Authentication support - Githubissues

copiousfreetime / stickler

a tool to organize and maintain an internal gem distribution server

MIT License

143 stars 29 forks source link

Authentication support #12

Closed copiousfreetime closed 12 years ago

copiousfreetime commented 13 years ago

All operations should have the ability to be authenticated against some system.

jsmestad commented 12 years ago

Would love to see this added.

lantins commented 12 years ago

As a short term measure, you could restrict access by IP address inside your config.ru

copiousfreetime commented 12 years ago

There are a couple of ways to add authentication to stickler.

use the ip address inside your config.ru or rack config as @lantins suggests
use http-auth * first put in a middleware before stickler that implements httpauth * And then on the normal gem command side of things, you can update your gem server uri to use http auth with a uri like https://user:pass@stickler.example.com/

I don't know if the stickler specific commands will work with that yet, but I'll get some time this month to play around with it and see what it would take.

lantins commented 12 years ago

Last time I tried HTTP-AUTH it didn't work, I was unable to upload new gems. Downloading worked no problem though.

n.b. that was several months ago.

copiousfreetime commented 12 years ago

@lantins good to know, thanks.

jsmestad commented 12 years ago

:+1:

jsmestad commented 12 years ago

@copiousfreetime I can confirm that http auth (nginx in our case) blocks any sort of upload command.

It looks like the fix is that you have to specify the basic auth portion as a header. For example,

require 'base64'

login = Base64.urlsafe_encode64("user:qwerty123")
c = Excon.new('http://localhost/path')
puts c.request(:method => :get, :headers => {'Authorization' => "Basic #{login}"})

copiousfreetime commented 12 years ago

I've just committed c3580d4824afe31d8449cdbe5112a52fa050e71d and pushed version v2.2.0 to rubygems. Please update and let me know if it all works.

This just updates stickler to be able to use HTTP Basic Auth on the client side. Use --server http://user:password@host:port/ on the commandline or :server: http://user:password@host:port/ in your ~/.gem/stickler file and it should work.

Please reopen this issue if there are any problems.

copiousfreetime commented 12 years ago

Make that version 2.2.2 that was released, I had a couple of release issues.

anveo commented 12 years ago

I'm still having an issue. My config.ru looks like:

require 'rubygems'
require 'stickler'

users = {'foo' => 'bar'}
use Rack::Auth::Basic, 'Stickler' do |username, password|
  users.key?(username) && users[username] == password
end

stickler_dir = File.expand_path(File.join(File.dirname( __FILE__ ), "public"))
run Stickler::Server.new(stickler_dir).app

~/.gem/stickler looks like:

:server: http://foo:bar@gems.example.com

I ran:

∴ stickler mirror rails --gem-version 3.1.3

And get the following output:

Asking http://foo:bar@gems.example.com/ to mirror rails-3.1.3 from rubygems.org : ERROR ->

No error message is shown, and there doesn't seem to be anything useful in the thin logs.

copiousfreetime commented 12 years ago

Sounds good, I will do my best to duplicated it and see what happens.

copiousfreetime commented 12 years ago

I can duplicate your issue @anveo. I'm working on a fix.