Closed tomgie closed 4 years ago
Hi @tomgie,
Thanks for reporting this issue. From a quick look at the code it seems like your config would work for what you're trying to do, and it's not obvious to me what the issue might be. I'll try to reproduce it later today to figure it out.
Thanks, hopefully we can get this sorted out
I am not able to reproduce this issue. Here's my ACL section from webdis.json, matching yours:
$ jq .acl webdis.json
[
{
"disabled": [
"*"
]
},
{
"http_basic_auth": "username:pw",
"enabled": [
"*"
]
}
]
Running the server:
$ ./webdis webdis.json &
[1] 60581
Here's a request without auth, failing as expected:
$ curl -v http://127.0.0.1:7379/ping
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7379 (#0)
> GET /ping HTTP/1.1
> Host: 127.0.0.1:7379
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: Webdis
< Allow: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization
< Connection: Keep-Alive
< Content-Length: 0
<
* Connection #0 to host 127.0.0.1 left intact
Now with valid credentials, succeeding:
$ curl -v -u username:pw http://127.0.0.1:7379/ping
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7379 (#0)
* Server auth using Basic with user 'username'
> GET /ping HTTP/1.1
> Host: 127.0.0.1:7379
> Authorization: Basic dXNlcm5hbWU6cHc=
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Webdis
< Allow: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization
< Content-Type: application/json
< ETag: "98bfe03a3621cded1a1f125efe3a9c14"
< Connection: Keep-Alive
< Content-Length: 22
<
* Connection #0 to host 127.0.0.1 left intact
{"ping":[true,"PONG"]}
And invalid credentials, failing as expected:
$ curl -v -u username:incorrect_password http://127.0.0.1:7379/ping
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7379 (#0)
* Server auth using Basic with user 'username'
> GET /ping HTTP/1.1
> Host: 127.0.0.1:7379
> Authorization: Basic dXNlcm5hbWU6aW5jb3JyZWN0X3Bhc3N3b3Jk
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: Webdis
< Allow: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization
< Connection: Keep-Alive
< Content-Length: 0
<
* Connection #0 to host 127.0.0.1 left intact
I figured out what the problem was. It seems that setting a long password, (128 characters) breaks the authentication. Cutting the password down a decent amount seems to fix the problem.
Ah! Thanks a lot for this detail. The base-64 encoding of the expected basic auth value for the account was adding new lines every 72 characters, I changed this to a much larger value.
I published release 0.1.7 with this fix. Would you mind verifying it?
Everything seems to be working now. Thanks.
I tried to create a config that disables all commands to users that do not have the authentication correct, and enable those that do. Currently, this seems to not work as the disabled parameter overrides the auth parameter.
"acl":[ { "disabled": [ "*" ] }, { "http_basic_auth":"username:pw", "enabled": [ "*" ] } ]