated later, but not in this PR I think. Regarding 401 vs 403, I think you are right I confused it.
This PR contains a basic user authentication/registration mechanism.